upstream: Explicitly specify the signature algorithm when signing

hostkeys-prove requests.

Fixes a corner-case triggered by UpdateHostKeys with one or more unknown
host keys stored in ssh-agent where sshd refuses to accept the signature
coming back from the agent.

Report/fix from Maxime Rey

OpenBSD-Commit-ID: 460c7d527a24f92b7e5f68ca1a2fa242ebf0d086

diff --git a/serverloop.c b/serverloop.c
index 757cc6f0244e7bf1acc61e18633e190fef7f9ed5..40ddfb042b49b57550c4073b4a44e61635b141ef 100644 (file)
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.240 2024/06/17 08:28:31 djm Exp $ */
+/* $OpenBSD: serverloop.c,v 1.241 2024/11/26 22:01:37 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -690,7 +690,7 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
                 * For RSA keys, prefer to use the signature type negotiated
                 * during KEX to the default (SHA1).
                 */
-               sigalg = NULL;
+               sigalg = sshkey_ssh_name(key);
                if (sshkey_type_plain(key->type) == KEY_RSA) {
                        if (kex_rsa_sigalg != NULL)
                                sigalg = kex_rsa_sigalg;
@@ -699,6 +699,7 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
                        else if (ssh->kex->flags & KEX_RSA_SHA2_256_SUPPORTED)
                                sigalg = "rsa-sha2-256";
                }
+
                debug3_f("sign %s key (index %d) using sigalg %s",
                    sshkey_type(key), ndx, sigalg == NULL ? "default" : sigalg);
                if ((r = sshbuf_put_cstring(sigbuf,