summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2020-10-07 02:22:24 +0000
committerDamien Miller <djm@cvs.openbsd.org>2020-10-07 02:22:24 +0000
commit1e887f08631c37a76f67e262885daa0355b86e6c (patch)
treedf79ffeba946fb48271b4c38835834d1a8c53153 /usr.bin/ssh
parent7277bd3d95942c99e08d12ca7b59cb36b29644b6 (diff)
revert kex->flags cert hostkey downgrade back to a plain key
(commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less plumbing. ok markus@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/clientloop.c8
-rw-r--r--usr.bin/ssh/kex.h8
-rw-r--r--usr.bin/ssh/sshconnect.c55
-rw-r--r--usr.bin/ssh/sshconnect.h4
-rw-r--r--usr.bin/ssh/sshconnect2.c9
5 files changed, 20 insertions, 64 deletions
diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c
index 172316695f5..0b279913a6c 100644
--- a/usr.bin/ssh/clientloop.c
+++ b/usr.bin/ssh/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.347 2020/10/03 08:12:59 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.348 2020/10/07 02:22:23 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2213,12 +2213,6 @@ client_input_hostkeys(struct ssh *ssh)
debug("%s: wildcard known hosts name found, "
"skipping UserKnownHostsFile update", __func__);
goto out;
- } else if (sshkey_type_is_cert(ssh->kex->hostkey_type) &&
- ctx->ca_available &&
- (ssh->kex->flags & KEX_HOSTCERT_CONVERT) == 0) {
- debug("%s: server offered certificate host key, "
- "skipping UserKnownHostsFile update", __func__);
- goto out;
} else if (ctx->nnew == 0 && ctx->nold != 0) {
/* We have some keys to remove. Just do it. */
update_known_hosts(ctx);
diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h
index e7e01e34de2..de06267712c 100644
--- a/usr.bin/ssh/kex.h
+++ b/usr.bin/ssh/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.110 2020/10/03 08:11:28 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.111 2020/10/07 02:22:23 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -98,10 +98,8 @@ enum kex_exchange {
KEX_MAX
};
-/* kex->flags values */
-#define KEX_INIT_SENT 0x0001 /* KEXINIT sent */
-#define KEX_INITIAL 0x0002 /* Initial KEX, not rekey */
-#define KEX_HOSTCERT_CONVERT 0x0004 /* Client downgraded hostcert->plain */
+#define KEX_INIT_SENT 0x0001
+#define KEX_INITIAL 0x0002
struct sshenc {
char *name;
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index 1d617275ee3..18e26a3a0c3 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.336 2020/10/07 02:20:35 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.337 2020/10/07 02:22:23 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -656,10 +656,6 @@ get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr,
/*
* check whether the supplied host key is valid, return -1 if the key
* is not valid. user_hostfile[0] will not be updated if 'readonly' is true.
- *
- * If cert_fallbackp is not NULL then will attempt to convert certificate host
- * keys to plain keys if no certificate match was found and will return
- * non-zero via *cert_fallbackp if this fall-back was used.
*/
#define RDRW 0
#define RDONLY 1
@@ -668,7 +664,7 @@ static int
check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
struct sshkey *host_key, int readonly,
char **user_hostfiles, u_int num_user_hostfiles,
- char **system_hostfiles, u_int num_system_hostfiles, int *cert_fallbackp)
+ char **system_hostfiles, u_int num_system_hostfiles)
{
HostStatus host_status;
HostStatus ip_status;
@@ -679,15 +675,12 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
const char *type;
const struct hostkey_entry *host_found, *ip_found;
int len, cancelled_forwarding = 0, confirmed;
- int local = sockaddr_is_local(hostaddr), cert_fallback = 0;
+ int local = sockaddr_is_local(hostaddr);
int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0;
int hostkey_trusted = 0; /* Known or explicitly accepted by user */
struct hostkeys *host_hostkeys, *ip_hostkeys;
u_int i;
- if (cert_fallbackp != NULL)
- *cert_fallbackp = 0;
-
/*
* Force accepting of the host key for loopback/localhost. The
* problem is that if the home directory is NFS-mounted to multiple
@@ -803,15 +796,9 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
if (options.host_key_alias == NULL && port != 0 &&
port != SSH_DEFAULT_PORT) {
debug("checking without port identifier");
- /*
- * NB. do not perform cert->key fallback in this
- * recursive call. Fallback will only be performed in
- * the top-level call.
