Bugzilla – Attachment 3521 Details for
Bug 3279
UpdateHostKeys triggers "client_global_hostkeys_private_confirm: server gave bad signature for RSA key 0" error message
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
dump failed key and signature
bz3279_debug.diff (text/plain), 1.65 KB, created by
Damien Miller
on 2021-05-20 11:43:37 AEST
(
hide
)
Description:
dump failed key and signature
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2021-05-20 11:43:37 AEST
Size:
1.65 KB
patch
obsolete
>commit 222829df23144b7271dd0b99aeef9d255b759ba2 >Author: Damien Miller <djm@mindrot.org> >Date: Thu May 20 11:38:28 2021 +1000 > > debug sigverify fail > >diff --git a/auth2-pubkey.c b/auth2-pubkey.c >index 721c1d9bd..0b2a3c88a 100644 >--- a/auth2-pubkey.c >+++ b/auth2-pubkey.c >@@ -95,7 +95,7 @@ userauth_pubkey(struct ssh *ssh) > char *pkalg = NULL, *userstyle = NULL, *key_s = NULL, *ca_s = NULL; > u_char *pkblob = NULL, *sig = NULL, have_sig; > size_t blen, slen; >- int r, pktype; >+ int v, r, pktype; > int req_presence = 0, req_verify = 0, authenticated = 0; > struct sshauthopt *authopts = NULL; > struct sshkey_sig_details *sig_details = NULL; >@@ -202,13 +202,23 @@ userauth_pubkey(struct ssh *ssh) > #endif > /* test for correct signature */ > authenticated = 0; >+ v = 0; > if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) && >- PRIVSEP(sshkey_verify(key, sig, slen, >+ (v = PRIVSEP(sshkey_verify(key, sig, slen, > sshbuf_ptr(b), sshbuf_len(b), > (ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL, >- ssh->compat, &sig_details)) == 0) { >+ ssh->compat, &sig_details))) == 0) { > authenticated = 1; > } >+ if (v < 0) { >+ struct sshbuf *badkey = sshbuf_new(); >+ debug_fr(v, "sshkey_verify failed"); >+ sshkey_format_text(key, badkey); >+ sshbuf_put_u8(badkey, 0); >+ debug_f("failed key: %s", (const char *)sshbuf_ptr(badkey)); >+ debug_f("failed alg: %s", ((ssh->compat & SSH_BUG_SIGTYPE) == 0 && pkalg != NULL) ? pkalg : "[DEFAULT]"); >+ debug_f("failed sig: %s", tohex(sig, slen)); >+ } > if (authenticated == 1 && sig_details != NULL) { > auth2_record_info(authctxt, "signature count = %u", > sig_details->sk_counter);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3521">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3279
:
3505
|
3506
|
3507
|
3513
|
3514
| 3521 |
3522
|
3535
|
3536
|
3537
|
3538