|
 |
58886c |
diff --color -ru a/kex.c b/kex.c
|
|
|
58886c |
--- a/kex.c 2022-06-23 10:25:29.529922670 +0200
|
|
|
58886c |
+++ b/kex.c 2022-06-23 10:26:12.911762100 +0200
|
|
|
58886c |
@@ -906,6 +906,18 @@
|
|
|
58886c |
return (1);
|
|
|
58886c |
}
|
|
|
58886c |
|
|
|
58886c |
+/* returns non-zero if proposal contains any algorithm from algs */
|
|
|
58886c |
+static int
|
|
|
58886c |
+has_any_alg(const char *proposal, const char *algs)
|
|
|
58886c |
+{
|
|
|
58886c |
+ char *cp;
|
|
|
58886c |
+
|
|
|
58886c |
+ if ((cp = match_list(proposal, algs, NULL)) == NULL)
|
|
|
58886c |
+ return 0;
|
|
|
58886c |
+ free(cp);
|
|
|
58886c |
+ return 1;
|
|
|
58886c |
+}
|
|
|
58886c |
+
|
|
|
58886c |
static int
|
|
|
58886c |
kex_choose_conf(struct ssh *ssh)
|
|
|
58886c |
{
|
|
|
58886c |
@@ -941,6 +953,16 @@
|
|
|
58886c |
free(ext);
|
|
|
58886c |
}
|
|
|
58886c |
|
|
|
58886c |
+ /* Check whether client supports rsa-sha2 algorithms */
|
|
|
58886c |
+ if (kex->server && (kex->flags & KEX_INITIAL)) {
|
|
|
58886c |
+ if (has_any_alg(peer[PROPOSAL_SERVER_HOST_KEY_ALGS],
|
|
|
58886c |
+ "rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com"))
|
|
|
58886c |
+ kex->flags |= KEX_RSA_SHA2_256_SUPPORTED;
|
|
|
58886c |
+ if (has_any_alg(peer[PROPOSAL_SERVER_HOST_KEY_ALGS],
|
|
|
58886c |
+ "rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com"))
|
|
|
58886c |
+ kex->flags |= KEX_RSA_SHA2_512_SUPPORTED;
|
|
|
58886c |
+ }
|
|
|
58886c |
+
|
|
|
58886c |
/* Algorithm Negotiation */
|
|
|
58886c |
if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS],
|
|
|
58886c |
sprop[PROPOSAL_KEX_ALGS])) != 0) {
|
|
|
58886c |
diff --color -ru a/kex.h b/kex.h
|
|
|
58886c |
--- a/kex.h 2022-06-23 10:25:29.511922322 +0200
|
|
|
58886c |
+++ b/kex.h 2022-06-23 10:26:12.902761926 +0200
|
|
|
58886c |
@@ -117,6 +117,8 @@
|
|
|
58886c |
|
|
|
58886c |
#define KEX_INIT_SENT 0x0001
|
|
|
58886c |
#define KEX_INITIAL 0x0002
|
|
|
58886c |
+#define KEX_RSA_SHA2_256_SUPPORTED 0x0008 /* only set in server for now */
|
|
|
58886c |
+#define KEX_RSA_SHA2_512_SUPPORTED 0x0010 /* only set in server for now */
|
|
|
58886c |
|
|
|
58886c |
struct sshenc {
|
|
|
58886c |
char *name;
|
|
|
58886c |
diff --color -ru a/serverloop.c b/serverloop.c
|
|
|
58886c |
--- a/serverloop.c 2022-06-23 10:25:29.537922825 +0200
|
|
|
58886c |
+++ b/serverloop.c 2022-06-23 10:26:12.918762235 +0200
|
|
|
58886c |
@@ -736,16 +736,17 @@
|
|
|
58886c |
struct sshbuf *resp = NULL;
|
|
|
58886c |
struct sshbuf *sigbuf = NULL;
|
|
|
58886c |
struct sshkey *key = NULL, *key_pub = NULL, *key_prv = NULL;
|
|
|
58886c |
- int r, ndx, kexsigtype, use_kexsigtype, success = 0;
|
|
|
58886c |
