Attachment #3561 for bug #3375

Lines 883-888 proposals_match(char my[PROPOSAL_MAX], char peer[PROPOSAL_MAX]) Link Here

(-)a/kex.c (+22 lines)
883	return (1);	883	return (1);
884	}	884	}
885		885
		886	/* returns non-zero if proposal contains any algorithm from algs */
		887	static int
		888	has_any_alg(const char proposal, const char algs)
		889	{
		890	char *cp;
		891
		892	if ((cp = match_list(proposal, algs, NULL)) == NULL)
		893	return 0;
		894	free(cp);
		895	return 1;
		896	}
		897
886	static int	898	static int
887	kex_choose_conf(struct ssh *ssh)	899	kex_choose_conf(struct ssh *ssh)
888	{	900	{
Lines 918-923 kex_choose_conf(struct ssh *ssh) Link Here
918	free(ext);	930	free(ext);
919	}	931	}
920		932
		933	/* Check whether client supports rsa-sha2 algorithms */
		934	if (kex->server && (kex->flags & KEX_INITIAL)) {
		935	if (has_any_alg(peer[PROPOSAL_SERVER_HOST_KEY_ALGS],
		936	"rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com"))
		937	kex->flags \|= KEX_RSA_SHA2_256_SUPPORTED;
		938	if (has_any_alg(peer[PROPOSAL_SERVER_HOST_KEY_ALGS],
		939	"rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com"))
		940	kex->flags \|= KEX_RSA_SHA2_512_SUPPORTED;
		941	}
		942
921	/* Algorithm Negotiation */	943	/* Algorithm Negotiation */
922	if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS],	944	if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS],
923	sprop[PROPOSAL_KEX_ALGS])) != 0) {	945	sprop[PROPOSAL_KEX_ALGS])) != 0) {

Lines 102-107 enum kex_exchange { Link Here

(-)a/kex.h (+2 lines)
102	#define KEX_INIT_SENT 0x0001	102	#define KEX_INIT_SENT 0x0001
103	#define KEX_INITIAL 0x0002	103	#define KEX_INITIAL 0x0002
104	#define KEX_HAS_PUBKEY_HOSTBOUND 0x0004	104	#define KEX_HAS_PUBKEY_HOSTBOUND 0x0004
		105	#define KEX_RSA_SHA2_256_SUPPORTED 0x0008 /* only set in server for now */
		106	#define KEX_RSA_SHA2_512_SUPPORTED 0x0010 /* only set in server for now */
105		107
106	struct sshenc {	108	struct sshenc {
107	char *name;	109	char *name;




	struct sshbuf *resp = NULL;
	struct sshbuf *sigbuf = NULL;
	struct sshkey *key = NULL, *key_pub = NULL, *key_prv = NULL;
	int r, ndx, success = 0;
	const u_char *blob;
	const char *sigalg, *kex_rsa_sigalg = NULL;
	u_char *sig = 0;
	size_t blen, slen;

	if ((resp = sshbuf_new()) == NULL || (sigbuf = sshbuf_new()) == NULL)
		fatal_f("sshbuf_new");
	if (sshkey_type_plain(sshkey_type_from_name(
	    ssh->kex->hostkey_alg)) == KEY_RSA)
		kex_rsa_sigalg = ssh->kex->hostkey_alg;
	while (ssh_packet_remaining(ssh) > 0) {
		sshkey_free(key);
		key = NULL;

		 * For RSA keys, prefer to use the signature type negotiated
		 * during KEX to the default (SHA1).
		 */
		sigalg = NULL;
		if (sshkey_type_plain(key->type) == KEY_RSA) {
			if (kex_rsa_sigalg != NULL)
				sigalg = kex_rsa_sigalg;
			else if (ssh->kex->flags & KEX_RSA_SHA2_512_SUPPORTED)
				sigalg = "rsa-sha2-512";
			else if (ssh->kex->flags & KEX_RSA_SHA2_256_SUPPORTED)
				sigalg = "rsa-sha2-256";
		}
		debug3_f("sign %s key (index %d) using sigalg %s",
		    sshkey_type(key), ndx, sigalg == NULL ? "default" : sigalg);
		if ((r = sshbuf_put_cstring(sigbuf,
		    "hostkeys-prove-00@openssh.com")) != 0 ||
		    (r = sshbuf_put_stringb(sigbuf,
		    ssh->kex->session_id)) != 0 ||
		    (r = sshkey_puts(key, sigbuf)) != 0 ||
		    (r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen,
		    sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), sigalg)) != 0 ||
		    use_kexsigtype ? ssh->kex->hostkey_alg : NULL)) != 0 ||
		    (r = sshbuf_put_string(resp, sig, slen)) != 0) {
			error_fr(r, "assemble signature");
			goto out;

