upstream: Fix signature algorithm selection logic for

UpdateHostkeys on the server side. The previous code tried to prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some cases. This will use RSA/SHA2 signatures for RSA keys if the client proposed these algorithms in initial KEX. bz3375 Mostly by Dmitry Belyavskiy with some tweaks by me. ok markus@ OpenBSD-Commit-ID: c17ba0c3236340d2c6a248158ebed042ac6a8029
author: djm@openbsd.org <djm@openbsd.org> 2022-01-06 21:55:23 +0000
committer: Damien Miller <djm@mindrot.org> 2022-01-07 09:21:38 +1100
commit: 0fa33683223c76289470a954404047bc762be84c (patch)
tree: db67fda0913f4d40d102eb9c5f6a6c58d91e5ee8 /kex.h
parent: 17877bc81db3846e6e7d4cfb124d966bb9c9296b (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/kex.h b/kex.h
index f644e599..c3532950 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.116 2021/12/19 22:12:54 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.117 2022/01/06 21:55:23 djm Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -109,6 +109,8 @@ enum kex_exchange {
 #define KEX_INIT_SENT			0x0001
 #define KEX_INITIAL			0x0002
 #define KEX_HAS_PUBKEY_HOSTBOUND	0x0004
+#define KEX_RSA_SHA2_256_SUPPORTED 	0x0008 /* only set in server for now */
+#define KEX_RSA_SHA2_512_SUPPORTED 	0x0010 /* only set in server for now */
 
 struct sshenc {
 	char	*name;
author	djm@openbsd.org <djm@openbsd.org>	2022-01-06 21:55:23 +0000
committer	Damien Miller <djm@mindrot.org>	2022-01-07 09:21:38 +1100
commit	0fa33683223c76289470a954404047bc762be84c (patch)
tree	db67fda0913f4d40d102eb9c5f6a6c58d91e5ee8 /kex.h
parent	17877bc81db3846e6e7d4cfb124d966bb9c9296b (diff)