- */
if (check_host_key(hostname, hostaddr, 0, host_key,
ROQUIET, user_hostfiles, num_user_hostfiles,
- system_hostfiles, num_system_hostfiles,
- NULL) == 0) {
+ system_hostfiles, num_system_hostfiles) == 0) {
debug("found matching key w/out port");
break;
}
@@ -1088,13 +1075,10 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
free_hostkeys(host_hostkeys);
if (ip_hostkeys != NULL)
free_hostkeys(ip_hostkeys);
- if (cert_fallbackp != NULL)
- *cert_fallbackp = cert_fallback;
return 0;
fail:
- if (cert_fallbackp != NULL && want_cert &&
- host_status != HOST_REVOKED) {
+ if (want_cert && host_status != HOST_REVOKED) {
/*
* No matching certificate. Downgrade cert to raw key and
* search normally.
@@ -1106,7 +1090,6 @@ fail:
if ((r = sshkey_drop_cert(raw_key)) != 0)
fatal("Couldn't drop certificate: %s", ssh_err(r));
host_key = raw_key;
- cert_fallback = 1;
goto retry;
}
sshkey_free(raw_key);
@@ -1119,24 +1102,15 @@ fail:
return -1;
}
-/*
- * returns 0 if key verifies or -1 if key does NOT verify.
- *
- * If the host key was a certificate that was downgraded to a plain key in
- * the process of matching, then cert_fallbackp will be non-zero.
- */
+/* returns 0 if key verifies or -1 if key does NOT verify */
int
-verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key,
- int *cert_fallbackp)
+verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key)
{
u_int i;
- int r = -1, flags = 0, cert_fallback = 0;
+ int r = -1, flags = 0;
char valid[64], *fp = NULL, *cafp = NULL;
struct sshkey *plain = NULL;
- if (cert_fallbackp != NULL)
- *cert_fallbackp = 0;
-
if ((fp = sshkey_fingerprint(host_key,
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
error("%s: fingerprint host key: %s", __func__, ssh_err(r));
@@ -1227,20 +1201,15 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key,
}
r = check_host_key(host, hostaddr, options.port, host_key, RDRW,
options.user_hostfiles, options.num_user_hostfiles,
- options.system_hostfiles, options.num_system_hostfiles,
- &cert_fallback);
+ options.system_hostfiles, options.num_system_hostfiles);
out:
sshkey_free(plain);
free(fp);
free(cafp);
- if (r == 0) {
- if (host_key != NULL) {
- sshkey_free(previous_host_key);
- r = sshkey_from_private(host_key, &previous_host_key);
- }
- if (r == 0 && cert_fallbackp != NULL)
- *cert_fallbackp = cert_fallback;
+ if (r == 0 && host_key != NULL) {
+ sshkey_free(previous_host_key);
+ r = sshkey_from_private(host_key, &previous_host_key);
}
return r;
diff --git a/usr.bin/ssh/sshconnect.h b/usr.bin/ssh/sshconnect.h
index 6d63075e963..b2fbf157915 100644
--- a/usr.bin/ssh/sshconnect.h
+++ b/usr.bin/ssh/sshconnect.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.h,v 1.41 2020/10/03 08:11:28 djm Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.42 2020/10/07 02:22:23 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -41,7 +41,7 @@ void ssh_kill_proxy_command(void);
void ssh_login(struct ssh *, Sensitive *, const char *,
struct sockaddr *, u_short, struct passwd *, int);
-int verify_host_key(char *, struct sockaddr *, struct sshkey *, int *);
+int verify_host_key(char *, struct sockaddr *, struct sshkey *);
void get_hostfile_hostname_ipaddr(char *, struct sockaddr *, u_short,
char **, char **);
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index 61c10b4fce3..7084f5b7650 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.328 2020/10/04 09:45:01 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.329 2020/10/07 02:22:23 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -92,13 +92,8 @@ struct sockaddr *xxx_hostaddr;
static int
verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh)
{
- int cert_downgraded = 0;
-
- if (verify_host_key(xxx_host, xxx_hostaddr, hostkey,
- &cert_downgraded) == -1)
+ if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
fatal("Host key verification failed.");
- if (cert_downgraded)
- ssh->kex->flags |= KEX_HOSTCERT_CONVERT;
return 0;
}