Dear colleagues,
ssh-keygen uses SHA1 algorithm (default) when verifying that the key is
usable. It causes problems on recent systems where SHA1 is disabled for use
with signatures (at least, RHEL 9+).
The proposed patch enforces using a sha2 algorithm for key verification.
--
Dmitry Belyavskiy
diff --git a/ssh-keygen.c b/ssh-keygen.c
index ae05440f..7008feb4 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -485,6 +485,8 @@ do_convert_private_ssh2(struct sshbuf *b)
BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL;
BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL;
BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL;
+ char rsa_safe_alg[] = "rsa-sha2-256";
+ char *alg = NULL;
if ((r = sshbuf_get_u32(b, &magic)) != 0)
fatal_fr(r, "parse magic");
@@ -584,6 +586,7 @@ do_convert_private_ssh2(struct sshbuf *b)
if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0)
fatal_fr(r, "generate RSA parameters");
BN_clear_free(rsa_iqmp);
+ alg = rsa_safe_alg;
break;
}
rlen = sshbuf_len(b);
@@ -592,10 +595,10 @@ do_convert_private_ssh2(struct sshbuf *b)
/* try the key */
if ((r = sshkey_sign(key, &sig, &slen, data, sizeof(data),
- NULL, NULL, NULL, 0)) != 0)
+ alg, NULL, NULL, 0)) != 0)
error_fr(r, "signing with converted key failed");
else if ((r = sshkey_verify(key, sig, slen, data, sizeof(data),
- NULL, 0, NULL)) != 0)
+ alg, 0, NULL)) != 0)
error_fr(r, "verification with converted key failed");
if (r != 0) {
sshkey_free(key);
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
