lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-30 13:01:23 +03:00
Code Activity

kex: honor client preference for rsa-sha2-{256,512} host key algorithms

Browse Source 
Ensure to honor the client preference ordering when enabling one of
the RFC8332 RSA signature extensions (`rsa-sha2-{256,512}`).

Before this change, libssh unconditionally selects the `rsa-sha2-512`
algorithm for clients which may have offered "rsa-sha2-256,rsa-sha2-512".

The change can be observed before-and-after with the pkd tests:

    ./pkd_hello -t torture_pkd_openssh_rsa_rsa_sha2_256_512

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jon Simons
2019-02-04 18:21:21 -05:00
committed by Andreas Schneider
parent c2077ab775
commit 5d279a7ad7
1 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/kex.c
View File

@@ -456,6 +456,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
int server_kex = session->server; int server_kex = session->server;
ssh_string str = NULL; ssh_string str = NULL;
char *strings[KEX_METHODS_SIZE] = {0}; char *strings[KEX_METHODS_SIZE] = {0};
char *rsa_sig_ext = NULL;
int rc = SSH_ERROR; int rc = SSH_ERROR;
uint8_t first_kex_packet_follows = 0; uint8_t first_kex_packet_follows = 0;
@@ -581,6 +582,29 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
if (ok) { if (ok) {
session->extensions |= SSH_EXT_SIG_RSA_SHA256; session->extensions |= SSH_EXT_SIG_RSA_SHA256;
} }
/*
* Ensure that the client preference is honored for the case
* both signature types are enabled.
*/
if ((session->extensions & SSH_EXT_SIG_RSA_SHA256) &&
(session->extensions & SSH_EXT_SIG_RSA_SHA512)) {
session->extensions &= ~(SSH_EXT_SIG_RSA_SHA256 | SSH_EXT_SIG_RSA_SHA512);
rsa_sig_ext = ssh_find_matching("rsa-sha2-512,rsa-sha2-256",
session->next_crypto->client_kex.methods[SSH_HOSTKEYS]);
if (rsa_sig_ext == NULL) {
goto error; /* should never happen */
} else if (strcmp(rsa_sig_ext, "rsa-sha2-512") == 0) {
session->extensions |= SSH_EXT_SIG_RSA_SHA512;
} else if (strcmp(rsa_sig_ext, "rsa-sha2-256") == 0) {
session->extensions |= SSH_EXT_SIG_RSA_SHA256;
} else {
SAFE_FREE(rsa_sig_ext);
goto error; /* should never happen */
}
SAFE_FREE(rsa_sig_ext);
}
SSH_LOG(SSH_LOG_DEBUG, "The client supports extension " SSH_LOG(SSH_LOG_DEBUG, "The client supports extension "
"negotiation. Enabled signature algorithms: %s%s", "negotiation. Enabled signature algorithms: %s%s",
session->extensions & SSH_EXT_SIG_RSA_SHA256 ? "SHA256" : "", session->extensions & SSH_EXT_SIG_RSA_SHA256 ? "SHA256" : "",