- dtucker@cvs.openbsd.org 2006/04/02 08:34:52

[ssh-keysign.c]
     sessionid can be 32 bytes now too when sha256 kex is used; ok djm@

ChangeLog

@@ -6,6 +6,12 @@
    - djm@cvs.openbsd.org 2006/04/01 05:50:29
      [scp.c]
      xasprintification; ok deraadt@
+   - djm@cvs.openbsd.org 2006/04/01 05:51:34
+     [atomicio.c]
+     ANSIfy; requested deraadt@
+   - dtucker@cvs.openbsd.org 2006/04/02 08:34:52
+     [ssh-keysign.c]
+     sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
 
 20060421
  - (djm) [Makefile.in configure.ac session.c sshpty.c]
@@ -4517,4 +4523,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.4304 2006/04/23 02:04:46 djm Exp $
+$Id: ChangeLog,v 1.4305 2006/04/23 02:05:32 djm Exp $

ssh-keysign.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.22 2006/03/25 13:17:02 djm Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.23 2006/04/02 08:34:52 dtucker Exp $ */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -68,9 +68,9 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
 	buffer_init(&b);
 	buffer_append(&b, data, datalen);
 
-	/* session id, currently limited to SHA1 (20 bytes) */
+	/* session id, currently limited to SHA1 (20 bytes) or SHA256 (32) */
 	p = buffer_get_string(&b, &len);
-	if (len != 20)
+	if (len != 20 && len != 32)
 		fail++;
 	xfree(p);