Bugzilla – Attachment 3681 Details for
Bug 3546
Use SHA2 in ssh-keygen key verification
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed fix
ssh-keygen.patch (text/plain), 1.19 KB, created by
Dmitry Belyavskiy
on 2023-03-04 04:52:27 AEDT
(
hide
)
Description:
Proposed fix
Filename:
MIME Type:
Creator:
Dmitry Belyavskiy
Created:
2023-03-04 04:52:27 AEDT
Size:
1.19 KB
patch
obsolete
>diff --git a/ssh-keygen.c b/ssh-keygen.c >index ae05440f..7008feb4 100644 >--- a/ssh-keygen.c >+++ b/ssh-keygen.c >@@ -485,6 +485,8 @@ do_convert_private_ssh2(struct sshbuf *b) > BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL; > BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL; > BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL; >+ char rsa_safe_alg[] = "rsa-sha2-256"; >+ char *alg = NULL; > > if ((r = sshbuf_get_u32(b, &magic)) != 0) > fatal_fr(r, "parse magic"); >@@ -584,6 +586,7 @@ do_convert_private_ssh2(struct sshbuf *b) > if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0) > fatal_fr(r, "generate RSA parameters"); > BN_clear_free(rsa_iqmp); >+ alg = rsa_safe_alg; > break; > } > rlen = sshbuf_len(b); >@@ -592,10 +595,10 @@ do_convert_private_ssh2(struct sshbuf *b) > > /* try the key */ > if ((r = sshkey_sign(key, &sig, &slen, data, sizeof(data), >- NULL, NULL, NULL, 0)) != 0) >+ alg, NULL, NULL, 0)) != 0) > error_fr(r, "signing with converted key failed"); > else if ((r = sshkey_verify(key, sig, slen, data, sizeof(data), >- NULL, 0, NULL)) != 0) >+ alg, 0, NULL)) != 0) > error_fr(r, "verification with converted key failed"); > if (r != 0) { > sshkey_free(key);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3546
: 3681