diff options
author | Jakub Jelen <jjelen@redhat.com> | 2019-05-29 13:47:41 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-06-13 11:00:56 +0200 |
commit | 53cee7c9a3b5bd7d6342d0fc8240da133a924d18 (patch) | |
tree | 45b5f2f5edb5d9b6335aedee0b09067fb9bcf3b1 /src/kex.c | |
parent | f64c3dec74a62a24340fa6f05b4655572056ac6a (diff) | |
download | libssh-53cee7c9a3b5bd7d6342d0fc8240da133a924d18.tar.gz libssh-53cee7c9a3b5bd7d6342d0fc8240da133a924d18.tar.xz libssh-53cee7c9a3b5bd7d6342d0fc8240da133a924d18.zip |
kex: List also certificate types in list of allowed public key algorithms
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/kex.c')
-rw-r--r-- | src/kex.c | 45 |
1 files changed, 35 insertions, 10 deletions
@@ -107,16 +107,38 @@ #ifdef HAVE_ECDH #define ECDH "ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521," -#define PUBLIC_KEY_ALGORITHMS "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss" +#define EC_HOSTKEYS "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256," +#define EC_PUBLIC_KEY_ALGORITHMS "ecdsa-sha2-nistp521-cert-v01@openssh.com," \ + "ecdsa-sha2-nistp384-cert-v01@openssh.com," \ + "ecdsa-sha2-nistp256-cert-v01@openssh.com," #else +#define EC_HOSTKEYS "" +#define EC_PUBLIC_KEY_ALGORITHMS "" +#define ECDH "" +#endif + #ifdef HAVE_DSA -#define PUBLIC_KEY_ALGORITHMS "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss" +#define DSA_HOSTKEYS ",ssh-dss" +#define DSA_PUBLIC_KEY_ALGORITHMS ",ssh-dss-cert-v01@openssh.com" #else -#define PUBLIC_KEY_ALGORITHMS "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa" -#endif -#define ECDH "" +#define DSA_HOSTKEYS "" +#define DSA_PUBLIC_KEY_ALGORITHMS "" #endif +#define HOSTKEYS "ssh-ed25519," \ + EC_HOSTKEYS \ + "rsa-sha2-512," \ + "rsa-sha2-256," \ + "ssh-rsa" \ + DSA_HOSTKEYS +#define PUBLIC_KEY_ALGORITHMS "ssh-ed25519-cert-v01@openssh.com," \ + EC_PUBLIC_KEY_ALGORITHMS \ + "rsa-sha2-512-cert-v01@openssh.com," \ + "rsa-sha2-256-cert-v01@openssh.com," \ + "ssh-rsa-cert-v01@openssh.com" \ + DSA_PUBLIC_KEY_ALGORITHMS "," \ + HOSTKEYS + #ifdef WITH_GEX #define GEX_SHA256 "diffie-hellman-group-exchange-sha256," #define GEX_SHA1 "diffie-hellman-group-exchange-sha1," @@ -150,11 +172,14 @@ "aes128-ctr,"\ "aes128-cbc" -#define FIPS_ALLOWED_PUBLIC_KEY_ALGORITHMS "ecdsa-sha2-nistp521,"\ - "ecdsa-sha2-nistp384,"\ - "ecdsa-sha2-nistp256,"\ - "rsa-sha2-512,"\ - "rsa-sha2-256" +#define FIPS_ALLOWED_HOSTKEYS EC_HOSTKEYS \ + "rsa-sha2-512," \ + "rsa-sha2-256" + +#define FIPS_ALLOWED_PUBLIC_KEY_ALGORITHMS EC_PUBLIC_KEY_ALGORITHMS \ + "rsa-sha2-512-cert-v01@openssh.com," \ + "rsa-sha2-256-cert-v01@openssh.com," \ + FIPS_ALLOWED_HOSTKEYS #define FIPS_ALLOWED_KEX "ecdh-sha2-nistp256,"\ "ecdh-sha2-nistp384,"\ |