ssh: use RSA/SHA-256 instead of RSA/SHA-1 as the public key algorithm
openssh now disables RSA/SHA-1 by default, so using RSA/SHA-1 will eventually cause us problems: https://undeadly.org/cgi?action=article;sid=20210830113413 in addition, github will disable RSA/SHA-1 for recently added RSA keys: https://github.blog/2021-09-01-improving-git-protocol-security-github/ this patch modifies ssh.c to use RSA/SHA-256 (aka rsa-sha2-256) instead of RSA/SHA-1 (aka ssh-rsa) as the public key algorithm. NOTE: public rsa keys and thumbprints are ***NOT AFFECTED*** by this patch. while we're here, remove the workaround for github.com. it seems that github has fixed their implementation, and does not look into macalgs when we're using an aead cipher. ---
This commit is contained in:
parent
19a548fd49
commit
1a444750d6
|
@ -398,14 +398,16 @@ ssh2rsapub(uchar *data, int len)
|
||||||
return pub;
|
return pub;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static char rsasha256[] = "rsa-sha2-256";
|
||||||
|
|
||||||
int
|
int
|
||||||
rsasig2ssh(RSApub *pub, mpint *S, uchar *data, int len)
|
rsasig2ssh(RSApub *pub, mpint *S, uchar *data, int len)
|
||||||
{
|
{
|
||||||
int l = (mpsignif(pub->n)+7)/8;
|
int l = (mpsignif(pub->n)+7)/8;
|
||||||
if(4+7+4+l > len)
|
if(4+12+4+l > len)
|
||||||
return -1;
|
return -1;
|
||||||
mptober(S, data+4+7+4, l);
|
mptober(S, data+4+12+4, l);
|
||||||
return pack(data, len, "ss", sshrsa, sizeof(sshrsa)-1, data+4+7+4, l);
|
return pack(data, len, "ss", rsasha256, sizeof(rsasha256)-1, data+4+12+4, l);
|
||||||
}
|
}
|
||||||
|
|
||||||
mpint*
|
mpint*
|
||||||
|
@ -417,7 +419,7 @@ ssh2rsasig(uchar *data, int len)
|
||||||
|
|
||||||
m = mpnew(0);
|
m = mpnew(0);
|
||||||
if(unpack(data, len, "sm", &s, &n, m) < 0
|
if(unpack(data, len, "sm", &s, &n, m) < 0
|
||||||
|| n != sizeof(sshrsa)-1 || memcmp(s, sshrsa, n) != 0){
|
|| n != sizeof(rsasha256)-1 || memcmp(s, rsasha256, n) != 0){
|
||||||
mpfree(m);
|
mpfree(m);
|
||||||
return nil;
|
return nil;
|
||||||
}
|
}
|
||||||
|
@ -427,10 +429,10 @@ ssh2rsasig(uchar *data, int len)
|
||||||
mpint*
|
mpint*
|
||||||
pkcs1digest(uchar *data, int len, RSApub *pub)
|
pkcs1digest(uchar *data, int len, RSApub *pub)
|
||||||
{
|
{
|
||||||
uchar digest[SHA1dlen], buf[256];
|
uchar digest[SHA2_256dlen], buf[256];
|
||||||
|
|
||||||
sha1(data, len, digest, nil);
|
sha2_256(data, len, digest, nil);
|
||||||
return pkcs1padbuf(buf, asn1encodedigest(sha1, digest, buf, sizeof(buf)), pub->n, 1);
|
return pkcs1padbuf(buf, asn1encodedigest(sha2_256, digest, buf, sizeof(buf)), pub->n, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
|
@ -489,7 +491,7 @@ kex(int gotkexinit)
|
||||||
static char kexalgs[] = "curve25519-sha256,curve25519-sha256@libssh.org";
|
static char kexalgs[] = "curve25519-sha256,curve25519-sha256@libssh.org";
|
||||||
static char cipheralgs[] = "chacha20-poly1305@openssh.com";
|
static char cipheralgs[] = "chacha20-poly1305@openssh.com";
|
||||||
static char zipalgs[] = "none";
|
static char zipalgs[] = "none";
|
||||||
static char macalgs[] = "hmac-sha1"; /* work around for github.com */
|
static char macalgs[] = "";
|
||||||
static char langs[] = "";
|
static char langs[] = "";
|
||||||
|
|
||||||
uchar cookie[16], x[32], yc[32], z[32], k[32+1], h[SHA2_256dlen], *ys, *ks, *sig;
|
uchar cookie[16], x[32], yc[32], z[32], k[32+1], h[SHA2_256dlen], *ys, *ks, *sig;
|
||||||
|
@ -506,7 +508,7 @@ kex(int gotkexinit)
|
||||||
sendpkt("b[ssssssssssbu", MSG_KEXINIT,
|
sendpkt("b[ssssssssssbu", MSG_KEXINIT,
|
||||||
cookie, sizeof(cookie),
|
cookie, sizeof(cookie),
|
||||||
kexalgs, sizeof(kexalgs)-1,
|
kexalgs, sizeof(kexalgs)-1,
|
||||||
sshrsa, sizeof(sshrsa)-1,
|
rsasha256, sizeof(rsasha256)-1,
|
||||||
cipheralgs, sizeof(cipheralgs)-1,
|
cipheralgs, sizeof(cipheralgs)-1,
|
||||||
cipheralgs, sizeof(cipheralgs)-1,
|
cipheralgs, sizeof(cipheralgs)-1,
|
||||||
macalgs, sizeof(macalgs)-1,
|
macalgs, sizeof(macalgs)-1,
|
||||||
|
@ -744,7 +746,7 @@ pubkeyauth(void)
|
||||||
service, strlen(service),
|
service, strlen(service),
|
||||||
authmeth, sizeof(authmeth)-1,
|
authmeth, sizeof(authmeth)-1,
|
||||||
0,
|
0,
|
||||||
sshrsa, sizeof(sshrsa)-1,
|
rsasha256, sizeof(rsasha256)-1,
|
||||||
pk, npk);
|
pk, npk);
|
||||||
Next1: switch(recvpkt()){
|
Next1: switch(recvpkt()){
|
||||||
default:
|
default:
|
||||||
|
@ -767,7 +769,7 @@ Next1: switch(recvpkt()){
|
||||||
service, strlen(service),
|
service, strlen(service),
|
||||||
authmeth, sizeof(authmeth)-1,
|
authmeth, sizeof(authmeth)-1,
|
||||||
1,
|
1,
|
||||||
sshrsa, sizeof(sshrsa)-1,
|
rsasha256, sizeof(rsasha256)-1,
|
||||||
pk, npk);
|
pk, npk);
|
||||||
S = pkcs1digest(send.b, n, pub);
|
S = pkcs1digest(send.b, n, pub);
|
||||||
n = snprint((char*)send.b, sizeof(send.b), "%B", S);
|
n = snprint((char*)send.b, sizeof(send.b), "%B", S);
|
||||||
|
@ -788,7 +790,7 @@ Next1: switch(recvpkt()){
|
||||||
service, strlen(service),
|
service, strlen(service),
|
||||||
authmeth, sizeof(authmeth)-1,
|
authmeth, sizeof(authmeth)-1,
|
||||||
1,
|
1,
|
||||||
sshrsa, sizeof(sshrsa)-1,
|
rsasha256, sizeof(rsasha256)-1,
|
||||||
pk, npk,
|
pk, npk,
|
||||||
sig, nsig);
|
sig, nsig);
|
||||||
Next2: switch(recvpkt()){
|
Next2: switch(recvpkt()){
|
||||||
|
|
Loading…
Reference in a new issue