diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-07-03 11:39:54 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-07-03 23:26:36 +1000 |
commit | 4ba0d54794814ec0de1ec87987d0c3b89379b436 (patch) | |
tree | b8d904880f8927374b377b2e4d5661213c1138b6 /authfd.c | |
parent | 95344c257412b51199ead18d54eaed5bafb75617 (diff) |
upstream: Improve strictness and control over RSA-SHA2 signature
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.
In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.
Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.
Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.
feedback and ok markus@
OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
Diffstat (limited to 'authfd.c')
-rw-r--r-- | authfd.c | 24 |
1 files changed, 13 insertions, 11 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfd.c,v 1.109 2018/04/10 00:10:49 djm Exp $ */ | 1 | /* $OpenBSD: authfd.c,v 1.110 2018/07/03 11:39:54 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -343,8 +343,8 @@ ssh_agent_sign(int sock, const struct sshkey *key, | |||
343 | const u_char *data, size_t datalen, const char *alg, u_int compat) | 343 | const u_char *data, size_t datalen, const char *alg, u_int compat) |
344 | { | 344 | { |
345 | struct sshbuf *msg; | 345 | struct sshbuf *msg; |
346 | u_char *blob = NULL, type; | 346 | u_char *sig = NULL, type = 0; |
347 | size_t blen = 0, len = 0; | 347 | size_t len = 0; |
348 | u_int flags = 0; | 348 | u_int flags = 0; |
349 | int r = SSH_ERR_INTERNAL_ERROR; | 349 | int r = SSH_ERR_INTERNAL_ERROR; |
350 | 350 | ||
@@ -355,11 +355,9 @@ ssh_agent_sign(int sock, const struct sshkey *key, | |||
355 | return SSH_ERR_INVALID_ARGUMENT; | 355 | return SSH_ERR_INVALID_ARGUMENT; |
356 | if ((msg = sshbuf_new()) == NULL) | 356 | if ((msg = sshbuf_new()) == NULL) |
357 | return SSH_ERR_ALLOC_FAIL; | 357 | return SSH_ERR_ALLOC_FAIL; |
358 | if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) | ||
359 | goto out; | ||
360 | flags |= agent_encode_alg(key, alg); | 358 | flags |= agent_encode_alg(key, alg); |
361 | if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 || | 359 | if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 || |
362 | (r = sshbuf_put_string(msg, blob, blen)) != 0 || | 360 | (r = sshkey_puts(key, msg)) != 0 || |
363 | (r = sshbuf_put_string(msg, data, datalen)) != 0 || | 361 | (r = sshbuf_put_string(msg, data, datalen)) != 0 || |
364 | (r = sshbuf_put_u32(msg, flags)) != 0) | 362 | (r = sshbuf_put_u32(msg, flags)) != 0) |
365 | goto out; | 363 | goto out; |
@@ -374,15 +372,19 @@ ssh_agent_sign(int sock, const struct sshkey *key, | |||
374 | r = SSH_ERR_INVALID_FORMAT; | 372 | r = SSH_ERR_INVALID_FORMAT; |
375 | goto out; | 373 | goto out; |
376 | } | 374 | } |
377 | if ((r = sshbuf_get_string(msg, sigp, &len)) != 0) | 375 | if ((r = sshbuf_get_string(msg, &sig, &len)) != 0) |
376 | goto out; | ||
377 | /* Check what we actually got back from the agent. */ | ||
378 | if ((r = sshkey_check_sigtype(sig, len, alg)) != 0) | ||
378 | goto out; | 379 | goto out; |
380 | /* success */ | ||
381 | *sigp = sig; | ||
379 | *lenp = len; | 382 | *lenp = len; |
383 | sig = NULL; | ||
384 | len = 0; | ||
380 | r = 0; | 385 | r = 0; |
381 | out: | 386 | out: |
382 | if (blob != NULL) { | 387 | freezero(sig, len); |
383 | explicit_bzero(blob, blen); | ||
384 | free(blob); | ||
385 | } | ||
386 | sshbuf_free(msg); | 388 | sshbuf_free(msg); |
387 | return r; | 389 | return r; |
388 | } | 390 | } |