aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAnderson Toshiyuki Sasaki <ansasaki@redhat.com>2019-06-09 01:04:32 +0200
committerAndreas Schneider <asn@cryptomilk.org>2019-06-13 14:37:39 +0200
commit1b7146e28f6816055d5b05861376eda39aa205c4 (patch)
tree94c29c72fcf5fdcbbbaf48ea773871ffd70c541e /src
parenta3ddc48cb02c5e5835e24a9280da3bbfe7f30e5d (diff)
downloadlibssh-1b7146e28f6816055d5b05861376eda39aa205c4.tar.gz
libssh-1b7146e28f6816055d5b05861376eda39aa205c4.tar.xz
libssh-1b7146e28f6816055d5b05861376eda39aa205c4.zip
server: Send only allowed algorithms in extension
Send only allowed algorithms in server-sig-algs extension if in FIPS mode. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r--src/server.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/server.c b/src/server.c
index f5a12bdf..11cc78f0 100644
--- a/src/server.c
+++ b/src/server.c
@@ -211,8 +211,12 @@ static int ssh_server_send_extensions(ssh_session session) {
if (session->opts.pubkey_accepted_types) {
hostkey_algorithms = session->opts.pubkey_accepted_types;
} else {
- /* There are no restrictions to the accepted public keys */
- hostkey_algorithms = ssh_kex_get_default_methods(SSH_HOSTKEYS);
+ if (ssh_fips_mode()) {
+ hostkey_algorithms = ssh_kex_get_fips_methods(SSH_HOSTKEYS);
+ } else {
+ /* There are no restrictions to the accepted public keys */
+ hostkey_algorithms = ssh_kex_get_default_methods(SSH_HOSTKEYS);
+ }
}
rc = ssh_buffer_pack(session->out_buffer,