diff options
author | markus@openbsd.org <markus@openbsd.org> | 2015-12-04 16:41:28 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-12-07 12:38:58 +1100 |
commit | 76c9fbbe35aabc1db977fb78e827644345e9442e (patch) | |
tree | e7c85e7e1471f1bd00b3a50a58e315c055f40b86 /sshd.c | |
parent | 6064a8b8295cb5a17b5ebcfade53053377714f40 (diff) |
upstream commit
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
(user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
draft-ssh-ext-info-04.txt; with & ok djm@
Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 18 |
1 files changed, 13 insertions, 5 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.460 2015/11/16 22:51:05 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.461 2015/12/04 16:41:28 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -816,6 +816,12 @@ list_hostkey_types(void) | |||
816 | buffer_append(&b, ",", 1); | 816 | buffer_append(&b, ",", 1); |
817 | p = key_ssh_name(key); | 817 | p = key_ssh_name(key); |
818 | buffer_append(&b, p, strlen(p)); | 818 | buffer_append(&b, p, strlen(p)); |
819 | |||
820 | /* for RSA we also support SHA2 signatures */ | ||
821 | if (key->type == KEY_RSA) { | ||
822 | p = ",rsa-sha2-512,rsa-sha2-256"; | ||
823 | buffer_append(&b, p, strlen(p)); | ||
824 | } | ||
819 | break; | 825 | break; |
820 | } | 826 | } |
821 | /* If the private key has a cert peer, then list that too */ | 827 | /* If the private key has a cert peer, then list that too */ |
@@ -2507,24 +2513,26 @@ do_ssh1_kex(void) | |||
2507 | 2513 | ||
2508 | int | 2514 | int |
2509 | sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, size_t *slen, | 2515 | sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, size_t *slen, |
2510 | const u_char *data, size_t dlen, u_int flag) | 2516 | const u_char *data, size_t dlen, const char *alg, u_int flag) |
2511 | { | 2517 | { |
2512 | int r; | 2518 | int r; |
2513 | u_int xxx_slen, xxx_dlen = dlen; | 2519 | u_int xxx_slen, xxx_dlen = dlen; |
2514 | 2520 | ||
2515 | if (privkey) { | 2521 | if (privkey) { |
2516 | if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen) < 0)) | 2522 | if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen, |
2523 | alg) < 0)) | ||
2517 | fatal("%s: key_sign failed", __func__); | 2524 | fatal("%s: key_sign failed", __func__); |
2518 | if (slen) | 2525 | if (slen) |
2519 | *slen = xxx_slen; | 2526 | *slen = xxx_slen; |
2520 | } else if (use_privsep) { | 2527 | } else if (use_privsep) { |
2521 | if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen) < 0) | 2528 | if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen, |
2529 | alg) < 0) | ||
2522 | fatal("%s: pubkey_sign failed", __func__); | 2530 | fatal("%s: pubkey_sign failed", __func__); |
2523 | if (slen) | 2531 | if (slen) |
2524 | *slen = xxx_slen; | 2532 | *slen = xxx_slen; |
2525 | } else { | 2533 | } else { |
2526 | if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slen, | 2534 | if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slen, |
2527 | data, dlen, datafellows)) != 0) | 2535 | data, dlen, alg, datafellows)) != 0) |
2528 | fatal("%s: ssh_agent_sign failed: %s", | 2536 | fatal("%s: ssh_agent_sign failed: %s", |
2529 | __func__, ssh_err(r)); | 2537 | __func__, ssh_err(r)); |
2530 | } | 2538 | } |