Attachment 3681 Details for Bug 3546 – Proposed fix

[patch] Proposed fix

ssh-keygen.patch (text/plain), 1.19 KB, created by Dmitry Belyavskiy on 2023-03-04 04:52:27 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Dmitry Belyavskiy

Created: 2023-03-04 04:52:27 AEDT

Size: 1.19 KB

patch

obsolete

>diff --git a/ssh-keygen.c b/ssh-keygen.c
>index ae05440f..7008feb4 100644
>--- a/ssh-keygen.c
>+++ b/ssh-keygen.c
>@@ -485,6 +485,8 @@ do_convert_private_ssh2(struct sshbuf *b)
> 	BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL;
> 	BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL;
> 	BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL;
>+	char rsa_safe_alg[] = "rsa-sha2-256";
>+	char *alg = NULL;
> 
> 	if ((r = sshbuf_get_u32(b, &magic)) != 0)
> 		fatal_fr(r, "parse magic");
>@@ -584,6 +586,7 @@ do_convert_private_ssh2(struct sshbuf *b)
> 		if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0)
> 			fatal_fr(r, "generate RSA parameters");
> 		BN_clear_free(rsa_iqmp);
>+		alg = rsa_safe_alg;
> 		break;
> 	}
> 	rlen = sshbuf_len(b);
>@@ -592,10 +595,10 @@ do_convert_private_ssh2(struct sshbuf *b)
> 
> 	/* try the key */
> 	if ((r = sshkey_sign(key, &sig, &slen, data, sizeof(data),
>-	    NULL, NULL, NULL, 0)) != 0)
>+	    alg, NULL, NULL, 0)) != 0)
> 		error_fr(r, "signing with converted key failed");
> 	else if ((r = sshkey_verify(key, sig, slen, data, sizeof(data),
>-	    NULL, 0, NULL)) != 0)
>+	    alg, 0, NULL)) != 0)
> 		error_fr(r, "verification with converted key failed");
> 	if (r != 0) {
> 		sshkey_free(key);

Actions: View | Diff

Attachments on bug 3546: 3681