[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/2] kex: fix RFC8332 RSA extension selection bug


Included here is an update to the pkd tests to reproduce a bug in
RFC8332 RSA extension selection, as well as a fix which makes the
test pass.

When libssh server is provided "rsa-sha2-256,rsa-sha2-512" by the
client for host key algorithms, it will unconditionally reply using
the rsa-sha2-512 variant.  But, the server should respect the
client's preference in this case and use rsa-sha2-256.

Also available here:

 * https://github.com/simonsj/libssh/tree/simonsj/patch/fix-rfc8332-bug-2-4-2019
 * https://gitlab.com/simonsj1/libssh-mirror/tree/simonsj/patch/fix-rfc8332-bug-2-4-2019

Jon Simons (2):
  tests/pkd: repro rsa-sha2-{256,512} negotiation bug
  kex: honor client preference for rsa-sha2-{256,512} host key
    algorithms

 src/kex.c              | 24 ++++++++++++++++++++++++
 tests/pkd/pkd_client.h | 15 +++++++++------
 tests/pkd/pkd_hello.c  |  8 ++++++++
 3 files changed, 41 insertions(+), 6 deletions(-)

-- 
2.19.1.593.gc670b1f


Archive administrator: postmaster@lists.cynapses.org