diff options
| author | markus@openbsd.org <markus@openbsd.org> | 2015-12-04 16:41:28 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-12-07 12:38:58 +1100 |
| commit | 76c9fbbe35aabc1db977fb78e827644345e9442e (patch) | |
| tree | e7c85e7e1471f1bd00b3a50a58e315c055f40b86 /sshd.c | |
| parent | 6064a8b8295cb5a17b5ebcfade53053377714f40 (diff) | |
upstream commit
implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
(user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
draft-ssh-ext-info-04.txt; with & ok djm@
Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 18 |
1 files changed, 13 insertions, 5 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshd.c,v 1.460 2015/11/16 22:51:05 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.461 2015/12/04 16:41:28 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -816,6 +816,12 @@ list_hostkey_types(void) | |||
| 816 | buffer_append(&b, ",", 1); | 816 | buffer_append(&b, ",", 1); |
| 817 | p = key_ssh_name(key); | 817 | p = key_ssh_name(key); |
| 818 | buffer_append(&b, p, strlen(p)); | 818 | buffer_append(&b, p, strlen(p)); |
| 819 | |||
| 820 | /* for RSA we also support SHA2 signatures */ | ||
| 821 | if (key->type == KEY_RSA) { | ||
| 822 | p = ",rsa-sha2-512,rsa-sha2-256"; | ||
| 823 | buffer_append(&b, p, strlen(p)); | ||
| 824 | } | ||
| 819 | break; | 825 | break; |
| 820 | } | 826 | } |
| 821 | /* If the private key has a cert peer, then list that too */ | 827 | /* If the private key has a cert peer, then list that too */ |
| @@ -2507,24 +2513,26 @@ do_ssh1_kex(void) | |||
| 2507 | 2513 | ||
| 2508 | int | 2514 | int |
| 2509 | sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, size_t *slen, | 2515 | sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, size_t *slen, |
| 2510 | const u_char *data, size_t dlen, u_int flag) | 2516 | const u_char *data, size_t dlen, const char *alg, u_int flag) |
| 2511 | { | 2517 | { |
| 2512 | int r; | 2518 | int r; |
| 2513 | u_int xxx_slen, xxx_dlen = dlen; | 2519 | u_int xxx_slen, xxx_dlen = dlen; |
| 2514 | 2520 | ||
| 2515 | if (privkey) { | 2521 | if (privkey) { |
| 2516 | if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen) < 0)) | 2522 | if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen, |
| 2523 | alg) < 0)) | ||
| 2517 | fatal("%s: key_sign failed", __func__); | 2524 | fatal("%s: key_sign failed", __func__); |
| 2518 | if (slen) | 2525 | if (slen) |
| 2519 | *slen = xxx_slen; | 2526 | *slen = xxx_slen; |
| 2520 | } else if (use_privsep) { | 2527 | } else if (use_privsep) { |
| 2521 | if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen) < 0) | 2528 | if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen, |
| 2529 | alg) < 0) | ||
| 2522 | fatal("%s: pubkey_sign failed", __func__); | 2530 | fatal("%s: pubkey_sign failed", __func__); |
| 2523 | if (slen) | 2531 | if (slen) |
| 2524 | *slen = xxx_slen; | 2532 | *slen = xxx_slen; |
| 2525 | } else { | 2533 | } else { |
| 2526 | if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slen, | 2534 | if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slen, |
| 2527 | data, dlen, datafellows)) != 0) | 2535 | data, dlen, alg, datafellows)) != 0) |
| 2528 | fatal("%s: ssh_agent_sign failed: %s", | 2536 | fatal("%s: ssh_agent_sign failed: %s", |
| 2529 | __func__, ssh_err(r)); | 2537 | __func__, ssh_err(r)); |
| 2530 | } | 2538 | } |