diff options
author | Jon Simons <jon@jonsimons.org> | 2019-02-04 18:21:21 -0500 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-02-07 14:22:30 +0100 |
commit | a4948f62127859d2395b13c58cc3ada2699d00ff (patch) | |
tree | 2c441241675e01766ba7e4079a57edb106a638c5 | |
parent | e05e4ae9712b29eee2cd46021787889c95497a96 (diff) | |
download | libssh-a4948f62127859d2395b13c58cc3ada2699d00ff.tar.gz libssh-a4948f62127859d2395b13c58cc3ada2699d00ff.tar.xz libssh-a4948f62127859d2395b13c58cc3ada2699d00ff.zip |
kex: honor client preference for rsa-sha2-{256,512} host key algorithms
Ensure to honor the client preference ordering when enabling one of
the RFC8332 RSA signature extensions (`rsa-sha2-{256,512}`).
Before this change, libssh unconditionally selects the `rsa-sha2-512`
algorithm for clients which may have offered "rsa-sha2-256,rsa-sha2-512".
The change can be observed before-and-after with the pkd tests:
./pkd_hello -t torture_pkd_openssh_rsa_rsa_sha2_256_512
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 5d279a7ad7fc69c339ca89caf334b479ba787f70)
-rw-r--r-- | src/kex.c | 24 |
1 files changed, 24 insertions, 0 deletions
@@ -421,6 +421,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){ int server_kex=session->server; ssh_string str = NULL; char *strings[KEX_METHODS_SIZE] = {0}; + char *rsa_sig_ext = NULL; int rc = SSH_ERROR; uint8_t first_kex_packet_follows = 0; @@ -546,6 +547,29 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){ if (ok) { session->extensions |= SSH_EXT_SIG_RSA_SHA256; } + + /* + * Ensure that the client preference is honored for the case + * both signature types are enabled. + */ + if ((session->extensions & SSH_EXT_SIG_RSA_SHA256) && + (session->extensions & SSH_EXT_SIG_RSA_SHA512)) { + session->extensions &= ~(SSH_EXT_SIG_RSA_SHA256 | SSH_EXT_SIG_RSA_SHA512); + rsa_sig_ext = ssh_find_matching("rsa-sha2-512,rsa-sha2-256", + session->next_crypto->client_kex.methods[SSH_HOSTKEYS]); + if (rsa_sig_ext == NULL) { + goto error; /* should never happen */ + } else if (strcmp(rsa_sig_ext, "rsa-sha2-512") == 0) { + session->extensions |= SSH_EXT_SIG_RSA_SHA512; + } else if (strcmp(rsa_sig_ext, "rsa-sha2-256") == 0) { + session->extensions |= SSH_EXT_SIG_RSA_SHA256; + } else { + SAFE_FREE(rsa_sig_ext); + goto error; /* should never happen */ + } + SAFE_FREE(rsa_sig_ext); + } + SSH_LOG(SSH_LOG_DEBUG, "The client supports extension " "negotiation. Enabled signature algorithms: %s%s", session->extensions & SSH_EXT_SIG_RSA_SHA256 ? "SHA256" : "", |