Bugzilla – Attachment 2183 Details for
Bug 2040
Downgrade attack vulnerability when checking SSHFP records
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Fix downgrade attack vulnerability in handling SSHFP records
0001-Fix-downgrade-attack-vulnerability-in-handling-SSHFP.patch (text/plain), 3.06 KB, created by
Ondrej Caletka
on 2012-08-31 19:24:47 AEST
(
hide
)
Description:
Fix downgrade attack vulnerability in handling SSHFP records
Filename:
MIME Type:
Creator:
Ondrej Caletka
Created:
2012-08-31 19:24:47 AEST
Size:
3.06 KB
patch
obsolete
>From c08a5900d5720fe7ad4df0a18f0c0cc653b71e5c Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Ond=C5=99ej=20Caletka?= <ondrej@caletka.cz> >Date: Fri, 31 Aug 2012 09:11:23 +0200 >Subject: [PATCH 1/3] Fix downgrade attack vulnerability in handling SSHFP > >RFC 6594, section 4.1.: > SSHFP-aware Secure Shell implementations SHOULD support the SHA-256 > fingerprints for verification of the public key. Secure Shell > implementations that support SHA-256 fingerprints MUST prefer a SHA- > 256 fingerprint over SHA-1 if both are available for a server. If > the SHA-256 fingerprint is tested and does not match the SSH public > key received from the SSH server, then the key MUST be rejected > rather than testing the alternative SHA-1 fingerprint. >--- > dns.c | 31 +++++++++++++++++++++++++------ > 1 files changed, 25 insertions(+), 6 deletions(-) > >diff --git a/dns.c b/dns.c >index 9e3084b..760a29c 100644 >--- a/dns.c >+++ b/dns.c >@@ -208,6 +208,11 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, > u_char *dnskey_digest; > u_int dnskey_digest_len; > >+ u_int found_cnt[256]; >+ u_int match_cnt[256]; >+ memset(&found_cnt, 0, sizeof(found_cnt)); >+ memset(&match_cnt, 0, sizeof(match_cnt)); >+ > *flags = 0; > > debug3("verify_host_key_dns"); >@@ -259,6 +264,8 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, > continue; > } > >+ found_cnt[dnskey_digest_type]++; >+ > if (hostkey_digest_type != dnskey_digest_type) { > hostkey_digest_type = dnskey_digest_type; > xfree(hostkey_digest); >@@ -279,7 +286,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, > if (hostkey_digest_len == dnskey_digest_len && > timingsafe_bcmp(hostkey_digest, dnskey_digest, > hostkey_digest_len) == 0) >- *flags |= DNS_VERIFY_MATCH; >+ match_cnt[dnskey_digest_type]++; > } > xfree(dnskey_digest); > } >@@ -287,12 +294,24 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, > xfree(hostkey_digest); /* from key_fingerprint_raw() */ > freerrset(fingerprints); > >- if (*flags & DNS_VERIFY_FOUND) >- if (*flags & DNS_VERIFY_MATCH) >- debug("matching host key fingerprint found in DNS"); >+ if (*flags & DNS_VERIFY_FOUND) { >+ debug("found %d SHA1 fingerprints and %d SHA256 fingerprints", >+ found_cnt[SSHFP_HASH_SHA1], found_cnt[SSHFP_HASH_SHA256]); >+ debug("matched %d SHA1 fingerprints and %d SHA256 fingerprints", >+ match_cnt[SSHFP_HASH_SHA1], match_cnt[SSHFP_HASH_SHA256]); >+ if (found_cnt[SSHFP_HASH_SHA256] > 0) >+ if (match_cnt[SSHFP_HASH_SHA256] > 0) { >+ debug("matching SHA256 host key fingerprint found in DNS"); >+ *flags |= DNS_VERIFY_MATCH; >+ } else >+ debug("no matching SHA256 host key fingerprint found in DNS"); > else >- debug("mismatching host key fingerprint found in DNS"); >- else >+ if (match_cnt[SSHFP_HASH_SHA1] > 0 && hostkey_algorithm < SSHFP_KEY_ECDSA ) { >+ debug("matching SHA1 host key fingerprint found in DNS"); >+ *flags |= DNS_VERIFY_MATCH; >+ } else >+ debug("no matching SHA1 host key fingerprint found in DNS"); >+ } else > debug("no host key fingerprint found in DNS"); > > return 0; >-- >1.7.8.6 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2183">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2040
:
2183
|
2184
|
2188
|
2211
|
2402
|
2403