Reply with SSH_MSG_USERAUTH_PK_OK with correct algorithm when using RSA and SHA-2

brian m. carlsonrequested to merge
bk2204/libssh-mirror:response-sha-2-upstream into master

RFC 4252 §7 states that the public key algorithm in a SSH_MSG_USERAUTH_PK_OK response is the public key algorithm name from the request. When using RSA with SHA-2, this will be either rsa-sha2-256 or rsa-sha2-512 as specified by RFC 8332 §3.2.

However, currently libssh emits the public key type instead, which is ssh-rsa. This is not in conformance with the RFCs, so let's fix this by storing the signature type and emitting it in our response instead of the public key when sending SSH_MSG_USERAUTH_PK_OK in the server.

This was reported to us as a bug in our implementation, so I've submitted a patch here to address this so all users of libssh can benefit from it. It isn't clear to me how a test should be written here, so if you think it needs one, some guidance on how to do so would be valuable. Notably, this is not exposed in the public key authentication callback, so that isn't a possible location for a test.

Checklist

  • Commits have Signed-off-by: with name/author being identical to the commit author
  • Code modified for feature
  • Test suite updated with functionality tests
  • Test suite updated with negative tests

Reviewer's checklist:

  • Any issues marked for closing are addressed
  • There is a test suite reasonably covering new functionality or modifications
  • Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTING.md
  • This feature/change has adequate documentation added
  • No obvious mistakes in the code

Merge request reports