aboutsummaryrefslogtreecommitdiff
path: root/src/pki.c
diff options
context:
space:
mode:
authorAnderson Toshiyuki Sasaki <ansasaki@redhat.com>2019-05-06 17:33:25 +0200
committerAndreas Schneider <asn@cryptomilk.org>2019-05-13 16:37:51 +0200
commite775182c2e07bed49e94733cc36e05d2f720d3cf (patch)
treef1ce182cbd85ae39d790f43cd7fd9a4176289072 /src/pki.c
parent76f9808eb2fa83376981cebba63b467fa3a8c4be (diff)
downloadlibssh-e775182c2e07bed49e94733cc36e05d2f720d3cf.tar.gz
libssh-e775182c2e07bed49e94733cc36e05d2f720d3cf.tar.xz
libssh-e775182c2e07bed49e94733cc36e05d2f720d3cf.zip
pki: Make DSA signature to use SHA1 instead of AUTO
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/pki.c')
-rw-r--r--src/pki.c16
1 files changed, 14 insertions, 2 deletions
diff --git a/src/pki.c b/src/pki.c
index 911b75f5..9dbcd317 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -286,6 +286,8 @@ static enum ssh_digest_e ssh_key_hash_from_name(const char *name)
if (strcmp(name, "ssh-rsa") == 0) {
return SSH_DIGEST_SHA1;
+ } else if (strcmp(name, "ssh-dss") == 0) {
+ return SSH_DIGEST_SHA1;
} else if (strcmp(name, "rsa-sha2-256") == 0) {
return SSH_DIGEST_SHA256;
} else if (strcmp(name, "rsa-sha2-512") == 0) {
@@ -300,6 +302,8 @@ static enum ssh_digest_e ssh_key_hash_from_name(const char *name)
return SSH_DIGEST_AUTO;
}
+ SSH_LOG(SSH_LOG_WARN, "Unknown signature name %s", name);
+
/* TODO we should rather fail */
return SSH_DIGEST_AUTO;
}
@@ -340,6 +344,8 @@ enum ssh_digest_e ssh_key_type_to_hash(ssh_session session,
enum ssh_keytypes_e type)
{
switch (type) {
+ case SSH_KEYTYPE_DSS:
+ return SSH_DIGEST_SHA1;
case SSH_KEYTYPE_RSA:
if (ssh_key_algorithm_allowed(session, "rsa-sha2-512") &&
(session->extensions & SSH_EXT_SIG_RSA_SHA512)) {
@@ -363,9 +369,15 @@ enum ssh_digest_e ssh_key_type_to_hash(ssh_session session,
case SSH_KEYTYPE_ECDSA_P521_CERT01:
case SSH_KEYTYPE_ECDSA_P521:
return SSH_DIGEST_SHA512;
- default:
- /* Other key types use the default value (not used) */
+ case SSH_KEYTYPE_ED25519_CERT01:
+ case SSH_KEYTYPE_ED25519:
return SSH_DIGEST_AUTO;
+ case SSH_KEYTYPE_RSA1:
+ case SSH_KEYTYPE_ECDSA:
+ case SSH_KEYTYPE_UNKNOWN:
+ default:
+ SSH_LOG(SSH_LOG_WARN, "Digest algorithm to be used with key type %u "
+ "is not defined", type);
}
/* We should never reach this */