tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-09-25 19:08:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

upstream commit

Browse Source 
unbreak hostkey rotation; attempting to sign with a
desired signature algorithm of kex->hostkey_alg is incorrect when the key
type isn't capable of making those signatures. ok markus@

OpenBSD-Commit-ID: 35ae46864e1f5859831ec0d115ee5ea50953a906
This commit is contained in:
djm@openbsd.org 2017-12-18 23:16:23 +00:00 committed by Damien Miller
parent 966ef47833
commit 7860731ef1
2 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
clientloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.c,v 1.308 2017/12/18 02:25:15 djm Exp $ */ /* $OpenBSD: clientloop.c,v 1.309 2017/12/18 23:16:23 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1893,7 +1893,7 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type,
struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx; struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx;
size_t i, ndone; size_t i, ndone;
struct sshbuf *signdata; struct sshbuf *signdata;
int r; int r, kexsigtype, use_kexsigtype;
const u_char *sig; const u_char *sig;
size_t siglen; size_t siglen;
@ -1905,6 +1905,9 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type,
hostkeys_update_ctx_free(ctx); hostkeys_update_ctx_free(ctx);
return; return;
} }
kexsigtype = sshkey_type_plain(
sshkey_type_from_name(ssh->kex->hostkey_alg));
if ((signdata = sshbuf_new()) == NULL) if ((signdata = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__); fatal("%s: sshbuf_new failed", __func__);
/* Don't want to accidentally accept an unbound signature */ /* Don't want to accidentally accept an unbound signature */
@ -1933,9 +1936,15 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type,
__func__, ssh_err(r)); __func__, ssh_err(r));
goto out; goto out;
} }
/*
* For RSA keys, prefer to use the signature type negotiated
* during KEX to the default (SHA1).
*/
use_kexsigtype = kexsigtype == KEY_RSA &&
sshkey_type_plain(ctx->keys[i]->type) == KEY_RSA;
if ((r = sshkey_verify(ctx->keys[i], sig, siglen, if ((r = sshkey_verify(ctx->keys[i], sig, siglen,
sshbuf_ptr(signdata), sshbuf_len(signdata), sshbuf_ptr(signdata), sshbuf_len(signdata),
ssh->kex->hostkey_alg, 0)) != 0) { use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0)) != 0) {
error("%s: server gave bad signature for %s key %zu", error("%s: server gave bad signature for %s key %zu",
__func__, sshkey_type(ctx->keys[i]), i); __func__, sshkey_type(ctx->keys[i]), i);
goto out; goto out;

14
serverloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: serverloop.c,v 1.201 2017/12/18 02:25:15 djm Exp $ */ /* $OpenBSD: serverloop.c,v 1.202 2017/12/18 23:16:24 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -671,7 +671,7 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
struct sshbuf *resp = NULL; struct sshbuf *resp = NULL;
struct sshbuf *sigbuf = NULL; struct sshbuf *sigbuf = NULL;
struct sshkey *key = NULL, *key_pub = NULL, *key_prv = NULL; struct sshkey *key = NULL, *key_pub = NULL, *key_prv = NULL;
int r, ndx, success = 0; int r, ndx, kexsigtype, use_kexsigtype, success = 0;
const u_char *blob; const u_char *blob;
u_char *sig = 0; u_char *sig = 0;
size_t blen, slen; size_t blen, slen;
@ -679,6 +679,8 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
if ((resp = sshbuf_new()) == NULL || (sigbuf = sshbuf_new()) == NULL) if ((resp = sshbuf_new()) == NULL || (sigbuf = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new", __func__); fatal("%s: sshbuf_new", __func__);
kexsigtype = sshkey_type_plain(
sshkey_type_from_name(ssh->kex->hostkey_alg));
while (ssh_packet_remaining(ssh) > 0) { while (ssh_packet_remaining(ssh) > 0) {
sshkey_free(key); sshkey_free(key);
key = NULL; key = NULL;
@ -709,6 +711,12 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
sshbuf_reset(sigbuf); sshbuf_reset(sigbuf);
free(sig); free(sig);
sig = NULL; sig = NULL;
/*
* For RSA keys, prefer to use the signature type negotiated
* during KEX to the default (SHA1).
*/
use_kexsigtype = kexsigtype == KEY_RSA &&
sshkey_type_plain(key->type) == KEY_RSA;
if ((r = sshbuf_put_cstring(sigbuf, if ((r = sshbuf_put_cstring(sigbuf,
"hostkeys-prove-00@openssh.com")) != 0 || "hostkeys-prove-00@openssh.com")) != 0 ||
(r = sshbuf_put_string(sigbuf, (r = sshbuf_put_string(sigbuf,
@ -716,7 +724,7 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
(r = sshkey_puts(key, sigbuf)) != 0 || (r = sshkey_puts(key, sigbuf)) != 0 ||
(r = ssh->kex->sign(key_prv, key_pub, &sig, &slen, (r = ssh->kex->sign(key_prv, key_pub, &sig, &slen,
sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), sshbuf_ptr(sigbuf), sshbuf_len(sigbuf),
ssh->kex->hostkey_alg, 0)) != 0 || use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0)) != 0 ||
(r = sshbuf_put_string(resp, sig, slen)) != 0) { (r = sshbuf_put_string(resp, sig, slen)) != 0) {
error("%s: couldn't prepare signature: %s", error("%s: couldn't prepare signature: %s",
__func__, ssh_err(r)); __func__, ssh_err(r));