Reject vulnerable keys to mitigate Debian OpenSSL flaw

In 2008, Debian (and derived distributions such as Ubuntu) shipped an
OpenSSL package with a flawed random number generator, causing OpenSSH to
generate only a very limited set of keys which were subject to private half
precomputation.  To mitigate this, this patch checks key authentications
against a blacklist of known-vulnerable keys, and adds a new ssh-vulnkey
program which can be used to explicitly check keys against that blacklist.
See CVE-2008-0166.

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1469
Last-Update: 2013-09-14

Patch-Name: ssh-vulnkey.patch

1 files changed, 3 insertions, 1 deletions

diff --git a/sshconnect2.c b/sshconnect2.c
index 0b13530ce..93818c991 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1491,6 +1491,8 @@ pubkey_prepare(Authctxt *authctxt)
 
         /* list of keys stored in the filesystem and PKCS#11 */
         for (i = 0; i < options.num_identity_files; i++) {
+                if (options.identity_files[i] == NULL)
+                        continue;
                 key = options.identity_keys[i];
                 if (key && key->type == KEY_RSA1)
                         continue;
@@ -1608,7 +1610,7 @@ userauth_pubkey(Authctxt *authctxt)
                         debug("Offering %s public key: %s", key_type(id->key),
                             id->filename);
                         sent = send_pubkey_test(authctxt, id);
-                } else if (id->key == NULL) {
+                } else if (id->key == NULL && id->filename) {
                         debug("Trying private key: %s", id->filename);
                         id->key = load_identity_file(id->filename,
                             id->userprovided);