diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-07-03 11:39:54 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-07-03 23:26:36 +1000 |
commit | 4ba0d54794814ec0de1ec87987d0c3b89379b436 (patch) | |
tree | b8d904880f8927374b377b2e4d5661213c1138b6 /authfd.c | |
parent | 95344c257412b51199ead18d54eaed5bafb75617 (diff) | |
download | openssh-git-4ba0d54794814ec0de1ec87987d0c3b89379b436.tar.gz |
upstream: Improve strictness and control over RSA-SHA2 signature
In ssh, when an agent fails to return a RSA-SHA2 signature when
requested and falls back to RSA-SHA1 instead, retry the signature to
ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
matches the one in the signature itself.
In sshd, strictly enforce that the public key algorithm sent in the
SSH_MSG_USERAUTH message matches what appears in the signature.
Make the sshd_config PubkeyAcceptedKeyTypes and
HostbasedAcceptedKeyTypes options control accepted signature algorithms
(previously they selected supported key types). This allows these
options to ban RSA-SHA1 in favour of RSA-SHA2.
Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
"rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
with certificate keys.
feedback and ok markus@
OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
Diffstat (limited to 'authfd.c')
-rw-r--r-- | authfd.c | 24 |
1 files changed, 13 insertions, 11 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.109 2018/04/10 00:10:49 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.110 2018/07/03 11:39:54 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -343,8 +343,8 @@ ssh_agent_sign(int sock, const struct sshkey *key, const u_char *data, size_t datalen, const char *alg, u_int compat) { struct sshbuf *msg; - u_char *blob = NULL, type; - size_t blen = 0, len = 0; + u_char *sig = NULL, type = 0; + size_t len = 0; u_int flags = 0; int r = SSH_ERR_INTERNAL_ERROR; @@ -355,11 +355,9 @@ ssh_agent_sign(int sock, const struct sshkey *key, return SSH_ERR_INVALID_ARGUMENT; if ((msg = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) - goto out; flags |= agent_encode_alg(key, alg); if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 || - (r = sshbuf_put_string(msg, blob, blen)) != 0 || + (r = sshkey_puts(key, msg)) != 0 || (r = sshbuf_put_string(msg, data, datalen)) != 0 || (r = sshbuf_put_u32(msg, flags)) != 0) goto out; @@ -374,15 +372,19 @@ ssh_agent_sign(int sock, const struct sshkey *key, r = SSH_ERR_INVALID_FORMAT; goto out; } - if ((r = sshbuf_get_string(msg, sigp, &len)) != 0) + if ((r = sshbuf_get_string(msg, &sig, &len)) != 0) + goto out; + /* Check what we actually got back from the agent. */ + if ((r = sshkey_check_sigtype(sig, len, alg)) != 0) goto out; + /* success */ + *sigp = sig; *lenp = len; + sig = NULL; + len = 0; r = 0; out: - if (blob != NULL) { - explicit_bzero(blob, blen); - free(blob); - } + freezero(sig, len); sshbuf_free(msg); return r; } |