Bugzilla – Attachment 2961 Details for
Bug 2650
UpdateHostKeys ignores RSA keys if HostKeyAlgorithms=rsa-sha2-256
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Accept RSA keys if HostkeyAlgorithms contains rsa-sha2 key types
bz2650.diff (text/plain), 1.67 KB, created by
Damien Miller
on 2017-03-10 15:32:03 AEDT
(
hide
)
Description:
Accept RSA keys if HostkeyAlgorithms contains rsa-sha2 key types
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2017-03-10 15:32:03 AEDT
Size:
1.67 KB
patch
obsolete
>Index: clientloop.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/clientloop.c,v >retrieving revision 1.290 >diff -u -p -r1.290 clientloop.c >--- clientloop.c 29 Jan 2017 21:35:23 -0000 1.290 >+++ clientloop.c 10 Mar 2017 04:30:42 -0000 >@@ -2373,6 +2373,26 @@ client_global_hostkeys_private_confirm(i > } > > /* >+ * Returns non-zero if the key is accepted by HostkeyAlgorithms. >+ * Made slightly less trivial by the multiple RSA signature algorithm names. >+ */ >+static int >+key_accepted_by_hostkeyalgs(const struct sshkey *key) >+{ >+ const char *ktype = sshkey_ssh_name(key); >+ const char *hostkeyalgs = options.hostkeyalgorithms != NULL ? >+ options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG; >+ >+ if (key == NULL || key->type == KEY_UNSPEC) >+ return 0; >+ if (key->type == KEY_RSA && >+ (match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 || >+ match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1)) >+ return 1; >+ return match_pattern_list(ktype, hostkeyalgs, 0) == 1; >+} >+ >+/* > * Handle hostkeys-00@openssh.com global request to inform the client of all > * the server's hostkeys. The keys are checked against the user's > * HostkeyAlgorithms preference before they are accepted. >@@ -2418,10 +2438,7 @@ client_input_hostkeys(void) > sshkey_type(key), fp); > free(fp); > >- /* Check that the key is accepted in HostkeyAlgorithms */ >- if (match_pattern_list(sshkey_ssh_name(key), >- options.hostkeyalgorithms ? options.hostkeyalgorithms : >- KEX_DEFAULT_PK_ALG, 0) != 1) { >+ if (!key_accepted_by_hostkeyalgs(key)) { > debug3("%s: %s key not permitted by HostkeyAlgorithms", > __func__, sshkey_ssh_name(key)); > continue;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2961">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
dtucker
:
ok+
Actions:
View
|
Diff
Attachments on
bug 2650
: 2961