nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-01 03:22:48 -05:00
Code Issues Projects Releases Wiki Activity

Permit configuring RSA signature types in certificates.

Browse Source 
As distinct from the type of signature generated by the SSH server
itself from the host key, this lets you exclude (and by default does
exclude) the old "ssh-rsa" SHA-1 signature type from the signature of
the CA on the certificate.
This commit is contained in:
Simon Tatham
2022-05-02 10:18:16 +01:00
parent e34e0220ab
commit dc7ba12253
12 changed files with 215 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
crypto/openssh-certs.c
View File

@ -209,7 +209,7 @@ static key_components *opensshcert_components(ssh_key *key);
static ssh_key *opensshcert_base_key(ssh_key *key);
static bool opensshcert_check_cert(
ssh_key *key, bool host, ptrlen principal, uint64_t time,
BinarySink *error);
const ca_options *opts, BinarySink *error);
static int opensshcert_pubkey_bits(const ssh_keyalg *self, ptrlen blob);
static unsigned opensshcert_supported_flags(const ssh_keyalg *self);
static const char *opensshcert_alternate_ssh_id(const ssh_keyalg *self,
@ -716,7 +716,7 @@ static char *opensshcert_invalid(ssh_key *key, unsigned flags)
static bool opensshcert_check_cert(
ssh_key *key, bool host, ptrlen principal, uint64_t time,
BinarySink *error)
const ca_options *opts, BinarySink *error)
{
opensshcert_key *ck = container_of(key, opensshcert_key, sshk);
bool result = false;
@ -725,9 +725,6 @@ static bool opensshcert_check_cert(
BinarySource src[1];
ptrlen signature = ptrlen_from_strbuf(ck->signature);
/* FIXME: here we should check which signature algorithm is
* actually in use, because that might be a reason to reject the
* certificate (e.g. ssh-rsa when we wanted rsa-sha2-*) */
ca_key = opensshcert_ca_pub_key(ck, signature, NULL);
if (!ca_key) {
@ -735,6 +732,18 @@ static bool opensshcert_check_cert(
goto out;
}
/* Check which signature algorithm is actually in use, because
* that might be a reason to reject the certificate (e.g. ssh-rsa
* when we wanted rsa-sha2-*). */
const ssh_keyalg *sig_alg = ssh_key_alg(ca_key);
if ((sig_alg == &ssh_rsa && !opts->permit_rsa_sha1) ||
(sig_alg == &ssh_rsa_sha256 && !opts->permit_rsa_sha256) ||
(sig_alg == &ssh_rsa_sha512 && !opts->permit_rsa_sha512)) {
put_fmt(error, "Certificate signature uses '%s' signature type "
"(forbidden by user configuration)", sig_alg->ssh_id);
goto out;
}
opensshcert_signature_preimage(ck, BinarySink_UPCAST(preimage));
if (!ssh_key_verify(ca_key, signature, ptrlen_from_strbuf(preimage))) {