[Bug 2799] RSA Signatures using SHA2 provided by different ssh-agent are not properly verified

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Jul 4 23:57:28 AEST 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2799

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #11 from Damien Miller <djm at mindrot.org> ---
This was fixed by the following commits and will be in OpenSSH 7.8:

commit 314908f451e6b2d4ccf6212ad246fa4619c721d3
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Jul 4 13:51:45 2018 +0000

    upstream: deal with API rename: match_filter_list() =>

    match_filter_blacklist()

    OpenBSD-Regress-ID: 2da342be913efeb51806351af906fab01ba4367f

commit 89f54cdf6b9cf1cf5528fd33897f1443913ddfb4
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Jul 4 13:51:12 2018 +0000

    upstream: exercise new expansion behaviour of

    PubkeyAcceptedKeyTypes and, by proxy, test kex_assemble_names()

    ok markus@

    OpenBSD-Regress-ID: 292978902e14d5729aa87e492dd166c842f72736

commit 312d2f2861a2598ed08587cb6c45c0e98a85408f
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Jul 4 13:49:31 2018 +0000

    upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA

    signature work - returns ability to add/remove/specify algorithms
by
    wildcard.

    Algorithm lists are now fully expanded when the server/client
configs
    are finalised, so errors are reported early and the config dumps
    (e.g. "ssh -G ...") now list the actual algorithms selected.

    Clarify that, while wildcards are accepted in algorithm lists, they
    aren't full pattern-lists that support negation.

    (lots of) feedback, ok markus@

    OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207

commit 303af5803bd74bf05d375c04e1a83b40c30b2be5
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Jul 3 11:43:49 2018 +0000

    upstream: some magic for RSA-SHA2 checks

    OpenBSD-Regress-ID: e5a9b11368ff6d86e7b25ad10ebe43359b471cd4

commit 7d68e262944c1fff1574600fe0e5e92ec8b398f5
Author: Damien Miller <djm at mindrot.org>
Date:   Tue Jul 3 23:27:11 2018 +1000

    depend

commit b4d4eda633af433d20232cbf7e855ceac8b83fe5
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Jul 3 13:20:25 2018 +0000

    upstream: some finesse to fix RSA-SHA2 certificate authentication

    for certs hosted in ssh-agent

    OpenBSD-Commit-ID: e5fd5edd726137dda2d020e1cdebc464110a010f

commit d78b75df4a57e0f92295f24298e5f2930e71c172
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Jul 3 13:07:58 2018 +0000

    upstream: check correct variable; unbreak agent keys

    OpenBSD-Commit-ID: c36981fdf1f3ce04966d3310826a3e1e6233d93e

commit 2f30300c5e15929d0e34013f38d73e857f445e12
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Jul 3 11:42:12 2018 +0000

    upstream: crank version number to 7.8; needed for new compat flag

    for prior version; part of RSA-SHA2 strictification, ok markus@

    OpenBSD-Commit-ID: 84a11fc0efd2674c050712336b5093f5d408e32b

commit 4ba0d54794814ec0de1ec87987d0c3b89379b436
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Jul 3 11:39:54 2018 +0000

    upstream: Improve strictness and control over RSA-SHA2 signature

    In ssh, when an agent fails to return a RSA-SHA2 signature when
    requested and falls back to RSA-SHA1 instead, retry the signature
to
    ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
    matches the one in the signature itself.

    In sshd, strictly enforce that the public key algorithm sent in the
    SSH_MSG_USERAUTH message matches what appears in the signature.

    Make the sshd_config PubkeyAcceptedKeyTypes and
    HostbasedAcceptedKeyTypes options control accepted signature
algorithms
    (previously they selected supported key types). This allows these
    options to ban RSA-SHA1 in favour of RSA-SHA2.

    Add new signature algorithms "rsa-sha2-256-cert-v01 at openssh.com"
and
    "rsa-sha2-512-cert-v01 at openssh.com" to force use of RSA-SHA2
signatures
    with certificate keys.

    feedback and ok markus@

    OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list