upstream: Add sshd_config CASignatureAlgorithms option to allow
control over which signature algorithms a CA may use when signing
certificates. In particular, this allows a sshd to ban certificates signed
with RSA/SHA1.
ok markus@
OpenBSD-Commit-ID: b05c86ef8b52b913ed48d54a9b9c1a7714d96bac
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 73944bc..764ceff 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.37 2018/08/28 12:17:45 mestre Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.38 2018/09/20 03:28:06 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -112,6 +112,13 @@
__func__, sshkey_type(key));
goto done;
}
+ if ((r = sshkey_check_cert_sigtype(key,
+ options.ca_sign_algorithms)) != 0) {
+ logit("%s: certificate signature algorithm %s: %s", __func__,
+ (key->cert == NULL || key->cert->signature_type == NULL) ?
+ "(null)" : key->cert->signature_type, ssh_err(r));
+ goto done;
+ }
if (!authctxt->valid || authctxt->user == NULL) {
debug2("%s: disabled because of invalid user", __func__);
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index f9e4e2e..2fb5950 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.85 2018/08/28 12:25:53 mestre Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.86 2018/09/20 03:28:06 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -137,7 +137,13 @@
__func__, sshkey_ssh_name(key));
goto done;
}
-
+ if ((r = sshkey_check_cert_sigtype(key,
+ options.ca_sign_algorithms)) != 0) {
+ logit("%s: certificate signature algorithm %s: %s", __func__,
+ (key->cert == NULL || key->cert->signature_type == NULL) ?
+ "(null)" : key->cert->signature_type, ssh_err(r));
+ goto done;
+ }
key_s = format_key(key);
if (sshkey_is_cert(key))
ca_s = format_key(key->cert->signature_key);
diff --git a/servconf.c b/servconf.c
index c0f6af0..5411640 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.340 2018/08/12 20:19:13 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.341 2018/09/20 03:28:06 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -145,6 +145,7 @@
options->ciphers = NULL;
options->macs = NULL;
options->kex_algorithms = NULL;
+ options->ca_sign_algorithms = NULL;
options->fwd_opts.gateway_ports = -1;
options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
options->fwd_opts.streamlocal_bind_unlink = -1;
@@ -191,13 +192,14 @@
static void
assemble_algorithms(ServerOptions *o)
{
- char *all_cipher, *all_mac, *all_kex, *all_key;
+ char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig;
int r;
all_cipher = cipher_alg_list(',', 0);
all_mac = mac_alg_list(',');
all_kex = kex_alg_list(',');
all_key = sshkey_alg_list(0, 0, 1, ',');
+ all_sig = sshkey_alg_list(0, 1, 1, ',');
#define ASSEMBLE(what, defaults, all) \
do { \
if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
@@ -209,11 +211,13 @@
ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
+ ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
#undef ASSEMBLE
free(all_cipher);
free(all_mac);
free(all_kex);
free(all_key);
+ free(all_sig);
}
static void
@@ -487,7 +491,7 @@
sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
- sKexAlgorithms, sIPQoS, sVersionAddendum,
+ sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum,
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
sStreamLocalBindMask, sStreamLocalBindUnlink,
@@ -1431,6 +1435,10 @@
charptr = &options->hostkeyalgorithms;
goto parse_keytypes;
+ case sCASignatureAlgorithms:
+ charptr = &options->ca_sign_algorithms;
+ goto parse_keytypes;
+
case sPubkeyAuthentication:
intptr = &options->pubkey_authentication;
goto parse_flag;
@@ -2601,6 +2609,8 @@
dump_cfg_string(sHostKeyAgent, o->host_key_agent);
dump_cfg_string(sKexAlgorithms,
o->kex_algorithms ? o->kex_algorithms : KEX_SERVER_KEX);
+ dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms ?
+ o->ca_sign_algorithms : SSH_ALLOWED_CA_SIGALGS);
dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types ?
o->hostbased_key_types : KEX_DEFAULT_PK_ALG);
dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms ?
diff --git a/servconf.h b/servconf.h
index 557521d..0175e00 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.136 2018/07/09 21:26:02 markus Exp $ */
+/* $OpenBSD: servconf.h,v 1.137 2018/09/20 03:28:06 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -110,6 +110,7 @@
int hostbased_uses_name_from_packet_only; /* experimental */
char *hostbased_key_types; /* Key types allowed for hostbased */
char *hostkeyalgorithms; /* SSH2 server key types */
+ char *ca_sign_algorithms; /* Allowed CA signature algorithms */
int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */
char *pubkey_key_types; /* Key types allowed for public key */
int kerberos_authentication; /* If true, permit Kerberos
@@ -242,6 +243,7 @@
M_CP_STROPT(authorized_principals_command_user); \
M_CP_STROPT(hostbased_key_types); \
M_CP_STROPT(pubkey_key_types); \
+ M_CP_STROPT(ca_sign_algorithms); \
M_CP_STROPT(routing_domain); \
M_CP_STROPT(permit_user_env_whitelist); \
M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
diff --git a/sshd_config.5 b/sshd_config.5
index e1b54ba..c648437 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.281 2018/07/20 05:01:10 djm Exp $
-.Dd $Mdocdate: July 20 2018 $
+.\" $OpenBSD: sshd_config.5,v 1.282 2018/09/20 03:28:06 djm Exp $
+.Dd $Mdocdate: September 20 2018 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -382,6 +382,17 @@
.Cm none
then no banner is displayed.
By default, no banner is displayed.
+.It Cm CASignatureAlgorithms
+Specifies which algorithms are allowed for signing of certificates
+by certificate authorities (CAs).
+The default is:
+.Bd -literal -offset indent
+ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+.Ed
+.Pp
+Certificates signed using other algorithms will not be accepted for
+public key or host-based authentication.
.It Cm ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed (e.g. via
PAM or through authentication styles supported in