Return to bug 3375

Lines 674-689 server_input_hostkeys_prove(struct ssh ssh, struct sshbuf *respp) Link Here

(-)a/serverloop.c (-8 / +17 lines)
674	struct sshbuf *resp = NULL;	674	struct sshbuf *resp = NULL;
675	struct sshbuf *sigbuf = NULL;	675	struct sshbuf *sigbuf = NULL;
676	struct sshkey key = NULL, key_pub = NULL, *key_prv = NULL;	676	struct sshkey key = NULL, key_pub = NULL, *key_prv = NULL;
677	int r, ndx, kexsigtype, use_kexsigtype, success = 0;	677	int r, ndx, success = 0;
678	const u_char *blob;	678	const u_char *blob;
		679	const char sigalg, kex_rsa_sigalg = NULL;
679	u_char *sig = 0;	680	u_char *sig = 0;
680	size_t blen, slen;	681	size_t blen, slen;
681		682
682	if ((resp = sshbuf_new()) == NULL \|\| (sigbuf = sshbuf_new()) == NULL)	683	if ((resp = sshbuf_new()) == NULL \|\| (sigbuf = sshbuf_new()) == NULL)
683	fatal_f("sshbuf_new");	684	fatal_f("sshbuf_new");
684		685	if (sshkey_type_plain(sshkey_type_from_name(
685	kexsigtype = sshkey_type_plain(	686	ssh->kex->hostkey_alg)) == KEY_RSA)
686	sshkey_type_from_name(ssh->kex->hostkey_alg));	687	kex_rsa_sigalg = ssh->kex->hostkey_alg;
687	while (ssh_packet_remaining(ssh) > 0) {	688	while (ssh_packet_remaining(ssh) > 0) {
688	sshkey_free(key);	689	sshkey_free(key);
689	key = NULL;	690	key = NULL;
Lines 716-731 server_input_hostkeys_prove(struct ssh ssh, struct sshbuf *respp) Link Here
716	* For RSA keys, prefer to use the signature type negotiated	717	* For RSA keys, prefer to use the signature type negotiated
717	* during KEX to the default (SHA1).	718	* during KEX to the default (SHA1).
718	*/	719	*/
719	use_kexsigtype = kexsigtype == KEY_RSA &&	720	sigalg = NULL;
720	sshkey_type_plain(key->type) == KEY_RSA;	721	if (sshkey_type_plain(key->type) == KEY_RSA) {
		722	if (kex_rsa_sigalg != NULL)
		723	sigalg = kex_rsa_sigalg;
		724	else if (ssh->kex->flags & KEX_RSA_SHA2_512_SUPPORTED)
		725	sigalg = "rsa-sha2-512";
		726	else if (ssh->kex->flags & KEX_RSA_SHA2_256_SUPPORTED)
		727	sigalg = "rsa-sha2-256";
		728	}
		729	debug3_f("sign %s key (index %d) using sigalg %s",
		730	sshkey_type(key), ndx, sigalg == NULL ? "default" : sigalg);
721	if ((r = sshbuf_put_cstring(sigbuf,	731	if ((r = sshbuf_put_cstring(sigbuf,
722	"hostkeys-prove-00@openssh.com")) != 0 \|\|	732	"hostkeys-prove-00@openssh.com")) != 0 \|\|
723	(r = sshbuf_put_stringb(sigbuf,	733	(r = sshbuf_put_stringb(sigbuf,
724	ssh->kex->session_id)) != 0 \|\|	734	ssh->kex->session_id)) != 0 \|\|
725	(r = sshkey_puts(key, sigbuf)) != 0 \|\|	735	(r = sshkey_puts(key, sigbuf)) != 0 \|\|
726	(r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen,	736	(r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen,
727	sshbuf_ptr(sigbuf), sshbuf_len(sigbuf),	737	sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), sigalg)) != 0 \|\|
728	use_kexsigtype ? ssh->kex->hostkey_alg : NULL)) != 0 \|\|
729	(r = sshbuf_put_string(resp, sig, slen)) != 0) {	738	(r = sshbuf_put_string(resp, sig, slen)) != 0) {
730	error_fr(r, "assemble signature");	739	error_fr(r, "assemble signature");
731	goto out;	740	goto out;