diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2020-10-07 02:22:24 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2020-10-07 02:22:24 +0000 |
commit | 1e887f08631c37a76f67e262885daa0355b86e6c (patch) | |
tree | df79ffeba946fb48271b4c38835834d1a8c53153 /usr.bin/ssh | |
parent | 7277bd3d95942c99e08d12ca7b59cb36b29644b6 (diff) |
revert kex->flags cert hostkey downgrade back to a plain key
(commitid VtF8vozGOF8DMKVg). We now do this a simpler way that
needs less plumbing.
ok markus@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r-- | usr.bin/ssh/clientloop.c | 8 | ||||
-rw-r--r-- | usr.bin/ssh/kex.h | 8 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect.c | 55 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect.h | 4 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect2.c | 9 |
5 files changed, 20 insertions, 64 deletions
diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index 172316695f5..0b279913a6c 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.347 2020/10/03 08:12:59 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.348 2020/10/07 02:22:23 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -2213,12 +2213,6 @@ client_input_hostkeys(struct ssh *ssh) debug("%s: wildcard known hosts name found, " "skipping UserKnownHostsFile update", __func__); goto out; - } else if (sshkey_type_is_cert(ssh->kex->hostkey_type) && - ctx->ca_available && - (ssh->kex->flags & KEX_HOSTCERT_CONVERT) == 0) { - debug("%s: server offered certificate host key, " - "skipping UserKnownHostsFile update", __func__); - goto out; } else if (ctx->nnew == 0 && ctx->nold != 0) { /* We have some keys to remove. Just do it. */ update_known_hosts(ctx); diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h index e7e01e34de2..de06267712c 100644 --- a/usr.bin/ssh/kex.h +++ b/usr.bin/ssh/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.110 2020/10/03 08:11:28 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.111 2020/10/07 02:22:23 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -98,10 +98,8 @@ enum kex_exchange { KEX_MAX }; -/* kex->flags values */ -#define KEX_INIT_SENT 0x0001 /* KEXINIT sent */ -#define KEX_INITIAL 0x0002 /* Initial KEX, not rekey */ -#define KEX_HOSTCERT_CONVERT 0x0004 /* Client downgraded hostcert->plain */ +#define KEX_INIT_SENT 0x0001 +#define KEX_INITIAL 0x0002 struct sshenc { char *name; diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 1d617275ee3..18e26a3a0c3 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.336 2020/10/07 02:20:35 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.337 2020/10/07 02:22:23 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -656,10 +656,6 @@ get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr, /* * check whether the supplied host key is valid, return -1 if the key * is not valid. user_hostfile[0] will not be updated if 'readonly' is true. - * - * If cert_fallbackp is not NULL then will attempt to convert certificate host - * keys to plain keys if no certificate match was found and will return - * non-zero via *cert_fallbackp if this fall-back was used. */ #define RDRW 0 #define RDONLY 1 @@ -668,7 +664,7 @@ static int check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, struct sshkey *host_key, int readonly, char **user_hostfiles, u_int num_user_hostfiles, - char **system_hostfiles, u_int num_system_hostfiles, int *cert_fallbackp) + char **system_hostfiles, u_int num_system_hostfiles) { HostStatus host_status; HostStatus ip_status; @@ -679,15 +675,12 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, const char *type; const struct hostkey_entry *host_found, *ip_found; int len, cancelled_forwarding = 0, confirmed; - int local = sockaddr_is_local(hostaddr), cert_fallback = 0; + int local = sockaddr_is_local(hostaddr); int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0; int hostkey_trusted = 0; /* Known or explicitly accepted by user */ struct hostkeys *host_hostkeys, *ip_hostkeys; u_int i; - if (cert_fallbackp != NULL) - *cert_fallbackp = 0; - /* * Force accepting of the host key for loopback/localhost. The * problem is that if the home directory is NFS-mounted to multiple @@ -803,15 +796,9 