diff options
author | Hans Nilsson <[email protected]> | 2016-09-01 21:31:54 +0200 |
---|---|---|
committer | Hans Nilsson <[email protected]> | 2016-09-02 10:34:28 +0200 |
commit | 9b988fa6edd9db2396ade2141e14f0fc7b68cfd2 (patch) | |
tree | 6fd1643ee7aedac765676eec46b4499295090000 | |
parent | 068185ef518384c0141cc643820f3a2a103ff4c3 (diff) | |
download | otp-9b988fa6edd9db2396ade2141e14f0fc7b68cfd2.tar.gz otp-9b988fa6edd9db2396ade2141e14f0fc7b68cfd2.tar.bz2 otp-9b988fa6edd9db2396ade2141e14f0fc7b68cfd2.zip |
ssh: make ecdsa sha dependent on curve
Bug fix.
-rw-r--r-- | lib/ssh/src/ssh_auth.erl | 4 | ||||
-rw-r--r-- | lib/ssh/src/ssh_transport.erl | 7 |
2 files changed, 8 insertions, 3 deletions
diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 1dcf5d0708..afc6ec5a56 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -140,7 +140,7 @@ publickey_msg([Alg, #ssh{user = User, session_id = SessionId, service = Service, opts = Opts} = Ssh]) -> - Hash = sha, %% Maybe option?! + Hash = ssh_transport:sha(Alg), KeyCb = proplists:get_value(key_cb, Opts, ssh_file), case KeyCb:user_key(Alg, Opts) of {ok, PrivKey} -> @@ -495,7 +495,7 @@ verify_sig(SessionId, User, Service, Alg, KeyBlob, SigWLen, Opts) -> <<?UINT32(AlgSigLen), AlgSig:AlgSigLen/binary>> = SigWLen, <<?UINT32(AlgLen), _Alg:AlgLen/binary, ?UINT32(SigLen), Sig:SigLen/binary>> = AlgSig, - ssh_transport:verify(PlainText, sha, Sig, Key); + ssh_transport:verify(PlainText, ssh_transport:sha(list_to_atom(Alg)), Sig, Key); false -> false end. diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 7cb3b75ac0..15b80de30a 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -46,7 +46,7 @@ handle_kex_ecdh_reply/2, extract_public_key/1, ssh_packet/2, pack/2, - sign/3, verify/4]). + sha/1, sign/3, verify/4]). %%% For test suites -export([pack/3]). @@ -1619,6 +1619,11 @@ kex_h(SSH, Key, Min, NBits, Max, Prime, Gen, E, F, K) -> crypto:hash(sha((SSH#ssh.algorithms)#alg.kex), L). +sha('ssh-rsa') -> sha; +sha('ssh-dss') -> sha; +sha('ecdsa-sha2-nistp256') -> sha(secp256r1); +sha('ecdsa-sha2-nistp384') -> sha(secp384r1); +sha('ecdsa-sha2-nistp521') -> sha(secp521r1); sha(secp256r1) -> sha256; sha(secp384r1) -> sha384; sha(secp521r1) -> sha512; |