1 files changed, 46 insertions, 53 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index be9397e48..1f4a74cf4 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.266 2017/08/27 00:38:41 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.270 2018/03/24 19:28:43 markus Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -578,7 +578,6 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
        Authctxt *authctxt = ssh->authctxt;
        struct sshkey *key = NULL;
        Identity *id = NULL;
-        Buffer b;
        int pktype, sent = 0;
        u_int alen, blen;
        char *pkalg, *fp;
@@ -586,18 +585,9 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
        if (authctxt == NULL)
                fatal("input_userauth_pk_ok: no authentication context");
-        if (datafellows & SSH_BUG_PKOK) {
-                /* this is similar to SSH_BUG_PKAUTH */
+        pkalg = packet_get_string(&alen);
-                debug2("input_userauth_pk_ok: SSH_BUG_PKOK");
+        pkblob = packet_get_string(&blen);
-                pkblob = packet_get_string(&blen);
-                buffer_init(&b);
-                buffer_append(&b, pkblob, blen);
-                pkalg = buffer_get_string(&b, &alen);
-                buffer_free(&b);
-        } else {
-                pkalg = packet_get_string(&alen);
-                pkblob = packet_get_string(&blen);
-        }
        packet_check_eom();
        debug("Server accepts key: pkalg %s blen %u", pkalg, blen);
@@ -634,8 +624,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
                }
        }
 done:
-        if (key != NULL)
+        key_free(key);
-                key_free(key);
        free(pkalg);
        free(pkblob);
@@ -1013,17 +1002,46 @@ key_sign_encode(const struct sshkey *key)
        return key_ssh_name(key);
 }
+/*
+ * Some agents will return ssh-rsa signatures when asked to make a
+ * rsa-sha2-* signature. Check what they actually gave back and warn the
+ * user if the agent has returned an unexpected type.
+ */
+static int
+check_sigtype(const struct sshkey *key, const u_char *sig, size_t len)
+{
+        int r;
+        char *sigtype = NULL;
+        const char *alg = key_sign_encode(key);
+        if (sshkey_is_cert(key))
+                return 0;
+        if ((r = sshkey_sigtype(sig, len, &sigtype)) != 0)
+                return r;
+        if (strcmp(sigtype, alg) != 0) {
+                logit("warning: agent returned different signature type %s "
+                    "(expected %s)", sigtype, alg);
+        }
+        free(sigtype);
+        /* Incorrect signature types aren't an error ... yet */
+        return 0;
+}
 static int
 identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
    const u_char *data, size_t datalen, u_int compat)
 {
        struct sshkey *prv;
-        int ret;
+        int r;
        /* the agent supports this key */
-        if (id->key != NULL && id->agent_fd != -1)
+        if (id->key != NULL && id->agent_fd != -1) {
-                return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp,
+                if ((r = ssh_agent_sign(id->agent_fd, id->key, sigp, lenp,
-                    data, datalen, key_sign_encode(id->key), compat);
+                    data, datalen, key_sign_encode(id->key), compat)) != 0 ||
+                    (r = check_sigtype(id->key, *sigp, *lenp)) != 0)
+                        return r;
+                return 0;
+        }
        /*
         * we have already loaded the private key or
@@ -1042,10 +1060,10 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
                   __func__, id->filename);
                return SSH_ERR_KEY_NOT_FOUND;
        }
-        ret = sshkey_sign(prv, sigp, lenp, data, datalen,
+        r = sshkey_sign(prv, sigp, lenp, data, datalen,
            key_sign_encode(prv), compat);
        sshkey_free(prv);
-        return (ret);
+        return r;
 }
 static int
@@ -1100,17 +1118,10 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
        }
        buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
        buffer_put_cstring(&b, authctxt->server_user);
-        buffer_put_cstring(&b,
+        buffer_put_cstring(&b, authctxt->service);
-            datafellows & SSH_BUG_PKSERVICE ?
