Bugzilla – Attachment 2578 Details for
Bug 2366
ssh-keygen doesn't correctly decode new format GCM-encrypted keys
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for sshkey.c in OpenSSH 6.8p1
sshkey_6.8_gcm.patch (text/plain), 1.59 KB, created by
Ron Frederick
on 2015-03-29 13:29:10 AEDT
(
hide
)
Description:
Patch for sshkey.c in OpenSSH 6.8p1
Filename:
MIME Type:
Creator:
Ron Frederick
Created:
2015-03-29 13:29:10 AEDT
Size:
1.59 KB
patch
obsolete
>--- sshkey.c.orig 2015-03-16 22:49:20.000000000 -0700 >+++ sshkey.c 2015-03-28 19:11:54.000000000 -0700 >@@ -3201,7 +3201,7 @@ > const u_char *cp; > int r = SSH_ERR_INTERNAL_ERROR; > size_t encoded_len; >- size_t i, keylen = 0, ivlen = 0, slen = 0; >+ size_t i, keylen = 0, ivlen = 0, authlen = 0, slen = 0; > struct sshbuf *encoded = NULL, *decoded = NULL; > struct sshbuf *kdf = NULL, *decrypted = NULL; > struct sshcipher_ctx ciphercontext; >@@ -3311,6 +3311,7 @@ > /* setup key */ > keylen = cipher_keylen(cipher); > ivlen = cipher_ivlen(cipher); >+ authlen = cipher_authlen(cipher); > if ((key = calloc(1, keylen + ivlen)) == NULL) { > r = SSH_ERR_ALLOC_FAIL; > goto out; >@@ -3326,19 +3327,25 @@ > } > } > >+ /* check that an appropriate amount of auth data is present */ >+ if (sshbuf_len(decoded) < encrypted_len + authlen) { >+ r = SSH_ERR_INVALID_FORMAT; >+ goto out; >+ } >+ > /* decrypt private portion of key */ > if ((r = sshbuf_reserve(decrypted, encrypted_len, &dp)) != 0 || > (r = cipher_init(&ciphercontext, cipher, key, keylen, > key + keylen, ivlen, 0)) != 0) > goto out; > if ((r = cipher_crypt(&ciphercontext, 0, dp, sshbuf_ptr(decoded), >- sshbuf_len(decoded), 0, cipher_authlen(cipher))) != 0) { >+ encrypted_len, 0, authlen)) != 0) { > /* an integrity error here indicates an incorrect passphrase */ > if (r == SSH_ERR_MAC_INVALID) > r = SSH_ERR_KEY_WRONG_PASSPHRASE; > goto out; > } >- if ((r = sshbuf_consume(decoded, encrypted_len)) != 0) >+ if ((r = sshbuf_consume(decoded, encrypted_len + authlen)) != 0) > goto out; > /* there should be no trailing data */ > if (sshbuf_len(decoded) != 0) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2578">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2366
:
2567
| 2578