diff options
author | Hans Nilsson <[email protected]> | 2017-05-18 20:33:14 +0200 |
---|---|---|
committer | Hans Nilsson <[email protected]> | 2017-05-22 12:44:03 +0200 |
commit | 3507ea008839ad68dc16060a2696e3efde551684 (patch) | |
tree | 776a15f64d17357d6c411eb75a39072433b315e7 /lib/ssh/src | |
parent | c99b6f0aa70457453b37533adf6d3872f7009fac (diff) | |
download | otp-3507ea008839ad68dc16060a2696e3efde551684.tar.gz otp-3507ea008839ad68dc16060a2696e3efde551684.tar.bz2 otp-3507ea008839ad68dc16060a2696e3efde551684.zip |
ssh: fix the rsa-sha2-* hostkey verify error
Diffstat (limited to 'lib/ssh/src')
-rw-r--r-- | lib/ssh/src/ssh_message.erl | 4 | ||||
-rw-r--r-- | lib/ssh/src/ssh_transport.erl | 18 |
2 files changed, 13 insertions, 9 deletions
diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index 609040826f..4f2eeca026 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -598,8 +598,8 @@ decode_kex_init(<<?DEC_BIN(Data,__0), Rest/binary>>, Acc, N) -> %%% Signature decode/encode %%% -decode_signature(<<?DEC_BIN(_Alg,__0), ?UINT32(_), Signature/binary>>) -> - Signature. +decode_signature(<<?DEC_BIN(Alg,__0), ?UINT32(_), Signature/binary>>) -> + {binary_to_list(Alg), Signature}. encode_signature({#'RSAPublicKey'{},Sign}, Signature) -> diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 1a15798080..412f5de9de 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -776,16 +776,20 @@ extract_public_key(#'ECPrivateKey'{parameters = {namedCurve,OID}, {#'ECPoint'{point=Q}, {namedCurve,OID}}. -verify_host_key(#ssh{algorithms=Alg}=SSH, PublicKey, Digest, Signature) -> - case verify(Digest, sha(Alg#alg.hkey), Signature, PublicKey) of - false -> - {error, bad_signature}; - true -> - known_host_key(SSH, PublicKey, public_algo(PublicKey)) +verify_host_key(#ssh{algorithms=Alg}=SSH, PublicKey, Digest, {AlgStr,Signature}) -> + case atom_to_list(Alg#alg.hkey) of + AlgStr -> + case verify(Digest, sha(Alg#alg.hkey), Signature, PublicKey) of + false -> + {error, bad_signature}; + true -> + known_host_key(SSH, PublicKey, public_algo(PublicKey)) + end; + _ -> + {error, bad_signature_name} end. - accepted_host(Ssh, PeerName, Public, Opts) -> case ?GET_OPT(silently_accept_hosts, Opts) of |