lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-14 04:18:54 +03:00
Code Activity

server: Send only allowed algorithms in extension

Browse Source 
Send only allowed algorithms in server-sig-algs extension if in FIPS
mode.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Anderson Toshiyuki Sasaki
2019-06-09 01:04:32 +02:00
committed by Andreas Schneider
parent a3ddc48cb0
commit 1b7146e28f
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/server.c
View File

@@ -210,10 +210,14 @@ static int ssh_server_send_extensions(ssh_session session) {
if (session->opts.pubkey_accepted_types) { if (session->opts.pubkey_accepted_types) {
hostkey_algorithms = session->opts.pubkey_accepted_types; hostkey_algorithms = session->opts.pubkey_accepted_types;
} else {
if (ssh_fips_mode()) {
hostkey_algorithms = ssh_kex_get_fips_methods(SSH_HOSTKEYS);
} else { } else {
/* There are no restrictions to the accepted public keys */ /* There are no restrictions to the accepted public keys */
hostkey_algorithms = ssh_kex_get_default_methods(SSH_HOSTKEYS); hostkey_algorithms = ssh_kex_get_default_methods(SSH_HOSTKEYS);
} }
}
rc = ssh_buffer_pack(session->out_buffer, rc = ssh_buffer_pack(session->out_buffer,
"bdss", "bdss",