From 4ba0d54794814ec0de1ec87987d0c3b89379b436 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 3 Jul 2018 11:39:54 +0000 Subject: upstream: Improve strictness and control over RSA-SHA2 signature In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@ OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde --- kex.c | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) (limited to 'kex.c') diff --git a/kex.c b/kex.c index 15ea28b0..d0a5f1b6 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.136 2018/02/07 02:06:50 jsing Exp $ */ +/* $OpenBSD: kex.c,v 1.137 2018/07/03 11:39:54 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -342,6 +342,7 @@ kex_send_ext_info(struct ssh *ssh) if ((algs = sshkey_alg_list(0, 1, 1, ',')) == NULL) return SSH_ERR_ALLOC_FAIL; + /* XXX filter algs list by allowed pubkey/hostbased types */ if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || (r = sshpkt_put_u32(ssh, 1)) != 0 || (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 || @@ -378,7 +379,7 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh) { struct kex *kex = ssh->kex; u_int32_t i, ninfo; - char *name, *found; + char *name; u_char *val; size_t vlen; int r; @@ -401,16 +402,8 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh) return SSH_ERR_INVALID_FORMAT; } debug("%s: %s=<%s>", __func__, name, val); - found = match_list("rsa-sha2-256", val, NULL); - if (found) { - kex->rsa_sha2 = 256; - free(found); - } - found = match_list("rsa-sha2-512", val, NULL); - if (found) { - kex->rsa_sha2 = 512; - free(found); - } + kex->server_sig_algs = val; + val = NULL; } else debug("%s: %s (unrecognised)", __func__, name); free(name); -- cgit v1.2.1