+        buffer_put_cstring(&b, authctxt->method->name);
-            "ssh-userauth" :
+        buffer_put_char(&b, have_sig);
-            authctxt->service);
+        buffer_put_cstring(&b, key_sign_encode(id->key));
-        if (datafellows & SSH_BUG_PKAUTH) {
-                buffer_put_char(&b, have_sig);
-        } else {
-                buffer_put_cstring(&b, authctxt->method->name);
-                buffer_put_char(&b, have_sig);
-                buffer_put_cstring(&b, key_sign_encode(id->key));
-        }
        buffer_put_string(&b, blob, bloblen);
        /*
@@ -1170,19 +1181,6 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
 #ifdef DEBUG_PK
        buffer_dump(&b);
 #endif
-        if (datafellows & SSH_BUG_PKSERVICE) {
-                buffer_clear(&b);
-                buffer_append(&b, session_id2, session_id2_len);
-                skip = session_id2_len;
-                buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
-                buffer_put_cstring(&b, authctxt->server_user);
-                buffer_put_cstring(&b, authctxt->service);
-                buffer_put_cstring(&b, authctxt->method->name);
-                buffer_put_char(&b, have_sig);
-                if (!(datafellows & SSH_BUG_PKAUTH))
-                        buffer_put_cstring(&b, key_ssh_name(id->key));
-                buffer_put_string(&b, blob, bloblen);
-        }
        free(blob);
        /* append signature */
@@ -1224,8 +1222,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id)
        packet_put_cstring(authctxt->service);
        packet_put_cstring(authctxt->method->name);
        packet_put_char(have_sig);
-        if (!(datafellows & SSH_BUG_PKAUTH))
+        packet_put_cstring(key_sign_encode(id->key));
-                packet_put_cstring(key_sign_encode(id->key));
        packet_put_string(blob, bloblen);
        free(blob);
        packet_send();
@@ -1741,7 +1738,6 @@ userauth_hostbased(Authctxt *authctxt)
        struct ssh *ssh = active_state;
        struct sshkey *private = NULL;
        struct sshbuf *b = NULL;
-        const char *service;
        u_char *sig = NULL, *keyblob = NULL;
        char *fp = NULL, *chost = NULL, *lname = NULL;
        size_t siglen = 0, keylen = 0;
@@ -1812,9 +1808,6 @@ userauth_hostbased(Authctxt *authctxt)
        xasprintf(&chost, "%s.", lname);
        debug2("%s: chost %s", __func__, chost);
-        service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
-            authctxt->service;
        /* construct data */
        if ((b = sshbuf_new()) == NULL) {
                error("%s: sshbuf_new failed", __func__);
@@ -1827,7 +1820,7 @@ userauth_hostbased(Authctxt *authctxt)
        if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
            (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
            (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 ||
-            (r = sshbuf_put_cstring(b, service)) != 0 ||
+            (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
            (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 ||
            (r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 ||
            (r = sshbuf_put_string(b, keyblob, keylen)) != 0 ||

diff --git a/sshconnect2.c b/sshconnect2.c index be9397e48..1f4a74cf4 100644 --- a/sshconnect2.c +++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshconnect2.c,v 1.266 2017/08/27 00:38:41 dtucker Exp $ */	1	/* $OpenBSD: sshconnect2.c,v 1.270 2018/03/24 19:28:43 markus Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	* Copyright (c) 2008 Damien Miller. All rights reserved.	4	* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -578,7 +578,6 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
578	Authctxt *authctxt = ssh->authctxt;	578	Authctxt *authctxt = ssh->authctxt;
579	struct sshkey *key = NULL;	579	struct sshkey *key = NULL;
580	Identity *id = NULL;	580	Identity *id = NULL;
581	Buffer b;
582	int pktype, sent = 0;	581	int pktype, sent = 0;
583	u_int alen, blen;	582	u_int alen, blen;
584	char pkalg, fp;	583	char pkalg, fp;
@@ -586,18 +585,9 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
586		585
587	if (authctxt == NULL)	586	if (authctxt == NULL)
588	fatal("input_userauth_pk_ok: no authentication context");	587	fatal("input_userauth_pk_ok: no authentication context");
589	if (datafellows & SSH_BUG_PKOK) {	588
590	/* this is similar to SSH_BUG_PKAUTH */	589	pkalg = packet_get_string(&alen);
591	debug2("input_userauth_pk_ok: SSH_BUG_PKOK");	590	pkblob = packet_get_string(&blen);
592	pkblob = packet_get_string(&blen);
593	buffer_init(&b);
594	buffer_append(&b, pkblob, blen);
595	pkalg = buffer_get_string(&b, &alen);
596	buffer_free(&b);
597	} else {
598	pkalg = packet_get_string(&alen);
599	pkblob = packet_get_string(&blen);
600	}
601	packet_check_eom();	591	packet_check_eom();
602		592
603	debug("Server accepts key: pkalg %s blen %u", pkalg, blen);	593	debug("Server accepts key: pkalg %s blen %u", pkalg, blen);
@@ -634,8 +624,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
634	}	624	}
635	}	625	}
636	done:	626	done:
637	if (key != NULL)	627	key_free(key);
638	key_free(key);
639	free(pkalg);	628	free(pkalg);
640	free(pkblob);	629	free(pkblob);
641		630
@@ -1013,17 +1002,46 @@ key_sign_encode(const struct sshkey *key)
1013	return key_ssh_name(key);	1002	return key_ssh_name(key);
1014	}	1003	}
1015		1004
		1005	/*
		1006	* Some agents will return ssh-rsa signatures when asked to make a
		1007	* rsa-sha2-* signature. Check what they actually gave back and warn the
		1008	* user if the agent has returned an unexpected type.