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, if (options.host_key_alias == NULL && port != 0 && port != SSH_DEFAULT_PORT) { debug("checking without port identifier"); - /* - * NB. do not perform cert->key fallback in this - * recursive call. Fallback will only be performed in - * the top-level call. - */ if (check_host_key(hostname, hostaddr, 0, host_key, ROQUIET, user_hostfiles, num_user_hostfiles, - system_hostfiles, num_system_hostfiles, - NULL) == 0) { + system_hostfiles, num_system_hostfiles) == 0) { debug("found matching key w/out port"); break; } @@ -1088,13 +1075,10 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, free_hostkeys(host_hostkeys); if (ip_hostkeys != NULL) free_hostkeys(ip_hostkeys); - if (cert_fallbackp != NULL) - *cert_fallbackp = cert_fallback; return 0; fail: - if (cert_fallbackp != NULL && want_cert && - host_status != HOST_REVOKED) { + if (want_cert && host_status != HOST_REVOKED) { /* * No matching certificate. Downgrade cert to raw key and * search normally. @@ -1106,7 +1090,6 @@ fail: if ((r = sshkey_drop_cert(raw_key)) != 0) fatal("Couldn't drop certificate: %s", ssh_err(r)); host_key = raw_key; - cert_fallback = 1; goto retry; } sshkey_free(raw_key); @@ -1119,24 +1102,15 @@ fail: return -1; } -/* - * returns 0 if key verifies or -1 if key does NOT verify. - * - * If the host key was a certificate that was downgraded to a plain key in - * the process of matching, then cert_fallbackp will be non-zero. - */ +/* returns 0 if key verifies or -1 if key does NOT verify */ int -verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key, - int *cert_fallbackp) +verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key) { u_int i; - int r = -1, flags = 0, cert_fallback = 0; + int r = -1, flags = 0; char valid[64], *fp = NULL, *cafp = NULL; struct sshkey *plain = NULL; - if (cert_fallbackp != NULL) - *cert_fallbackp = 0; - if ((fp = sshkey_fingerprint(host_key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) { error("%s: fingerprint host key: %s", __func__, ssh_err(r)); @@ -1227,20 +1201,15 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key, } r = check_host_key(host, hostaddr, options.port, host_key, RDRW, options.user_hostfiles, options.num_user_hostfiles, - options.system_hostfiles, options.num_system_hostfiles, - &cert_fallback); + options.system_hostfiles, options.num_system_hostfiles); out: sshkey_free(plain); free(fp); free(cafp); - if (r == 0) { - if (host_key != NULL) { - sshkey_free(previous_host_key); - r = sshkey_from_private(host_key, &previous_host_key); - } - if (r == 0 && cert_fallbackp != NULL) - *cert_fallbackp = cert_fallback; + if (r == 0 && host_key != NULL) { + sshkey_free(previous_host_key); + r = sshkey_from_private(host_key, &previous_host_key); } return r; diff --git a/usr.bin/ssh/sshconnect.h b/usr.bin/ssh/sshconnect.h index 6d63075e963..b2fbf157915 100644 --- a/usr.bin/ssh/sshconnect.h +++ b/usr.bin/ssh/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.41 2020/10/03 08:11:28 djm Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.42 2020/10/07 02:22:23 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -41,7 +41,7 @@ void ssh_kill_proxy_command(void); void ssh_login(struct ssh *, Sensitive *, const char *, struct sockaddr *, u_short, struct passwd *, int); -int verify_host_key(char *, struct sockaddr *, struct sshkey *, int *); +int verify_host_key(char *, struct sockaddr *, struct sshkey *); void get_hostfile_hostname_ipaddr(char *, struct sockaddr *, u_short, char **, char **); diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 61c10b4fce3..7084f5b7650 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.328 2020/10/04 09:45:01 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.329 2020/10/07 02:22:23 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -92,13 +92,8 @@ struct sockaddr *xxx_hostaddr; static int verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh) { - int cert_downgraded = 0; - - if (verify_host_key(xxx_host, xxx_hostaddr, hostkey, - &cert_downgraded) == -1) + if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1) fatal("Host key verification failed."); - if (cert_downgraded) - ssh->kex->flags |= KEX_HOSTCERT_CONVERT; return 0; } |