Reject vulnerable keys to mitigate Debian OpenSSL flaw

In 2008, Debian (and derived distributions such as Ubuntu) shipped an OpenSSL package with a flawed random number generator, causing OpenSSH to generate only a very limited set of keys which were subject to private half precomputation. To mitigate this, this patch checks key authentications against a blacklist of known-vulnerable keys, and adds a new ssh-vulnkey program which can be used to explicitly check keys against that blacklist. See CVE-2008-0166. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1469 Last-Update: 2013-09-14 Patch-Name: ssh-vulnkey.patch
author: Colin Watson <cjwatson@ubuntu.com> 2014-02-09 16:09:50 +0000
committer: Colin Watson <cjwatson@debian.org> 2014-02-09 16:17:31 +0000
commit: 8909ff0e3cd07d1b042d1be1c8b8828dbf6c9a83 (patch)
tree: ebee4092f1411059e34da6f66b4ebd64f4411020 /readconf.c
parent: 07f2a771c490bd68cd5c5ea9c535705e93bd94f3 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/readconf.c b/readconf.c
index 2695fd6c0..22e5a3a61 100644
--- a/readconf.c
+++ b/readconf.c
@@ -128,6 +128,7 @@ typedef enum {
        oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
        oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
        oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
+        oUseBlacklistedKeys,
        oHostKeyAlgorithms, oBindAddress, oPKCS11Provider,
        oClearAllForwardings, oNoHostAuthenticationForLocalhost,
        oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
@@ -161,6 +162,7 @@ static struct {
        { "passwordauthentication", oPasswordAuthentication },
        { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
        { "kbdinteractivedevices", oKbdInteractiveDevices },
+        { "useblacklistedkeys", oUseBlacklistedKeys },
        { "rsaauthentication", oRSAAuthentication },
        { "pubkeyauthentication", oPubkeyAuthentication },
        { "dsaauthentication", oPubkeyAuthentication },             /* alias */
@@ -523,6 +525,10 @@ parse_flag:
                intptr = &options->challenge_response_authentication;
                goto parse_flag;
+        case oUseBlacklistedKeys:
+                intptr = &options->use_blacklisted_keys;
+                goto parse_flag;
        case oGssAuthentication:
                intptr = &options->gss_authentication;
                goto parse_flag;
@@ -1210,6 +1216,7 @@ initialize_options(Options * options)
        options->kbd_interactive_devices = NULL;
        options->rhosts_rsa_authentication = -1;
        options->hostbased_authentication = -1;
+        options->use_blacklisted_keys = -1;
        options->batch_mode = -1;
        options->check_host_ip = -1;
        options->strict_host_key_checking = -1;
@@ -1320,6 +1327,8 @@ fill_default_options(Options * options)
                options->rhosts_rsa_authentication = 0;
        if (options->hostbased_authentication == -1)
                options->hostbased_authentication = 0;
+        if (options->use_blacklisted_keys == -1)
+                options->use_blacklisted_keys = 0;
        if (options->batch_mode == -1)
                options->batch_mode = 0;
        if (options->check_host_ip == -1)
author	Colin Watson <cjwatson@ubuntu.com>	2014-02-09 16:09:50 +0000
committer	Colin Watson <cjwatson@debian.org>	2014-02-09 16:17:31 +0000
commit	8909ff0e3cd07d1b042d1be1c8b8828dbf6c9a83 (patch)
tree	ebee4092f1411059e34da6f66b4ebd64f4411020 /readconf.c
parent	07f2a771c490bd68cd5c5ea9c535705e93bd94f3 (diff)