Bugzilla – Attachment 3538 Details for
Bug 3279
UpdateHostKeys triggers "client_global_hostkeys_private_confirm: server gave bad signature for RSA key 0" error message
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Better RSA verification debugging
rsa-debug.diff (text/plain), 1.55 KB, created by
Damien Miller
on 2021-07-16 10:32:14 AEST
(
hide
)
Description:
Better RSA verification debugging
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2021-07-16 10:32:14 AEST
Size:
1.55 KB
patch
obsolete
>diff --git a/ssh-rsa.c b/ssh-rsa.c >index 9b14f9a9a..a3c94867c 100644 >--- a/ssh-rsa.c >+++ b/ssh-rsa.c >@@ -34,6 +34,7 @@ > #include "sshkey.h" > #include "digest.h" > #include "log.h" >+#include "misc.h" > > #include "openbsd-compat/openssl-compat.h" > >@@ -320,6 +321,19 @@ ssh_rsa_verify(const struct sshkey *key, > > ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len, > key->rsa); >+ if (ret != 0) { >+ debug_f("alg=%s", alg == NULL ? "default" : alg); >+ sshbuf_free(b); >+ if ((b = sshbuf_from(sigblob, len)) == NULL) >+ fatal_f("sshbuf_from"); >+ debug_f("sigblob=%s", sshbuf_dtob64_string(b, 0)); >+ sshbuf_free(b); >+ if ((b = sshbuf_new()) == NULL) >+ fatal_f("sshbuf_new"); >+ if (sshkey_format_text(key, b) != 0) >+ fatal_f("sshkey_format_text"); >+ debug_f("key=%s", sshbuf_dup_string(b)); >+ } > out: > freezero(sigblob, len); > free(sigtype); >@@ -399,6 +413,14 @@ rsa_hash_alg_oid(int hash_alg, const u_char **oidp, size_t *oidlenp) > return 0; > } > >+static int >+dump_libcrypto_error(const char *str, size_t len, void *u) >+{ >+ debug("%s: libcrypto: %.*s", (char*)u, (int)len, str); >+ return 0; >+} >+ >+ > static int > openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen, > u_char *sigbuf, size_t siglen, RSA *rsa) >@@ -428,6 +450,8 @@ openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen, > } > if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa, > RSA_PKCS1_PADDING)) < 0) { >+ debug_f("failed RSA_public_decrypt"); >+ ERR_print_errors_cb(dump_libcrypto_error, (void*)__func__); > ret = SSH_ERR_LIBCRYPTO_ERROR; > goto done; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3538">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3279
:
3505
|
3506
|
3507
|
3513
|
3514
|
3521
|
3522
|
3535
|
3536
|
3537
| 3538