diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-07-03 11:39:54 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-07-03 23:26:36 +1000 |
commit | 4ba0d54794814ec0de1ec87987d0c3b89379b436 (patch) | |
tree | b8d904880f8927374b377b2e4d5661213c1138b6 /sshd.c | |
parent | 95344c257412b51199ead18d54eaed5bafb75617 (diff) |
upstream: Improve strictness and control over RSA-SHA2 signature
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.
In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.
Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.
Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.
feedback and ok markus@
OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 63 |
1 files changed, 34 insertions, 29 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.508 2018/04/13 03:57:26 dtucker Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.509 2018/07/03 11:39:54 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -681,45 +681,47 @@ privsep_postauth(Authctxt *authctxt) | |||
681 | packet_set_authenticated(); | 681 | packet_set_authenticated(); |
682 | } | 682 | } |
683 | 683 | ||
684 | static void | ||
685 | append_hostkey_type(struct sshbuf *b, const char *s) | ||
686 | { | ||
687 | int r; | ||
688 | |||
689 | if (match_pattern_list(s, options.hostkeyalgorithms, 0) != 1) { | ||
690 | debug3("%s: %s key not permitted by HostkeyAlgorithms", | ||
691 | __func__, s); | ||
692 | return; | ||
693 | } | ||
694 | if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) > 0 ? "," : "", s)) != 0) | ||
695 | fatal("%s: sshbuf_putf: %s", __func__, ssh_err(r)); | ||
696 | } | ||
697 | |||
684 | static char * | 698 | static char * |
685 | list_hostkey_types(void) | 699 | list_hostkey_types(void) |
686 | { | 700 | { |
687 | Buffer b; | 701 | struct sshbuf *b; |
688 | const char *p; | 702 | struct sshkey *key; |
689 | char *ret; | 703 | char *ret; |
690 | u_int i; | 704 | u_int i; |
691 | struct sshkey *key; | ||
692 | 705 | ||
693 | buffer_init(&b); | 706 | if ((b = sshbuf_new()) == NULL) |
707 | fatal("%s: sshbuf_new failed", __func__); | ||
694 | for (i = 0; i < options.num_host_key_files; i++) { | 708 | for (i = 0; i < options.num_host_key_files; i++) { |
695 | key = sensitive_data.host_keys[i]; | 709 | key = sensitive_data.host_keys[i]; |
696 | if (key == NULL) | 710 | if (key == NULL) |
697 | key = sensitive_data.host_pubkeys[i]; | 711 | key = sensitive_data.host_pubkeys[i]; |
698 | if (key == NULL) | 712 | if (key == NULL) |
699 | continue; | 713 | continue; |
700 | /* Check that the key is accepted in HostkeyAlgorithms */ | ||
701 | if (match_pattern_list(sshkey_ssh_name(key), | ||
702 | options.hostkeyalgorithms, 0) != 1) { | ||
703 | debug3("%s: %s key not permitted by HostkeyAlgorithms", | ||
704 | __func__, sshkey_ssh_name(key)); | ||
705 | continue; | ||
706 | } | ||
707 | switch (key->type) { | 714 | switch (key->type) { |
708 | case KEY_RSA: | 715 | case KEY_RSA: |
716 | /* for RSA we also support SHA2 signatures */ | ||
717 | append_hostkey_type(b, "rsa-sha2-512"); | ||
718 | append_hostkey_type(b, "rsa-sha2-256"); | ||
719 | /* FALLTHROUGH */ | ||
709 | case KEY_DSA: | 720 | case KEY_DSA: |
710 | case KEY_ECDSA: | 721 | case KEY_ECDSA: |
711 | case KEY_ED25519: | 722 | case KEY_ED25519: |
712 | case KEY_XMSS: | 723 | case KEY_XMSS: |
713 | if (buffer_len(&b) > 0) | 724 | append_hostkey_type(b, sshkey_ssh_name(key)); |
714 | buffer_append(&b, ",", 1); | ||
715 | p = key_ssh_name(key); | ||
716 | buffer_append(&b, p, strlen(p)); | ||
717 | |||
718 | /* for RSA we also support SHA2 signatures */ | ||
719 | if (key->type == KEY_RSA) { | ||
720 | p = ",rsa-sha2-512,rsa-sha2-256"; | ||
721 | buffer_append(&b, p, strlen(p)); | ||
722 | } | ||
723 | break; | 725 | break; |
724 | } | 726 | } |
725 | /* If the private key has a cert peer, then list that too */ | 727 | /* If the private key has a cert peer, then list that too */ |
@@ -728,21 +730,24 @@ list_hostkey_types(void) | |||
728 | continue; | 730 | continue; |
729 | switch (key->type) { | 731 | switch (key->type) { |
730 | case KEY_RSA_CERT: | 732 | case KEY_RSA_CERT: |
733 | /* for RSA we also support SHA2 signatures */ | ||
734 | append_hostkey_type(b, | ||
735 | "rsa-sha2-512-cert-v01@openssh.com"); | ||
736 | append_hostkey_type(b, | ||
737 | "rsa-sha2-256-cert-v01@openssh.com"); | ||
738 | /* FALLTHROUGH */ | ||
731 | case KEY_DSA_CERT: | 739 | case KEY_DSA_CERT: |
732 | case KEY_ECDSA_CERT: | 740 | case KEY_ECDSA_CERT: |
733 | case KEY_ED25519_CERT: | 741 | case KEY_ED25519_CERT: |
734 | case KEY_XMSS_CERT: | 742 | case KEY_XMSS_CERT: |
735 | if (buffer_len(&b) > 0) | 743 | append_hostkey_type(b, sshkey_ssh_name(key)); |
736 | buffer_append(&b, ",", 1); | ||
737 | p = key_ssh_name(key); | ||
738 | buffer_append(&b, p, strlen(p)); | ||
739 | break; | 744 | break; |
740 | } | 745 | } |
741 | } | 746 | } |
742 | if ((ret = sshbuf_dup_string(&b)) == NULL) | 747 | if ((ret = sshbuf_dup_string(b)) == NULL) |
743 | fatal("%s: sshbuf_dup_string failed", __func__); | 748 | fatal("%s: sshbuf_dup_string failed", __func__); |
744 | buffer_free(&b); | 749 | sshbuf_free(b); |
745 | debug("list_hostkey_types: %s", ret); | 750 | debug("%s: %s", __func__, ret); |
746 | return ret; | 751 | return ret; |
747 | } | 752 | } |
748 | 753 | ||