diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2022-01-06 22:55:23 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2022-01-06 23:21:38 +0100 |
| commit | 0fa33683223c76289470a954404047bc762be84c (patch) | |
| tree | db67fda0913f4d40d102eb9c5f6a6c58d91e5ee8 /kex.h | |
| parent | upstream: convert ssh, sshd mainloops from select() to poll(); (diff) | |
| download | openssh-0fa33683223c76289470a954404047bc762be84c.tar.xz openssh-0fa33683223c76289470a954404047bc762be84c.zip | |
upstream: Fix signature algorithm selection logic for
UpdateHostkeys on the server side. The previous code tried to prefer RSA/SHA2
for hostkey proofs of RSA keys, but missed some cases. This will use RSA/SHA2
signatures for RSA keys if the client proposed these algorithms in initial
KEX. bz3375
Mostly by Dmitry Belyavskiy with some tweaks by me.
ok markus@
OpenBSD-Commit-ID: c17ba0c3236340d2c6a248158ebed042ac6a8029
Diffstat (limited to 'kex.h')
| -rw-r--r-- | kex.h | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.116 2021/12/19 22:12:54 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.117 2022/01/06 21:55:23 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -109,6 +109,8 @@ enum kex_exchange { #define KEX_INIT_SENT 0x0001 #define KEX_INITIAL 0x0002 #define KEX_HAS_PUBKEY_HOSTBOUND 0x0004 +#define KEX_RSA_SHA2_256_SUPPORTED 0x0008 /* only set in server for now */ +#define KEX_RSA_SHA2_512_SUPPORTED 0x0010 /* only set in server for now */ struct sshenc { char *name; |