upstream commit

list all supported signature algorithms in the
server-sig-algs Reported by mb AT smartftp.com in bz#2547 and (independantly)
Ron Frederick; ok markus@

Upstream-ID: ddf702d721f54646b11ef2cee6d916666cb685cd

kex.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.120 2016/09/12 01:22:38 deraadt Exp $ */
+/* $OpenBSD: kex.c,v 1.121 2016/09/12 23:31:27 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -340,13 +340,20 @@ static int
 kex_send_ext_info(struct ssh *ssh)
 {
 	int r;
+	char *algs;
 
+	if ((algs = sshkey_alg_list(0, 1, ',')) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
 	if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 ||
 	    (r = sshpkt_put_u32(ssh, 1)) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 ||
-	    (r = sshpkt_put_cstring(ssh, "rsa-sha2-256,rsa-sha2-512")) != 0 ||
+	    (r = sshpkt_put_cstring(ssh, algs)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0)
-		return r;
+		goto out;
+	/* success */
+	r = 0;
+ out:
+	free(algs);
 	return 0;
 }
 

key.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: key.h,v 1.49 2015/12/04 16:41:28 markus Exp $ */
+/* $OpenBSD: key.h,v 1.50 2016/09/12 23:31:27 djm Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -74,7 +74,6 @@ int	 key_certify(Key *, Key *);
 void	 key_cert_copy(const Key *, Key *);
 int	 key_cert_check_authority(const Key *, int, int, const char *,
 	    const char **);
-char	*key_alg_list(int, int);
 
 #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
 int	 key_ec_validate_public(const EC_GROUP *, const EC_POINT *);

ssh.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.445 2016/07/17 04:20:16 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.446 2016/09/12 23:31:27 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -685,11 +685,11 @@ main(int ac, char **av)
 			else if (strcmp(optarg, "kex") == 0)
 				cp = kex_alg_list('\n');
 			else if (strcmp(optarg, "key") == 0)
-				cp = key_alg_list(0, 0);
+				cp = sshkey_alg_list(0, 0, '\n');
 			else if (strcmp(optarg, "key-cert") == 0)
-				cp = key_alg_list(1, 0);
+				cp = sshkey_alg_list(1, 0, '\n');
 			else if (strcmp(optarg, "key-plain") == 0)
-				cp = key_alg_list(0, 1);
+				cp = sshkey_alg_list(0, 1, '\n');
 			else if (strcmp(optarg, "protocol-version") == 0) {
 #ifdef WITH_SSH1
 				cp = xstrdup("1\n2");

sshkey.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.37 2016/09/12 01:22:38 deraadt Exp $ */
+/* $OpenBSD: sshkey.c,v 1.38 2016/09/12 23:31:27 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -195,7 +195,7 @@ sshkey_ecdsa_nid_from_name(const char *name)
 }
 
 char *
-key_alg_list(int certs_only, int plain_only)
+sshkey_alg_list(int certs_only, int plain_only, char sep)
 {
 	char *tmp, *ret = NULL;
 	size_t nlen, rlen = 0;
@@ -207,7 +207,7 @@ key_alg_list(int certs_only, int plain_only)
 		if ((certs_only && !kt->cert) || (plain_only && kt->cert))
 			continue;
 		if (ret != NULL)
-			ret[rlen++] = '\n';
+			ret[rlen++] = sep;
 		nlen = strlen(kt->name);
 		if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) {
 			free(ret);

sshkey.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.h,v 1.13 2016/05/02 09:36:42 djm Exp $ */
+/* $OpenBSD: sshkey.h,v 1.14 2016/09/12 23:31:27 djm Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -156,7 +156,7 @@ int		 sshkey_ec_validate_private(const EC_KEY *);
 const char	*sshkey_ssh_name(const struct sshkey *);
 const char	*sshkey_ssh_name_plain(const struct sshkey *);
 int		 sshkey_names_valid2(const char *, int);
-char		*key_alg_list(int, int);
+char		*sshkey_alg_list(int, int, char);
 
 int	 sshkey_from_blob(const u_char *, size_t, struct sshkey **);
 int	 sshkey_fromb(struct sshbuf *, struct sshkey **);