diff options
author | Jon Simons <jon@jonsimons.org> | 2019-02-04 18:21:21 -0500 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-02-07 13:54:22 +0100 |
commit | 5d279a7ad7fc69c339ca89caf334b479ba787f70 (patch) | |
tree | 829511ff49f1434ed9f593a31c2d394f42895985 /src/kex.c | |
parent | c2077ab7752c9d1fa149d7b5337d9e4aaeb96188 (diff) | |
download | libssh-5d279a7ad7fc69c339ca89caf334b479ba787f70.tar.gz libssh-5d279a7ad7fc69c339ca89caf334b479ba787f70.tar.xz libssh-5d279a7ad7fc69c339ca89caf334b479ba787f70.zip |
kex: honor client preference for rsa-sha2-{256,512} host key algorithms
Ensure to honor the client preference ordering when enabling one of
the RFC8332 RSA signature extensions (`rsa-sha2-{256,512}`).
Before this change, libssh unconditionally selects the `rsa-sha2-512`
algorithm for clients which may have offered "rsa-sha2-256,rsa-sha2-512".
The change can be observed before-and-after with the pkd tests:
./pkd_hello -t torture_pkd_openssh_rsa_rsa_sha2_256_512
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/kex.c')
-rw-r--r-- | src/kex.c | 24 |
1 files changed, 24 insertions, 0 deletions
@@ -456,6 +456,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit) int server_kex = session->server; ssh_string str = NULL; char *strings[KEX_METHODS_SIZE] = {0}; + char *rsa_sig_ext = NULL; int rc = SSH_ERROR; uint8_t first_kex_packet_follows = 0; @@ -581,6 +582,29 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit) if (ok) { session->extensions |= SSH_EXT_SIG_RSA_SHA256; } + + /* + * Ensure that the client preference is honored for the case + * both signature types are enabled. + */ + if ((session->extensions & SSH_EXT_SIG_RSA_SHA256) && + (session->extensions & SSH_EXT_SIG_RSA_SHA512)) { + session->extensions &= ~(SSH_EXT_SIG_RSA_SHA256 | SSH_EXT_SIG_RSA_SHA512); + rsa_sig_ext = ssh_find_matching("rsa-sha2-512,rsa-sha2-256", + session->next_crypto->client_kex.methods[SSH_HOSTKEYS]); + if (rsa_sig_ext == NULL) { + goto error; /* should never happen */ + } else if (strcmp(rsa_sig_ext, "rsa-sha2-512") == 0) { + session->extensions |= SSH_EXT_SIG_RSA_SHA512; + } else if (strcmp(rsa_sig_ext, "rsa-sha2-256") == 0) { + session->extensions |= SSH_EXT_SIG_RSA_SHA256; + } else { + SAFE_FREE(rsa_sig_ext); + goto error; /* should never happen */ + } + SAFE_FREE(rsa_sig_ext); + } + SSH_LOG(SSH_LOG_DEBUG, "The client supports extension " "negotiation. Enabled signature algorithms: %s%s", session->extensions & SSH_EXT_SIG_RSA_SHA256 ? "SHA256" : "", |