Bugzilla – Attachment 3561 Details for
Bug 3375
SHA1 is used as a proof of possession for the RSA key
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
tweaked diff
bz3375.diff (text/plain), 3.80 KB, created by
Damien Miller
on 2022-01-05 18:41:17 AEDT
(
hide
)
Description:
tweaked diff
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2022-01-05 18:41:17 AEDT
Size:
3.80 KB
patch
obsolete
>commit 64db16b9c5e2618df9cafa44531771a9635627d0 >Author: Damien Miller <djm@mindrot.org> >Date: Wed Jan 5 18:24:11 2022 +1100 > > prefer rsa-sha2 for hostkey proofs > >diff --git a/kex.c b/kex.c >index d3fe4ad..592c9af 100644 >--- a/kex.c >+++ b/kex.c >@@ -883,6 +883,18 @@ proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX]) > return (1); > } > >+/* returns non-zero if proposal contains any algorithm from algs */ >+static int >+has_any_alg(const char *proposal, const char *algs) >+{ >+ char *cp; >+ >+ if ((cp = match_list(proposal, algs, NULL)) == NULL) >+ return 0; >+ free(cp); >+ return 1; >+} >+ > static int > kex_choose_conf(struct ssh *ssh) > { >@@ -918,6 +930,16 @@ kex_choose_conf(struct ssh *ssh) > free(ext); > } > >+ /* Check whether client supports rsa-sha2 algorithms */ >+ if (kex->server && (kex->flags & KEX_INITIAL)) { >+ if (has_any_alg(peer[PROPOSAL_SERVER_HOST_KEY_ALGS], >+ "rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com")) >+ kex->flags |= KEX_RSA_SHA2_256_SUPPORTED; >+ if (has_any_alg(peer[PROPOSAL_SERVER_HOST_KEY_ALGS], >+ "rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com")) >+ kex->flags |= KEX_RSA_SHA2_512_SUPPORTED; >+ } >+ > /* Algorithm Negotiation */ > if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], > sprop[PROPOSAL_KEX_ALGS])) != 0) { >diff --git a/kex.h b/kex.h >index 638b02f..f1f583b 100644 >--- a/kex.h >+++ b/kex.h >@@ -102,6 +102,8 @@ enum kex_exchange { > #define KEX_INIT_SENT 0x0001 > #define KEX_INITIAL 0x0002 > #define KEX_HAS_PUBKEY_HOSTBOUND 0x0004 >+#define KEX_RSA_SHA2_256_SUPPORTED 0x0008 /* only set in server for now */ >+#define KEX_RSA_SHA2_512_SUPPORTED 0x0010 /* only set in server for now */ > > struct sshenc { > char *name; >diff --git a/serverloop.c b/serverloop.c >index ab2af54..fdf5e59 100644 >--- a/serverloop.c >+++ b/serverloop.c >@@ -674,16 +674,17 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp) > struct sshbuf *resp = NULL; > struct sshbuf *sigbuf = NULL; > struct sshkey *key = NULL, *key_pub = NULL, *key_prv = NULL; >- int r, ndx, kexsigtype, use_kexsigtype, success = 0; >+ int r, ndx, success = 0; > const u_char *blob; >+ const char *sigalg, *kex_rsa_sigalg = NULL; > u_char *sig = 0; > size_t blen, slen; > > if ((resp = sshbuf_new()) == NULL || (sigbuf = sshbuf_new()) == NULL) > fatal_f("sshbuf_new"); >- >- kexsigtype = sshkey_type_plain( >- sshkey_type_from_name(ssh->kex->hostkey_alg)); >+ if (sshkey_type_plain(sshkey_type_from_name( >+ ssh->kex->hostkey_alg)) == KEY_RSA) >+ kex_rsa_sigalg = ssh->kex->hostkey_alg; > while (ssh_packet_remaining(ssh) > 0) { > sshkey_free(key); > key = NULL; >@@ -716,16 +717,24 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp) > * For RSA keys, prefer to use the signature type negotiated > * during KEX to the default (SHA1). > */ >- use_kexsigtype = kexsigtype == KEY_RSA && >- sshkey_type_plain(key->type) == KEY_RSA; >+ sigalg = NULL; >+ if (sshkey_type_plain(key->type) == KEY_RSA) { >+ if (kex_rsa_sigalg != NULL) >+ sigalg = kex_rsa_sigalg; >+ else if (ssh->kex->flags & KEX_RSA_SHA2_512_SUPPORTED) >+ sigalg = "rsa-sha2-512"; >+ else if (ssh->kex->flags & KEX_RSA_SHA2_256_SUPPORTED) >+ sigalg = "rsa-sha2-256"; >+ } >+ debug3_f("sign %s key (index %d) using sigalg %s", >+ sshkey_type(key), ndx, sigalg == NULL ? "default" : sigalg); > if ((r = sshbuf_put_cstring(sigbuf, > "hostkeys-prove-00@openssh.com")) != 0 || > (r = sshbuf_put_stringb(sigbuf, > ssh->kex->session_id)) != 0 || > (r = sshkey_puts(key, sigbuf)) != 0 || > (r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen, >- sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), >- use_kexsigtype ? ssh->kex->hostkey_alg : NULL)) != 0 || >+ sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), sigalg)) != 0 || > (r = sshbuf_put_string(resp, sig, slen)) != 0) { > error_fr(r, "assemble signature"); > goto out;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3561">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3375
:
3559
| 3561 |
3562