+ int r, ndx, success = 0;
|
|
|
58886c |
const u_char *blob;
|
|
|
58886c |
+ const char *sigalg, *kex_rsa_sigalg = NULL;
|
|
|
58886c |
u_char *sig = 0;
|
|
|
58886c |
size_t blen, slen;
|
|
|
58886c |
|
|
|
58886c |
if ((resp = sshbuf_new()) == NULL || (sigbuf = sshbuf_new()) == NULL)
|
|
|
58886c |
fatal("%s: sshbuf_new", __func__);
|
|
|
58886c |
-
|
|
|
58886c |
- kexsigtype = sshkey_type_plain(
|
|
|
58886c |
- sshkey_type_from_name(ssh->kex->hostkey_alg));
|
|
|
58886c |
+ if (sshkey_type_plain(sshkey_type_from_name(
|
|
|
58886c |
+ ssh->kex->hostkey_alg)) == KEY_RSA)
|
|
|
58886c |
+ kex_rsa_sigalg = ssh->kex->hostkey_alg;
|
|
|
58886c |
while (ssh_packet_remaining(ssh) > 0) {
|
|
|
58886c |
sshkey_free(key);
|
|
|
58886c |
key = NULL;
|
|
|
58886c |
@@ -780,16 +781,24 @@
|
|
|
58886c |
* For RSA keys, prefer to use the signature type negotiated
|
|
|
58886c |
* during KEX to the default (SHA1).
|
|
|
58886c |
*/
|
|
|
58886c |
- use_kexsigtype = kexsigtype == KEY_RSA &&
|
|
|
58886c |
- sshkey_type_plain(key->type) == KEY_RSA;
|
|
|
58886c |
+ sigalg = NULL;
|
|
|
58886c |
+ if (sshkey_type_plain(key->type) == KEY_RSA) {
|
|
|
58886c |
+ if (kex_rsa_sigalg != NULL)
|
|
|
58886c |
+ sigalg = kex_rsa_sigalg;
|
|
|
58886c |
+ else if (ssh->kex->flags & KEX_RSA_SHA2_512_SUPPORTED)
|
|
|
58886c |
+ sigalg = "rsa-sha2-512";
|
|
|
58886c |
+ else if (ssh->kex->flags & KEX_RSA_SHA2_256_SUPPORTED)
|
|
|
58886c |
+ sigalg = "rsa-sha2-256";
|
|
|
58886c |
+ }
|
|
|
58886c |
+ debug3("%s: sign %s key (index %d) using sigalg %s", __func__,
|
|
|
58886c |
+ sshkey_type(key), ndx, sigalg == NULL ? "default" : sigalg);
|
|
|
58886c |
if ((r = sshbuf_put_cstring(sigbuf,
|
|
|
58886c |
"hostkeys-prove-00@openssh.com")) != 0 ||
|
|
|
58886c |
(r = sshbuf_put_string(sigbuf,
|
|
|
58886c |
ssh->kex->session_id, ssh->kex->session_id_len)) != 0 ||
|
|
|
58886c |
(r = sshkey_puts(key, sigbuf)) != 0 ||
|
|
|
58886c |
(r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen,
|
|
|
58886c |
- sshbuf_ptr(sigbuf), sshbuf_len(sigbuf),
|
|
|
58886c |
- use_kexsigtype ? ssh->kex->hostkey_alg : NULL)) != 0 ||
|
|
|
58886c |
+ sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), sigalg)) != 0 ||
|
|
|
58886c |
(r = sshbuf_put_string(resp, sig, slen)) != 0) {
|
|
|
58886c |
error("%s: couldn't prepare signature: %s",
|
|
|
58886c |
__func__, ssh_err(r));
|
|
|
58886c |
diff --color -ru a/sshkey.c b/sshkey.c
|
|
|
58886c |
--- a/sshkey.c 2022-06-23 10:25:29.532922728 +0200
|
|
|
58886c |
+++ b/sshkey.c 2022-06-23 10:26:12.914762158 +0200
|
|
|
58886c |
@@ -82,7 +82,6 @@
|
|
|
58886c |
struct sshbuf *buf, enum sshkey_serialize_rep);
|
|
|
58886c |
