diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-06-09 01:04:32 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-06-13 14:37:39 +0200 |
commit | 1b7146e28f6816055d5b05861376eda39aa205c4 (patch) | |
tree | 94c29c72fcf5fdcbbbaf48ea773871ffd70c541e /src | |
parent | a3ddc48cb02c5e5835e24a9280da3bbfe7f30e5d (diff) | |
download | libssh-1b7146e28f6816055d5b05861376eda39aa205c4.tar.gz libssh-1b7146e28f6816055d5b05861376eda39aa205c4.tar.xz libssh-1b7146e28f6816055d5b05861376eda39aa205c4.zip |
server: Send only allowed algorithms in extension
Send only allowed algorithms in server-sig-algs extension if in FIPS
mode.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/server.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/server.c b/src/server.c index f5a12bdf..11cc78f0 100644 --- a/src/server.c +++ b/src/server.c @@ -211,8 +211,12 @@ static int ssh_server_send_extensions(ssh_session session) { if (session->opts.pubkey_accepted_types) { hostkey_algorithms = session->opts.pubkey_accepted_types; } else { - /* There are no restrictions to the accepted public keys */ - hostkey_algorithms = ssh_kex_get_default_methods(SSH_HOSTKEYS); + if (ssh_fips_mode()) { + hostkey_algorithms = ssh_kex_get_fips_methods(SSH_HOSTKEYS); + } else { + /* There are no restrictions to the accepted public keys */ + hostkey_algorithms = ssh_kex_get_default_methods(SSH_HOSTKEYS); + } } rc = ssh_buffer_pack(session->out_buffer, |