Make server send SSH_MSG_EXT_INFO

Ensure that only valid hostkey algorithms are sent in the first kex guess
author: Matt Johnston <matt@ucc.asn.au> 2020-05-21 23:00:22 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2020-05-21 23:00:22 +0800
commit: 331d4a714f65772e384e15ff55b850a6e9e6786b (patch)
tree: 16c000a69313d6f49610d48af4c74d6d07d1d899 /svr-kex.c
parent: 2a81289ed32d9e1ca612a41975974bfa258d2ace (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/svr-kex.c b/svr-kex.c
index e3e63d0..44e10ff 100644
--- a/svr-kex.c
+++ b/svr-kex.c
@@ -86,6 +86,11 @@ void recv_msg_kexdh_init() {
 	}
 
 	send_msg_newkeys();
+
+	if (ses.allow_ext_info) {
+		send_msg_ext_info();
+	}
+
 	ses.requirenext = SSH_MSG_NEWKEYS;
 	TRACE(("leave recv_msg_kexdh_init"))
 }
@@ -242,3 +247,19 @@ static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) {
 	TRACE(("leave send_msg_kexdh_reply"))
 }
 
+/* Only used for server-sig-algs on the server side */
+void send_msg_ext_info(void) {
+	TRACE(("enter send_msg_ext_info"))
+
+	buf_putbyte(ses.writepayload, SSH_MSG_EXT_INFO);
+	/* nr-extensions */
+	buf_putint(ses.writepayload, 1);
+
+	buf_putstring(ses.writepayload, SSH_SERVER_SIG_ALGS, strlen(SSH_SERVER_SIG_ALGS));
+	buf_put_algolist_all(ses.writepayload, sigalgs, 1);
+	
+	encrypt_packet();
+
+	TRACE(("leave send_msg_ext_info"))
+
+}
author	Matt Johnston <matt@ucc.asn.au>	2020-05-21 23:00:22 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2020-05-21 23:00:22 +0800
commit	331d4a714f65772e384e15ff55b850a6e9e6786b (patch)
tree	16c000a69313d6f49610d48af4c74d6d07d1d899 /svr-kex.c
parent	2a81289ed32d9e1ca612a41975974bfa258d2ace (diff)