static int sshkey_from_blob_internal(struct sshbuf *buf,
|
|
|
58886c |
struct sshkey **keyp, int allow_cert);
|
|
|
58886c |
-static int get_sigtype(const u_char *sig, size_t siglen, char **sigtypep);
|
|
|
58886c |
|
|
|
58886c |
/* Supported key types */
|
|
|
58886c |
struct keytype {
|
|
|
58886c |
@@ -2092,7 +2091,8 @@
|
|
|
58886c |
if ((ret = sshkey_verify(key->cert->signature_key, sig, slen,
|
|
|
58886c |
sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0)
|
|
|
58886c |
goto out;
|
|
|
58886c |
- if ((ret = get_sigtype(sig, slen, &key->cert->signature_type)) != 0)
|
|
|
58886c |
+ if ((ret = sshkey_get_sigtype(sig, slen,
|
|
|
58886c |
+ &key->cert->signature_type)) != 0)
|
|
|
58886c |
goto out;
|
|
|
58886c |
|
|
|
58886c |
/* Success */
|
|
|
58886c |
@@ -2394,8 +2394,8 @@
|
|
|
58886c |
return r;
|
|
|
58886c |
}
|
|
|
58886c |
|
|
|
58886c |
-static int
|
|
|
58886c |
-get_sigtype(const u_char *sig, size_t siglen, char **sigtypep)
|
|
|
58886c |
+int
|
|
|
58886c |
+sshkey_get_sigtype(const u_char *sig, size_t siglen, char **sigtypep)
|
|
|
58886c |
{
|
|
|
58886c |
int r;
|
|
|
58886c |
struct sshbuf *b = NULL;
|
|
|
58886c |
@@ -2477,7 +2477,7 @@
|
|
|
58886c |
return 0;
|
|
|
58886c |
if ((expected_alg = sshkey_sigalg_by_name(requested_alg)) == NULL)
|
|
|
58886c |
return SSH_ERR_INVALID_ARGUMENT;
|
|
|
58886c |
- if ((r = get_sigtype(sig, siglen, &sigtype)) != 0)
|
|
|
58886c |
+ if ((r = sshkey_get_sigtype(sig, siglen, &sigtype)) != 0)
|
|
|
58886c |
return r;
|
|
|
58886c |
r = strcmp(expected_alg, sigtype) == 0;
|
|
|
58886c |
free(sigtype);
|
|
|
58886c |
@@ -2739,7 +2739,7 @@
|
|
|
58886c |
sshbuf_len(cert), alg, 0, signer_ctx)) != 0)
|
|
|
58886c |
goto out;
|
|
|
58886c |
/* Check and update signature_type against what was actually used */
|
|
|
58886c |
- if ((ret = get_sigtype(sig_blob, sig_len, &sigtype)) != 0)
|
|
|
58886c |
+ if ((ret = sshkey_get_sigtype(sig_blob, sig_len, &sigtype)) != 0)
|
|
|
58886c |
goto out;
|
|
|
58886c |
if (alg != NULL && strcmp(alg, sigtype) != 0) {
|
|
|
58886c |
ret = SSH_ERR_SIGN_ALG_UNSUPPORTED;
|
|
|
58886c |
diff --color -ru a/sshkey.h b/sshkey.h
|
|
|
58886c |
--- a/sshkey.h 2022-06-23 10:25:29.521922515 +0200
|
|
|
58886c |
+++ b/sshkey.h 2022-06-23 10:26:12.907762022 +0200
|
|
|
58886c |
@@ -211,6 +211,7 @@
|
|
|
58886c |
const u_char *, size_t, const char *, u_int);
|
|
|
58886c |
int sshkey_check_sigtype(const u_char *, size_t, const char *);
|
|
|
58886c |
const char *sshkey_sigalg_by_name(const char *);
|
|
|
58886c |
+int sshkey_get_sigtype(const u_char *, size_t, char **);
|
|
|
58886c |
|
|
|
58886c |
/* for debug */
|
|
|
58886c |
void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *);
|