		1009	*/
		1010	static int
		1011	check_sigtype(const struct sshkey key, const u_char sig, size_t len)
		1012	{
		1013	int r;
		1014	char *sigtype = NULL;
		1015	const char *alg = key_sign_encode(key);
		1016
		1017	if (sshkey_is_cert(key))
		1018	return 0;
		1019	if ((r = sshkey_sigtype(sig, len, &sigtype)) != 0)
		1020	return r;
		1021	if (strcmp(sigtype, alg) != 0) {
		1022	logit("warning: agent returned different signature type %s "
		1023	"(expected %s)", sigtype, alg);
		1024	}
		1025	free(sigtype);
		1026	/* Incorrect signature types aren't an error ... yet */
		1027	return 0;
		1028	}
		1029
1016	static int	1030	static int
1017	identity_sign(struct identity id, u_char sigp, size_t lenp,	1031	identity_sign(struct identity id, u_char sigp, size_t lenp,
1018	const u_char *data, size_t datalen, u_int compat)	1032	const u_char *data, size_t datalen, u_int compat)
1019	{	1033	{
1020	struct sshkey *prv;	1034	struct sshkey *prv;
1021	int ret;	1035	int r;
1022		1036
1023	/* the agent supports this key */	1037	/* the agent supports this key */
1024	if (id->key != NULL && id->agent_fd != -1)	1038	if (id->key != NULL && id->agent_fd != -1) {
1025	return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp,	1039	if ((r = ssh_agent_sign(id->agent_fd, id->key, sigp, lenp,
1026	data, datalen, key_sign_encode(id->key), compat);	1040	data, datalen, key_sign_encode(id->key), compat)) != 0 \|\|
		1041	(r = check_sigtype(id->key, sigp, lenp)) != 0)
		1042	return r;
		1043	return 0;
		1044	}
1027		1045
1028	/*	1046	/*
1029	* we have already loaded the private key or	1047	* we have already loaded the private key or
@@ -1042,10 +1060,10 @@ identity_sign(struct identity id, u_char sigp, size_t lenp,
1042	__func__, id->filename);	1060	__func__, id->filename);
1043	return SSH_ERR_KEY_NOT_FOUND;	1061	return SSH_ERR_KEY_NOT_FOUND;
1044	}	1062	}
1045	ret = sshkey_sign(prv, sigp, lenp, data, datalen,	1063	r = sshkey_sign(prv, sigp, lenp, data, datalen,
1046	key_sign_encode(prv), compat);	1064	key_sign_encode(prv), compat);
1047	sshkey_free(prv);	1065	sshkey_free(prv);
1048	return (ret);	1066	return r;
1049	}	1067	}
1050		1068
1051	static int	1069	static int
@@ -1100,17 +1118,10 @@ sign_and_send_pubkey(Authctxt authctxt, Identity id)
1100	}	1118	}
1101	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);	1119	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1102	buffer_put_cstring(&b, authctxt->server_user);	1120	buffer_put_cstring(&b, authctxt->server_user);
1103	buffer_put_cstring(&b,	1121	buffer_put_cstring(&b, authctxt->service);
1104	datafellows & SSH_BUG_PKSERVICE ?	1122	buffer_put_cstring(&b, authctxt->method->name);
1105	"ssh-userauth" :	1123	buffer_put_char(&b, have_sig);
1106	authctxt->service);	1124	buffer_put_cstring(&b, key_sign_encode(id->key));
1107	if (datafellows & SSH_BUG_PKAUTH) {
1108	buffer_put_char(&b, have_sig);
1109	} else {
1110	buffer_put_cstring(&b, authctxt->method->name);
1111	buffer_put_char(&b, have_sig);
1112	buffer_put_cstring(&b, key_sign_encode(id->key));
1113	}
1114	buffer_put_string(&b, blob, bloblen);	1125	buffer_put_string(&b, blob, bloblen);
1115		1126
1116	/*	1127	/*
@@ -1170,19 +1181,6 @@ sign_and_send_pubkey(Authctxt authctxt, Identity id)
1170	#ifdef DEBUG_PK	1181	#ifdef DEBUG_PK
1171	buffer_dump(&b);	1182	buffer_dump(&b);
1172	#endif	1183	#endif
