Attachment #2961 for bug #2650

View | Details | Raw Unified | Return to bug 2650
Collapse All | Expand All




}

/*
 * Returns non-zero if the key is accepted by HostkeyAlgorithms.
 * Made slightly less trivial by the multiple RSA signature algorithm names.
 */
static int
key_accepted_by_hostkeyalgs(const struct sshkey *key)
{
	const char *ktype = sshkey_ssh_name(key);
	const char *hostkeyalgs = options.hostkeyalgorithms != NULL ?
	    options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG;

	if (key == NULL || key->type == KEY_UNSPEC)
		return 0;
	if (key->type == KEY_RSA &&
	    (match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 ||
	    match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1))
		return 1;
	return match_pattern_list(ktype, hostkeyalgs, 0) == 1;
}

/*
 * Handle hostkeys-00@openssh.com global request to inform the client of all
 * the server's hostkeys. The keys are checked against the user's
 * HostkeyAlgorithms preference before they are accepted.

		    sshkey_type(key), fp);
		free(fp);

		if (!key_accepted_by_hostkeyalgs(key)) {
		if (match_pattern_list(sshkey_ssh_name(key),
		    options.hostkeyalgorithms ? options.hostkeyalgorithms :
		    KEX_DEFAULT_PK_ALG, 0) != 1) {
			debug3("%s: %s key not permitted by HostkeyAlgorithms",
			    __func__, sshkey_ssh_name(key));
			continue;

Return to bug 2650

Lines 2373-2378 client_global_hostkeys_private_confirm(i Link Here

(-)clientloop.c (-4 / +21 lines)
2373	}	2373	}
2374		2374
2375	/*	2375	/*
		2376	* Returns non-zero if the key is accepted by HostkeyAlgorithms.
		2377	* Made slightly less trivial by the multiple RSA signature algorithm names.
		2378	*/
		2379	static int
		2380	key_accepted_by_hostkeyalgs(const struct sshkey *key)
		2381	{
		2382	const char *ktype = sshkey_ssh_name(key);
		2383	const char *hostkeyalgs = options.hostkeyalgorithms != NULL ?
		2384	options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG;
		2385
		2386	if (key == NULL \|\| key->type == KEY_UNSPEC)
		2387	return 0;
		2388	if (key->type == KEY_RSA &&
		2389	(match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 \|\|
		2390	match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1))
		2391	return 1;
		2392	return match_pattern_list(ktype, hostkeyalgs, 0) == 1;
		2393	}
		2394
		2395	/*
2376	* Handle hostkeys-00@openssh.com global request to inform the client of all	2396	* Handle hostkeys-00@openssh.com global request to inform the client of all
2377	* the server's hostkeys. The keys are checked against the user's	2397	* the server's hostkeys. The keys are checked against the user's
2378	* HostkeyAlgorithms preference before they are accepted.	2398	* HostkeyAlgorithms preference before they are accepted.
Lines 2418-2427 client_input_hostkeys(void) Link Here
2418	sshkey_type(key), fp);	2438	sshkey_type(key), fp);
2419	free(fp);	2439	free(fp);
2420		2440
2421	/* Check that the key is accepted in HostkeyAlgorithms */	2441	if (!key_accepted_by_hostkeyalgs(key)) {
2422	if (match_pattern_list(sshkey_ssh_name(key),
2423	options.hostkeyalgorithms ? options.hostkeyalgorithms :
2424	KEX_DEFAULT_PK_ALG, 0) != 1) {
2425	debug3("%s: %s key not permitted by HostkeyAlgorithms",	2442	debug3("%s: %s key not permitted by HostkeyAlgorithms",
2426	__func__, sshkey_ssh_name(key));	2443	__func__, sshkey_ssh_name(key));
2427	continue;	2444	continue;