Bug 3094

Summary:

Signature verification fails on windows

Product:

Portable OpenSSH

Reporter:

balu <balu.gajjala>

Component:

ssh-keygen

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

NEW ---

Severity:

major

CC:

balu.gajjala, djm, dtucker

Priority:

Version:

8.1p1

Hardware:

Other

OS:

Windows 10

Attachments:

Description	Flags
accept \r\n at end of signature banner	none

Description balu 2019-11-14 11:34:10 AEDT

On windows, I tried to sign a file. The created signature file ends with \r\n as it's windows. Then I tried to verify the signature. It fails with the error message "Couldn't parse signature: missing header".

===================
Relevant Code
===================
sshsig_dearmor() -> calls timingsafe_bcmp()
timingsafe_bcmp() -> This function fails as "\r\n" != "\n"
#define BEGIN_SIGNATURE		"-----BEGIN SSH SIGNATURE-----\n"

===================
Steps:
===================
PS E:\code\openssh-portable> get-content -raw .\version.h | .\bin\x64\Debug\ssh-keygen.exe -vvv -Y sign -f .\id_rsa -n "abc" | out-file .\id_rsa.sig


PS E:\code\openssh-portable> get-content -raw ./version.h | .\bin\x64\Debug\ssh-keygen.exe -vvv -Y verify -s E:\code\openssh-portable\id_rsa.sig -n "abc"  -f E:\code\openssh-portable\id_rsa.pub -I test
Couldn't parse signature: missing header
verify: sshsig_armor: invalid format

Comment 1 Darren Tucker 2019-11-18 10:47:36 AEDT

Native Windows is not a configuration supported by the OpenSSH team.  Are you running the Microsoft fork?  If so you should report problems directly to them.

Comment 2 Damien Miller 2019-11-18 11:17:14 AEDT

That being said, I think we should be insensitive to whitespace at EOL in the header.

Comment 3 Damien Miller 2020-01-23 21:49:10 AEDT

Created attachment 3348 [details]
accept \r\n at end of signature banner

Please try this patch