Verify the PUBLICKEY_ACCEPTED_TYPES option is handled correctly
and affects the signature algorithm selection based on the
extensions and can be used to limit list of offered mechanisms
to the server.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This effectively allows to disable using the SHA2 extension, disable
other old public key mechanisms out of the box (hello DSA) or force
the new SHA2-based key algorithm types if needed.
This exposes the default_methods array from kex.c.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This option allows to specify acceptable public key algorithms
and reflects the PubkeyAcceptedTypes configuration option from
OpenSSH.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The new constants for flags are defined in draft-miller-ssh-agent-02
are active if the SHA2 extension is negotiated with the server.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This introduces a new test case for RSA unit tests, verifying that
libraries are able to provide and verify the RSA signatures with
SHA2 hash algorithms.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* This change introduces a new API to request signature using
one key and different hash algorithms. This is used only with
RSA keys, that used to have SHA1 hardcoded, but the new
algorithsms allow to use the SHA2 hashes, if the extension
is negotiated.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This changes the private API by adding one more argument to function
pki_signature_from_blob()
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
RFC 8308: The extension negotiation in Secure Shell (SSH) Protocol
RFC 8332: Use of RSA Keys with SHA-256 and SHA-512
in the Secure Shell (SSH) Protocol
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This is required to work against OpenSSH 7.8, which is now
writing keys in new openssh format by default
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
src/poll.c:1024:9: error: assuming signed overflow does not occur when
simplifying conditional to constant [-Werror=strict-overflow]
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
The target created to copy the file must be the one make dist is
depending on. Otherwise it will not copy the generated files to the
desired path.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Moved the symbols list formatting to the ExtractSymbols.cmake. The
resulting list of symbols is sorted and printed in a more readable way
(one symbol per line). Fixed the script to copy the generated symbols.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
tests/pkd/pkd_hello.c:743:12: error: assuming signed overflow does not
occur when simplifying conditional to constant [-Werror=strict-overflow]
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
This fixes some issues with the new docs and uses a new modern style.
https://github.com/jl-wynen/that_style
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Fixes, among others, ProxyCommand with %p when no port is used on
commandline or config file, thus using the default port.
Fixes T94
Signed-off-by: Alex Hermann <alex@hexla.nl>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Fix the targets and output files handling to make the symbols to be
updated correctly when a symbol is added or removed.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>