592 – "Bad decrypted len" error in OpenSSH using smart-card stored public-key

Bug 592 - "Bad decrypted len" error in OpenSSH using smart-card stored public-key

Summary: "Bad decrypted len" error in OpenSSH using smart-card stored public-key

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	-current
Hardware:	All All

Importance:	P2 major
Assignee:	OpenSSH Bugzilla mailing list

URL:
Keywords:

Depends on:
Blocks:

Reported:	2003-06-14 06:56 AEST by Stefan Hadjistoytchev
Modified:	2006-09-06 05:09 AEST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Hadjistoytchev 2003-06-14 06:56:25 AEST

I think lines between 250-252 in  file ssh-rsa.c in OpenSSH source code should 
be commented!

REASON:
 Using "SecureNetTerm Client" ( http://www.securenetterm.com/ ) with
 "SecureKeyAgent" ver. 5.4.2.4 ( same situation: Putty + SecureKeyAgent ) to
 connect to OpenSSH server "OpenSSH ver. 3.6.1" using public key from Smart
 Card certificate causes the following errors in "/var/log/auth/errors":
     . . .
     sshd[1224] error: bad decrypted len: 36 != 20 + 15
     sshd[1227] error: bad decrypted len: 36 != 20 + 15
     . . .

I sent a letter about this to SecureNetTerm and here is the answer:
OpenSSH 3.6.1 is a little braindead when it comes to proper operation of
Certificates. All you have to do is edit the OpenSSL file ssh-rsa.c and 
comment out lines 250-252. This is a redundant length check that is not 
technically correct.  The OpenSSH team is aware of the problem but don't care 
since they have no idea how to use certificates.

The length check is not redundant since the result might be
too small for example ... 

I commented out lines 250-252 and problem disapeared.

Please fix this issue because otherwise we could not use Smart-card 
certificates with OpenSSH server at all :(


Best regards
    Stefan Hadjistoytchev

Comment 1 Markus Friedl 2003-06-16 20:35:46 AEST

fixed for the next release
(replaced != with <)

Comment 2 michael.illgner 2004-03-09 01:44:09 AEDT

This bugs seems to reappear in Version 3.7.1, it seemed to be fixed in 2.6.2.
Any idea what's going wrong here?

Comment 3 Darren Tucker 2004-03-09 11:19:59 AEDT

The change was backed out.  There was some discussion about it:
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=105584179630664

$ cvs log ssh-rsa.c
revision 1.30
date: 2003/06/18 11:28:11;  author: markus;  state: Exp;  lines: +13 -22
branches:  1.30.2;
backout last change, since it violates pkcs#1
switch to share/misc/license.template
----------------------------
revision 1.29
date: 2003/06/16 08:22:35;  author: markus;  state: Exp;  lines: +3 -3
make sure the signature has at least the expected length (don't
insist on len == hlen + oidlen, since this breaks some smartcards)
bugzilla #592; ok djm@

Comment 4 Damien Miller 2004-04-14 12:24:19 AEST

Mass change of RESOLVED bugs to CLOSED

Comment 5 Markus Friedl 2006-09-06 05:09:58 AEST

see also http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html