diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-07-03 11:39:54 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-07-03 23:26:36 +1000 |
| commit | 4ba0d54794814ec0de1ec87987d0c3b89379b436 (patch) | |
| tree | b8d904880f8927374b377b2e4d5661213c1138b6 /kex.c | |
| parent | 95344c257412b51199ead18d54eaed5bafb75617 (diff) | |
upstream: Improve strictness and control over RSA-SHA2 signature
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.
In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.
Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.
Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.
feedback and ok markus@
OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
Diffstat (limited to 'kex.c')
| -rw-r--r-- | kex.c | 17 |
1 files changed, 5 insertions, 12 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kex.c,v 1.136 2018/02/07 02:06:50 jsing Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.137 2018/07/03 11:39:54 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -342,6 +342,7 @@ kex_send_ext_info(struct ssh *ssh) | |||
| 342 | 342 | ||
| 343 | if ((algs = sshkey_alg_list(0, 1, 1, ',')) == NULL) | 343 | if ((algs = sshkey_alg_list(0, 1, 1, ',')) == NULL) |
| 344 | return SSH_ERR_ALLOC_FAIL; | 344 | return SSH_ERR_ALLOC_FAIL; |
| 345 | /* XXX filter algs list by allowed pubkey/hostbased types */ | ||
| 345 | if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || | 346 | if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || |
| 346 | (r = sshpkt_put_u32(ssh, 1)) != 0 || | 347 | (r = sshpkt_put_u32(ssh, 1)) != 0 || |
| 347 | (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 || | 348 | (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 || |
| @@ -378,7 +379,7 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh) | |||
| 378 | { | 379 | { |
| 379 | struct kex *kex = ssh->kex; | 380 | struct kex *kex = ssh->kex; |
| 380 | u_int32_t i, ninfo; | 381 | u_int32_t i, ninfo; |
| 381 | char *name, *found; | 382 | char *name; |
| 382 | u_char *val; | 383 | u_char *val; |
| 383 | size_t vlen; | 384 | size_t vlen; |
| 384 | int r; | 385 | int r; |
| @@ -401,16 +402,8 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh) | |||
| 401 | return SSH_ERR_INVALID_FORMAT; | 402 | return SSH_ERR_INVALID_FORMAT; |
| 402 | } | 403 | } |
| 403 | debug("%s: %s=<%s>", __func__, name, val); | 404 | debug("%s: %s=<%s>", __func__, name, val); |
| 404 | found = match_list("rsa-sha2-256", val, NULL); | 405 | kex->server_sig_algs = val; |
| 405 | if (found) { | 406 | val = NULL; |
| 406 | kex->rsa_sha2 = 256; | ||
| 407 | free(found); | ||
| 408 | } | ||
| 409 | found = match_list("rsa-sha2-512", val, NULL); | ||
| 410 | if (found) { | ||
| 411 | kex->rsa_sha2 = 512; | ||
| 412 | free(found); | ||
| 413 | } | ||
| 414 | } else | 407 | } else |
| 415 | debug("%s: %s (unrecognised)", __func__, name); | 408 | debug("%s: %s (unrecognised)", __func__, name); |
| 416 | free(name); | 409 | free(name); |