1173	if (datafellows & SSH_BUG_PKSERVICE) {
1174	buffer_clear(&b);
1175	buffer_append(&b, session_id2, session_id2_len);
1176	skip = session_id2_len;
1177	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
1178	buffer_put_cstring(&b, authctxt->server_user);
1179	buffer_put_cstring(&b, authctxt->service);
1180	buffer_put_cstring(&b, authctxt->method->name);
1181	buffer_put_char(&b, have_sig);
1182	if (!(datafellows & SSH_BUG_PKAUTH))
1183	buffer_put_cstring(&b, key_ssh_name(id->key));
1184	buffer_put_string(&b, blob, bloblen);
1185	}
1186	free(blob);	1184	free(blob);
1187		1185
1188	/* append signature */	1186	/* append signature */
@@ -1224,8 +1222,7 @@ send_pubkey_test(Authctxt authctxt, Identity id)
1224	packet_put_cstring(authctxt->service);	1222	packet_put_cstring(authctxt->service);
1225	packet_put_cstring(authctxt->method->name);	1223	packet_put_cstring(authctxt->method->name);
1226	packet_put_char(have_sig);	1224	packet_put_char(have_sig);
1227	if (!(datafellows & SSH_BUG_PKAUTH))	1225	packet_put_cstring(key_sign_encode(id->key));
1228	packet_put_cstring(key_sign_encode(id->key));
1229	packet_put_string(blob, bloblen);	1226	packet_put_string(blob, bloblen);
1230	free(blob);	1227	free(blob);
1231	packet_send();	1228	packet_send();
@@ -1741,7 +1738,6 @@ userauth_hostbased(Authctxt *authctxt)
1741	struct ssh *ssh = active_state;	1738	struct ssh *ssh = active_state;
1742	struct sshkey *private = NULL;	1739	struct sshkey *private = NULL;
1743	struct sshbuf *b = NULL;	1740	struct sshbuf *b = NULL;
1744	const char *service;
1745	u_char sig = NULL, keyblob = NULL;	1741	u_char sig = NULL, keyblob = NULL;
1746	char fp = NULL, chost = NULL, *lname = NULL;	1742	char fp = NULL, chost = NULL, *lname = NULL;
1747	size_t siglen = 0, keylen = 0;	1743	size_t siglen = 0, keylen = 0;
@@ -1812,9 +1808,6 @@ userauth_hostbased(Authctxt *authctxt)
1812	xasprintf(&chost, "%s.", lname);	1808	xasprintf(&chost, "%s.", lname);
1813	debug2("%s: chost %s", __func__, chost);	1809	debug2("%s: chost %s", __func__, chost);
1814		1810
1815	service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
1816	authctxt->service;
1817
1818	/* construct data */	1811	/* construct data */
1819	if ((b = sshbuf_new()) == NULL) {	1812	if ((b = sshbuf_new()) == NULL) {
1820	error("%s: sshbuf_new failed", __func__);	1813	error("%s: sshbuf_new failed", __func__);
@@ -1827,7 +1820,7 @@ userauth_hostbased(Authctxt *authctxt)
1827	if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 \|\|	1820	if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 \|\|
1828	(r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 \|\|	1821	(r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 \|\|
1829	(r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 \|\|	1822	(r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 \|\|
1830	(r = sshbuf_put_cstring(b, service)) != 0 \|\|	1823	(r = sshbuf_put_cstring(b, authctxt->service)) != 0 \|\|
1831	(r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 \|\|	1824	(r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 \|\|
1832	(r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 \|\|	1825	(r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 \|\|
1833	(r = sshbuf_put_string(b, keyblob, keylen)) != 0 \|\|	1826	(r = sshbuf_put_string(b, keyblob, keylen)) != 0 \|\|