aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/kex.c19
-rw-r--r--tests/pkd/pkd_daemon.c33
2 files changed, 30 insertions, 22 deletions
diff --git a/src/kex.c b/src/kex.c
index c2c59de2..1df22830 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -168,16 +168,17 @@
#define CHACHA20 "chacha20-poly1305@openssh.com,"
-#define KEY_EXCHANGE \
+#define DEFAULT_KEY_EXCHANGE \
CURVE25519 \
ECDH \
"diffie-hellman-group18-sha512,diffie-hellman-group16-sha512," \
GEX_SHA256 \
- "diffie-hellman-group14-sha256," \
- "diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
+ "diffie-hellman-group14-sha256" \
+
#define KEY_EXCHANGE_SUPPORTED \
GEX_SHA1 \
- KEY_EXCHANGE
+ DEFAULT_KEY_EXCHANGE \
+ ",diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
/* RFC 8308 */
#define KEX_EXTENSION_CLIENT "ext-info-c"
@@ -231,12 +232,12 @@ static const char *fips_methods[] = {
/* NOTE: This is a fixed API and the index is defined by ssh_kex_types_e */
static const char *default_methods[] = {
- KEY_EXCHANGE,
+ DEFAULT_KEY_EXCHANGE,
DEFAULT_PUBLIC_KEY_ALGORITHMS,
- CHACHA20 AES DES,
- CHACHA20 AES DES,
- "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1",
- "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1",
+ CHACHA20 AES,
+ CHACHA20 AES,
+ "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512",
+ "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512",
"none",
"none",
"",
diff --git a/tests/pkd/pkd_daemon.c b/tests/pkd/pkd_daemon.c
index 239bdd36..5325a5de 100644
--- a/tests/pkd/pkd_daemon.c
+++ b/tests/pkd/pkd_daemon.c
@@ -247,10 +247,9 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args)
int level = args->opts.libssh_log_level;
enum pkd_hostkey_type_e type = args->type;
const char *hostkeypath = args->hostkeypath;
- const char *default_kex = NULL;
- char *all_kex = NULL;
- size_t kex_len = 0;
+ const char *all_kex = NULL;
const char *all_ciphers = NULL;
+ const char *all_macs = NULL;
const uint64_t rekey_data_limit = args->rekey_data_limit;
bool process_config = false;
@@ -302,17 +301,10 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args)
if (!ssh_fips_mode()) {
const char *all_hostkeys = NULL;
/* Add methods not enabled by default */
-#define GEX_SHA1 "diffie-hellman-group-exchange-sha1"
- default_kex = ssh_kex_get_default_methods(SSH_KEX);
- kex_len = strlen(default_kex) + strlen(GEX_SHA1) + 2;
- all_kex = malloc(kex_len);
- if (all_kex == NULL) {
- pkderr("Failed to alloc more memory.\n");
- goto outclose;
- }
- snprintf(all_kex, kex_len, "%s," GEX_SHA1, default_kex);
+
+ /* Enable all supported key exchange methods */
+ all_kex = ssh_kex_get_supported_method(SSH_KEX);
rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_KEY_EXCHANGE, all_kex);
- free(all_kex);
if (rc != 0) {
pkderr("ssh_bind_options_set kex methods: %s\n", ssh_get_error(b));
goto outclose;
@@ -341,6 +333,21 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args)
goto outclose;
}
+ /* Enable all message authentication codes */
+ all_macs = ssh_kex_get_supported_method(SSH_MAC_C_S);
+ rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_HMAC_C_S, all_macs);
+ if (rc != 0) {
+ pkderr("ssh_bind_options_set MACs C-S: %s\n", ssh_get_error(b));
+ goto outclose;
+ }
+
+ all_macs = ssh_kex_get_supported_method(SSH_MAC_S_C);
+ rc = ssh_bind_options_set(b, SSH_BIND_OPTIONS_HMAC_S_C, all_macs);
+ if (rc != 0) {
+ pkderr("ssh_bind_options_set MACs S-C: %s\n", ssh_get_error(b));
+ goto outclose;
+ }
+
}
s = ssh_new();