diff options
author | Colin Watson <cjwatson@debian.org> | 2018-08-24 12:49:36 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2018-08-30 00:57:27 +0100 |
commit | 816386e17654ca36834bebbf351419e460fad8f6 (patch) | |
tree | 3dc79d831cb73bc25b92f5a4d18f8e328c0c570a /ssh-rsa.c | |
parent | 3e6f76c7039d3df22b1d0a3a5f30150efb09b69d (diff) | |
parent | 16a47fc4b04977a14f44dd433c8da1499fa80671 (diff) |
New upstream release (7.8p1)
Closes: #907534
Diffstat (limited to 'ssh-rsa.c')
-rw-r--r-- | ssh-rsa.c | 60 |
1 files changed, 45 insertions, 15 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-rsa.c,v 1.66 2018/02/14 16:27:24 jsing Exp $ */ | 1 | /* $OpenBSD: ssh-rsa.c,v 1.67 2018/07/03 11:39:54 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> | 3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> |
4 | * | 4 | * |
@@ -51,11 +51,14 @@ rsa_hash_alg_ident(int hash_alg) | |||
51 | return NULL; | 51 | return NULL; |
52 | } | 52 | } |
53 | 53 | ||
54 | /* | ||
55 | * Returns the hash algorithm ID for a given algorithm identifier as used | ||
56 | * inside the signature blob, | ||
57 | */ | ||
54 | static int | 58 | static int |
55 | rsa_hash_alg_from_ident(const char *ident) | 59 | rsa_hash_id_from_ident(const char *ident) |
56 | { | 60 | { |
57 | if (strcmp(ident, "ssh-rsa") == 0 || | 61 | if (strcmp(ident, "ssh-rsa") == 0) |
58 | strcmp(ident, "ssh-rsa-cert-v01@openssh.com") == 0) | ||
59 | return SSH_DIGEST_SHA1; | 62 | return SSH_DIGEST_SHA1; |
60 | if (strcmp(ident, "rsa-sha2-256") == 0) | 63 | if (strcmp(ident, "rsa-sha2-256") == 0) |
61 | return SSH_DIGEST_SHA256; | 64 | return SSH_DIGEST_SHA256; |
@@ -64,6 +67,27 @@ rsa_hash_alg_from_ident(const char *ident) | |||
64 | return -1; | 67 | return -1; |
65 | } | 68 | } |
66 | 69 | ||
70 | /* | ||
71 | * Return the hash algorithm ID for the specified key name. This includes | ||
72 | * all the cases of rsa_hash_id_from_ident() but also the certificate key | ||
73 | * types. | ||
74 | */ | ||
75 | static int | ||
76 | rsa_hash_id_from_keyname(const char *alg) | ||
77 | { | ||
78 | int r; | ||
79 | |||
80 | if ((r = rsa_hash_id_from_ident(alg)) != -1) | ||
81 | return r; | ||
82 | if (strcmp(alg, "ssh-rsa-cert-v01@openssh.com") == 0) | ||
83 | return SSH_DIGEST_SHA1; | ||
84 | if (strcmp(alg, "rsa-sha2-256-cert-v01@openssh.com") == 0) | ||
85 | return SSH_DIGEST_SHA256; | ||
86 | if (strcmp(alg, "rsa-sha2-512-cert-v01@openssh.com") == 0) | ||
87 | return SSH_DIGEST_SHA512; | ||
88 | return -1; | ||
89 | } | ||
90 | |||
67 | static int | 91 | static int |
68 | rsa_hash_alg_nid(int type) | 92 | rsa_hash_alg_nid(int type) |
69 | { | 93 | { |
@@ -135,7 +159,7 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |||
135 | if (alg_ident == NULL || strlen(alg_ident) == 0) | 159 | if (alg_ident == NULL || strlen(alg_ident) == 0) |
136 | hash_alg = SSH_DIGEST_SHA1; | 160 | hash_alg = SSH_DIGEST_SHA1; |
137 | else | 161 | else |
138 | hash_alg = rsa_hash_alg_from_ident(alg_ident); | 162 | hash_alg = rsa_hash_id_from_keyname(alg_ident); |
139 | if (key == NULL || key->rsa == NULL || hash_alg == -1 || | 163 | if (key == NULL || key->rsa == NULL || hash_alg == -1 || |
140 | sshkey_type_plain(key->type) != KEY_RSA) | 164 | sshkey_type_plain(key->type) != KEY_RSA) |
141 | return SSH_ERR_INVALID_ARGUMENT; | 165 | return SSH_ERR_INVALID_ARGUMENT; |
@@ -202,7 +226,7 @@ ssh_rsa_verify(const struct sshkey *key, | |||
202 | const char *alg) | 226 | const char *alg) |
203 | { | 227 | { |
204 | char *sigtype = NULL; | 228 | char *sigtype = NULL; |
205 | int hash_alg, ret = SSH_ERR_INTERNAL_ERROR; | 229 | int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR; |
206 | size_t len = 0, diff, modlen, dlen; | 230 | size_t len = 0, diff, modlen, dlen; |
207 | struct sshbuf *b = NULL; | 231 | struct sshbuf *b = NULL; |
208 | u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL; | 232 | u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL; |
@@ -220,18 +244,24 @@ ssh_rsa_verify(const struct sshkey *key, | |||
220 | ret = SSH_ERR_INVALID_FORMAT; | 244 | ret = SSH_ERR_INVALID_FORMAT; |
221 | goto out; | 245 | goto out; |
222 | } | 246 | } |
223 | /* XXX djm: need cert types that reliably yield SHA-2 signatures */ | 247 | if ((hash_alg = rsa_hash_id_from_ident(sigtype)) == -1) { |
224 | if (alg != NULL && strcmp(alg, sigtype) != 0 && | ||
225 | strcmp(alg, "ssh-rsa-cert-v01@openssh.com") != 0) { | ||
226 | error("%s: RSA signature type mismatch: " | ||
227 | "expected %s received %s", __func__, alg, sigtype); | ||
228 | ret = SSH_ERR_SIGNATURE_INVALID; | ||
229 | goto out; | ||
230 | } | ||
231 | if ((hash_alg = rsa_hash_alg_from_ident(sigtype)) == -1) { | ||
232 | ret = SSH_ERR_KEY_TYPE_MISMATCH; | 248 | ret = SSH_ERR_KEY_TYPE_MISMATCH; |
233 | goto out; | 249 | goto out; |
234 | } | 250 | } |
251 | /* | ||
252 | * Allow ssh-rsa-cert-v01 certs to generate SHA2 signatures for | ||
253 | * legacy reasons, but otherwise the signature type should match. | ||
254 | */ | ||
255 | if (alg != NULL && strcmp(alg, "ssh-rsa-cert-v01@openssh.com") != 0) { | ||
256 | if ((want_alg = rsa_hash_id_from_keyname(alg)) == -1) { | ||
257 | ret = SSH_ERR_INVALID_ARGUMENT; | ||
258 | goto out; | ||
259 | } | ||
260 | if (hash_alg != want_alg) { | ||
261 | ret = SSH_ERR_SIGNATURE_INVALID; | ||
262 | goto out; | ||
263 | } | ||
264 | } | ||
235 | if (sshbuf_get_string(b, &sigblob, &len) != 0) { | 265 | if (sshbuf_get_string(b, &sigblob, &len) != 0) { |
236 | ret = SSH_ERR_INVALID_FORMAT; | 266 | ret = SSH_ERR_INVALID_FORMAT; |
237 | goto out; | 267 | goto out; |