Attachment 3559 Details for Bug 3375 – Here is the proposed solution

[patch] Here is the proposed solution

3375.diff (text/plain), 3.47 KB, created by Dmitry Belyavskiy on 2021-12-21 22:17:48 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Dmitry Belyavskiy

Created: 2021-12-21 22:17:48 AEDT

Size: 3.47 KB

patch

obsolete

>diff --git a/kex.c b/kex.c
>index 29733cc0..e7d718e2 100644
>--- a/kex.c
>+++ b/kex.c
>@@ -935,6 +935,35 @@ kex_choose_conf(struct ssh *ssh)
> 		free(ext);
> 	}
> 
>+	/* Check whether client supports rsa-sha2 algorithms */
>+	if (kex->server && (kex->flags & KEX_INITIAL)) {
>+		char *ext;
>+
>+		ext = match_list("rsa-sha2-256", peer[PROPOSAL_SERVER_HOST_KEY_ALGS], NULL);
>+		if (ext) {
>+			kex->flags |= KEX_RSA_SHA2_256_SUPPORTED;
>+			free(ext);
>+		}
>+
>+		ext = match_list("rsa-sha2-512", peer[PROPOSAL_SERVER_HOST_KEY_ALGS], NULL);
>+		if (ext) {
>+			kex->flags |= KEX_RSA_SHA2_512_SUPPORTED;
>+			free(ext);
>+		}
>+
>+		ext = match_list("rsa-sha2-256-cert-v01@openssh.com", peer[PROPOSAL_SERVER_HOST_KEY_ALGS], NULL);
>+		if (ext) {
>+			kex->flags |= KEX_RSA_SHA2_256_SUPPORTED;
>+			free(ext);
>+		}
>+
>+		ext = match_list("rsa-sha2-512-cert-v01@openssh.com", peer[PROPOSAL_SERVER_HOST_KEY_ALGS], NULL);
>+		if (ext) {
>+			kex->flags |= KEX_RSA_SHA2_512_SUPPORTED;
>+			free(ext);
>+		}
>+	}
>+
> 	/* Algorithm Negotiation */
> 	if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS],
> 	    sprop[PROPOSAL_KEX_ALGS])) != 0) {
>diff --git a/kex.h b/kex.h
>index f644e599..d4b7a367 100644
>--- a/kex.h
>+++ b/kex.h
>@@ -109,6 +109,8 @@ enum kex_exchange {
> #define KEX_INIT_SENT			0x0001
> #define KEX_INITIAL			0x0002
> #define KEX_HAS_PUBKEY_HOSTBOUND	0x0004
>+#define KEX_RSA_SHA2_256_SUPPORTED 	0x0008
>+#define KEX_RSA_SHA2_512_SUPPORTED 	0x0010
> 
> struct sshenc {
> 	char	*name;
>diff --git a/serverloop.c b/serverloop.c
>index e8cfb920..358c6842 100644
>--- a/serverloop.c
>+++ b/serverloop.c
>@@ -684,7 +684,7 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
> 	struct sshbuf *resp = NULL;
> 	struct sshbuf *sigbuf = NULL;
> 	struct sshkey *key = NULL, *key_pub = NULL, *key_prv = NULL;
>-	int r, ndx, kexsigtype, use_kexsigtype, success = 0;
>+	int r, ndx, success = 0;
> 	const u_char *blob;
> 	u_char *sig = 0;
> 	size_t blen, slen;
>@@ -692,9 +692,11 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
> 	if ((resp = sshbuf_new()) == NULL || (sigbuf = sshbuf_new()) == NULL)
> 		fatal_f("sshbuf_new");
> 
>-	kexsigtype = sshkey_type_plain(
>-	    sshkey_type_from_name(ssh->kex->hostkey_alg));
> 	while (ssh_packet_remaining(ssh) > 0) {
>+		const char *pkexstr = NULL;
>+		const char *rsa_sha2_256 = "rsa-sha2-256";
>+		const char *rsa_sha2_512 = "rsa-sha2-512";
>+
> 		sshkey_free(key);
> 		key = NULL;
> 		if ((r = sshpkt_get_string_direct(ssh, &blob, &blen)) != 0 ||
>@@ -726,8 +728,13 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
> 		 * For RSA keys, prefer to use the signature type negotiated
> 		 * during KEX to the default (SHA1).
> 		 */
>-		use_kexsigtype = kexsigtype == KEY_RSA &&
>-		    sshkey_type_plain(key->type) == KEY_RSA;
>+		if (sshkey_type_plain(key->type) == KEY_RSA) {
>+		    if (ssh->kex->flags & KEX_RSA_SHA2_512_SUPPORTED)
>+			pkexstr = rsa_sha2_512;
>+		    else if (ssh->kex->flags & KEX_RSA_SHA2_256_SUPPORTED)
>+			pkexstr = rsa_sha2_256;
>+		}
>+
> 		if ((r = sshbuf_put_cstring(sigbuf,
> 		    "hostkeys-prove-00@openssh.com")) != 0 ||
> 		    (r = sshbuf_put_stringb(sigbuf,
>@@ -735,7 +742,7 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
> 		    (r = sshkey_puts(key, sigbuf)) != 0 ||
> 		    (r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen,
> 		    sshbuf_ptr(sigbuf), sshbuf_len(sigbuf),
>-		    use_kexsigtype ? ssh->kex->hostkey_alg : NULL)) != 0 ||
>+		    pkexstr)) != 0 ||
> 		    (r = sshbuf_put_string(resp, sig, slen)) != 0) {
> 			error_fr(r, "assemble signature");
> 			goto out;

Actions: View | Diff

Attachments on bug 3375: 3559 | 3561 | 3562