HomePhabricator

kex: honor client preference for rsa-sha2-{256,512} host key algorithms

Authored by simonsj on Tue, Feb 5, 12:21 AM.

Description

kex: honor client preference for rsa-sha2-{256,512} host key algorithms

Ensure to honor the client preference ordering when enabling one of
the RFC8332 RSA signature extensions (rsa-sha2-{256,512}).

Before this change, libssh unconditionally selects the rsa-sha2-512
algorithm for clients which may have offered "rsa-sha2-256,rsa-sha2-512".

The change can be observed before-and-after with the pkd tests:

./pkd_hello -t torture_pkd_openssh_rsa_rsa_sha2_256_512

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

Details

Committed
asnThu, Feb 7, 1:54 PM
Parents
rLIBSSHc2077ab7752c: tests/pkd: repro rsa-sha2-{256,512} negotiation bug
Branches
Unknown
Tags
Unknown