diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2017-12-18 23:16:23 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-12-19 15:21:37 +1100 |
| commit | 7860731ef190b52119fa480f8064ab03c44a120a (patch) | |
| tree | 758274280fa590762fac827aae5b9aa3ee56c946 /clientloop.c | |
| parent | 966ef478339ad5e631fb684d2a8effe846ce3fd4 (diff) | |
upstream commit
unbreak hostkey rotation; attempting to sign with a
desired signature algorithm of kex->hostkey_alg is incorrect when the key
type isn't capable of making those signatures. ok markus@
OpenBSD-Commit-ID: 35ae46864e1f5859831ec0d115ee5ea50953a906
Diffstat (limited to 'clientloop.c')
| -rw-r--r-- | clientloop.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/clientloop.c b/clientloop.c index 3ce5d930e..c187ae570 100644 --- a/clientloop.c +++ b/clientloop.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: clientloop.c,v 1.308 2017/12/18 02:25:15 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.309 2017/12/18 23:16:23 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -1893,7 +1893,7 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type, | |||
| 1893 | struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx; | 1893 | struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx; |
| 1894 | size_t i, ndone; | 1894 | size_t i, ndone; |
| 1895 | struct sshbuf *signdata; | 1895 | struct sshbuf *signdata; |
| 1896 | int r; | 1896 | int r, kexsigtype, use_kexsigtype; |
| 1897 | const u_char *sig; | 1897 | const u_char *sig; |
| 1898 | size_t siglen; | 1898 | size_t siglen; |
| 1899 | 1899 | ||
| @@ -1905,6 +1905,9 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type, | |||
| 1905 | hostkeys_update_ctx_free(ctx); | 1905 | hostkeys_update_ctx_free(ctx); |
| 1906 | return; | 1906 | return; |
| 1907 | } | 1907 | } |
| 1908 | kexsigtype = sshkey_type_plain( | ||
| 1909 | sshkey_type_from_name(ssh->kex->hostkey_alg)); | ||
| 1910 | |||
| 1908 | if ((signdata = sshbuf_new()) == NULL) | 1911 | if ((signdata = sshbuf_new()) == NULL) |
| 1909 | fatal("%s: sshbuf_new failed", __func__); | 1912 | fatal("%s: sshbuf_new failed", __func__); |
| 1910 | /* Don't want to accidentally accept an unbound signature */ | 1913 | /* Don't want to accidentally accept an unbound signature */ |
| @@ -1933,9 +1936,15 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type, | |||
| 1933 | __func__, ssh_err(r)); | 1936 | __func__, ssh_err(r)); |
| 1934 | goto out; | 1937 | goto out; |
| 1935 | } | 1938 | } |
| 1939 | /* | ||
| 1940 | * For RSA keys, prefer to use the signature type negotiated | ||
| 1941 | * during KEX to the default (SHA1). | ||
| 1942 | */ | ||
| 1943 | use_kexsigtype = kexsigtype == KEY_RSA && | ||
| 1944 | sshkey_type_plain(ctx->keys[i]->type) == KEY_RSA; | ||
| 1936 | if ((r = sshkey_verify(ctx->keys[i], sig, siglen, | 1945 | if ((r = sshkey_verify(ctx->keys[i], sig, siglen, |
| 1937 | sshbuf_ptr(signdata), sshbuf_len(signdata), | 1946 | sshbuf_ptr(signdata), sshbuf_len(signdata), |
| 1938 | ssh->kex->hostkey_alg, 0)) != 0) { | 1947 | use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0)) != 0) { |
| 1939 | error("%s: server gave bad signature for %s key %zu", | 1948 | error("%s: server gave bad signature for %s key %zu", |
| 1940 | __func__, sshkey_type(ctx->keys[i]), i); | 1949 | __func__, sshkey_type(ctx->keys[i]), i); |
| 1941 | goto out; | 1950 | goto out; |