Overview

File openssh-bsc1241045-kexalgo-gt-256bits.patch of Package openssh.38179

From 239da797cbf07a640d7b1ea02d3f99ace3ef792d Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Wed, 10 Nov 2021 06:25:08 +0000
Subject: [PATCH] upstream: fix ssh-keysign for KEX algorithms that use
 SHA384/512

exchange hashes; feedback/ok markus@

OpenBSD-Commit-ID: 09a8fda1c081f5de1e3128df64f28b7bdadee239
---
 ssh-keysign.c |    7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -80,10 +80,13 @@ valid_request(struct passwd *pw, char *h
 	if ((b = sshbuf_from(data, datalen)) == NULL)
 		fatal("%s: sshbuf_from failed", __func__);
 
-	/* session id, currently limited to SHA1 (20 bytes) or SHA256 (32) */
+	/* session id */
 	if ((r = sshbuf_get_string(b, NULL, &len)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	if (len != 20 && len != 32)
+	if (len != 20 && /* SHA1 */
+	    len != 32 && /* SHA256 */
+	    len != 48 && /* SHA384 */
+	    len != 64)   /* SHA512 */
 		fail++;
 
 	if ((r = sshbuf_get_u8(b, &type)) != 0)
openSUSE Build Service is sponsored by
Places