diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-07-03 11:39:54 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-07-03 23:26:36 +1000 |
| commit | 4ba0d54794814ec0de1ec87987d0c3b89379b436 (patch) | |
| tree | b8d904880f8927374b377b2e4d5661213c1138b6 /auth2-pubkey.c | |
| parent | 95344c257412b51199ead18d54eaed5bafb75617 (diff) | |
upstream: Improve strictness and control over RSA-SHA2 signature
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.
In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.
Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.
Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.
feedback and ok markus@
OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
Diffstat (limited to 'auth2-pubkey.c')
| -rw-r--r-- | auth2-pubkey.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 3ccc3a213..4feeae3e2 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth2-pubkey.c,v 1.79 2018/06/06 18:29:18 markus Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.80 2018/07/03 11:39:54 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -109,7 +109,7 @@ userauth_pubkey(struct ssh *ssh) | |||
| 109 | pktype = sshkey_type_from_name(pkalg); | 109 | pktype = sshkey_type_from_name(pkalg); |
| 110 | if (pktype == KEY_UNSPEC) { | 110 | if (pktype == KEY_UNSPEC) { |
| 111 | /* this is perfectly legal */ | 111 | /* this is perfectly legal */ |
| 112 | logit("%s: unsupported public key algorithm: %s", | 112 | verbose("%s: unsupported public key algorithm: %s", |
| 113 | __func__, pkalg); | 113 | __func__, pkalg); |
| 114 | goto done; | 114 | goto done; |
| 115 | } | 115 | } |
| @@ -136,8 +136,7 @@ userauth_pubkey(struct ssh *ssh) | |||
| 136 | logit("refusing previously-used %s key", sshkey_type(key)); | 136 | logit("refusing previously-used %s key", sshkey_type(key)); |
| 137 | goto done; | 137 | goto done; |
| 138 | } | 138 | } |
| 139 | if (match_pattern_list(sshkey_ssh_name(key), | 139 | if (match_pattern_list(pkalg, options.pubkey_key_types, 0) != 1) { |
| 140 | options.pubkey_key_types, 0) != 1) { | ||
| 141 | logit("%s: key type %s not in PubkeyAcceptedKeyTypes", | 140 | logit("%s: key type %s not in PubkeyAcceptedKeyTypes", |
| 142 | __func__, sshkey_ssh_name(key)); | 141 | __func__, sshkey_ssh_name(key)); |
| 143 | goto done; | 142 | goto done; |
| @@ -188,8 +187,10 @@ userauth_pubkey(struct ssh *ssh) | |||
| 188 | /* test for correct signature */ | 187 | /* test for correct signature */ |
| 189 | authenticated = 0; | 188 | authenticated = 0; |
| 190 | if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) && | 189 | if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) && |
| 191 | PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b), | 190 | PRIVSEP(sshkey_verify(key, sig, slen, |
| 192 | sshbuf_len(b), NULL, ssh->compat)) == 0) { | 191 | sshbuf_ptr(b), sshbuf_len(b), |
| 192 | (ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL, | ||
| 193 | ssh->compat)) == 0) { | ||
| 193 | authenticated = 1; | 194 | authenticated = 1; |
| 194 | } | 195 | } |
| 195 | sshbuf_free(b); | 196 | sshbuf_free(b); |