aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHans Nilsson <[email protected]>2016-09-06 14:29:30 +0200
committerHans Nilsson <[email protected]>2016-09-06 14:29:30 +0200
commit9da5e0fae44d8c85ad14e20e27568f86ad52cc0f (patch)
tree10339e1e33d318c05015f3cd4eb819dcea964077
parent10ffae2b1c12f6d564dfc3fbf3e316491b71b2c3 (diff)
parent9b988fa6edd9db2396ade2141e14f0fc7b68cfd2 (diff)
downloadotp-9da5e0fae44d8c85ad14e20e27568f86ad52cc0f.tar.gz
otp-9da5e0fae44d8c85ad14e20e27568f86ad52cc0f.tar.bz2
otp-9da5e0fae44d8c85ad14e20e27568f86ad52cc0f.zip
Merge branch 'hans/ssh/correct_sha_ecdsa/OTP-13850' into maint
-rw-r--r--lib/ssh/src/ssh_auth.erl4
-rw-r--r--lib/ssh/src/ssh_transport.erl7
2 files changed, 8 insertions, 3 deletions
diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl
index 1dcf5d0708..afc6ec5a56 100644
--- a/lib/ssh/src/ssh_auth.erl
+++ b/lib/ssh/src/ssh_auth.erl
@@ -140,7 +140,7 @@ publickey_msg([Alg, #ssh{user = User,
session_id = SessionId,
service = Service,
opts = Opts} = Ssh]) ->
- Hash = sha, %% Maybe option?!
+ Hash = ssh_transport:sha(Alg),
KeyCb = proplists:get_value(key_cb, Opts, ssh_file),
case KeyCb:user_key(Alg, Opts) of
{ok, PrivKey} ->
@@ -495,7 +495,7 @@ verify_sig(SessionId, User, Service, Alg, KeyBlob, SigWLen, Opts) ->
<<?UINT32(AlgSigLen), AlgSig:AlgSigLen/binary>> = SigWLen,
<<?UINT32(AlgLen), _Alg:AlgLen/binary,
?UINT32(SigLen), Sig:SigLen/binary>> = AlgSig,
- ssh_transport:verify(PlainText, sha, Sig, Key);
+ ssh_transport:verify(PlainText, ssh_transport:sha(list_to_atom(Alg)), Sig, Key);
false ->
false
end.
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 7cb3b75ac0..15b80de30a 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -46,7 +46,7 @@
handle_kex_ecdh_reply/2,
extract_public_key/1,
ssh_packet/2, pack/2,
- sign/3, verify/4]).
+ sha/1, sign/3, verify/4]).
%%% For test suites
-export([pack/3]).
@@ -1619,6 +1619,11 @@ kex_h(SSH, Key, Min, NBits, Max, Prime, Gen, E, F, K) ->
crypto:hash(sha((SSH#ssh.algorithms)#alg.kex), L).
+sha('ssh-rsa') -> sha;
+sha('ssh-dss') -> sha;
+sha('ecdsa-sha2-nistp256') -> sha(secp256r1);
+sha('ecdsa-sha2-nistp384') -> sha(secp384r1);
+sha('ecdsa-sha2-nistp521') -> sha(secp521r1);
sha(secp256r1) -> sha256;
sha(secp384r1) -> sha384;
sha(secp521r1) -> sha512;