| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Per ecdsa(3ssl), ECDSA_SIG_new does allocate its 'r' and 's' bignum fields.
Fix a bug where the initial 'r' and 's' bignums were being overwritten with
newly-allocated bignums, resulting in a memory leak.
BUG: https://red.libssh.org/issues/175
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 4745d652b5e71c27fd891edfe690162c0b8d3005)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Enable retrieving the "ecdsa-sha2-nistpNNN" name of ECDSA keys with a
new 'ssh_pki_key_ecdsa_name' API. This gives more information than the
'ssh_key_type_to_char' API, which yields "ssh-ecdsa" for ECDSA keys.
The motivation is that this info is useful to have in a server context.
The torture_pki unit test is updated to include the new API, and a few
more passes are added to additionally test 384 and 521-bit keys.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
| |
(cherry picked from commit 11cfb2903eb319d32a2432a015c61506f50dc78b)
|
| |
|
|
|
|
| |
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 10bc5ac203a428699508293f91faa460358ca6dc)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Mar 16, 09:41, Aris Adamantiadis wrote:
> Hi Petar,
> I agree with the principle, but I don't think this code can work...
> RSA_generate_key takes an RSA* as parameter and in our code we probably
> have key->rsa==NULL. (if we don't then the old code had a memory leak).
>
> Does the test case work ?
>
> Aris
>
Yes, you are right. This works, tested with tests/unittests/torture_pki
Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
(cherry picked from commit 0b8d24f800bae5f4f86c0eaca41c609f40d7baef)
|
| |
|
|
|
|
| |
BUG: https://red.libssh.org/issues/147
Signed-off-by: Alan Dunn <amdunn@gmail.com>
|
| |
|
|
| |
BUG: https://red.libssh.org/issues/146
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the DSA portion of 'pki_signature_to_blob': before this change, it
is possible to sometimes observe DSA signature validation failure when
testing with OpenSSH clients. The problem ended up being the following
snippet which did not account for the case when 'ssh_string_len(x)' may
be less than 20:
r = make_bignum_string(sig->dsa_sig->r);
...
memcpy(buffer,
((char *) ssh_string_data(r)) + ssh_string_len(r) - 20,
20);
Above consider the case that ssh_string_len(r) is 19; in that case the
memcpy unintentionally starts in the wrong place. The same situation
can happen for value 's' in this code.
To fix, adjust the offsets used for the input and output pointers, taking
into account that the lengths of 'r' and 's' can be less than 20. With
the fix I am no longer able to reproduce the original failure mode.
BUG: https://red.libssh.org/issues/144
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pad RSA signature blobs to the expected RSA signature length
when processing via 'pki_signature_to_blob'.
Some clients, notably PuTTY, may send unpadded RSA signatures
during the public key exchange: before this change, one can
sometimes observe failure in signature validation when using
PuTTY's 'plink' client, along these lines:
ssh_packet_process: ssh_packet_process: Dispatching handler for packet type 50
ssh_packet_userauth_request: ssh_packet_userauth_request: Auth request for service ssh-connection, method publickey for user 'foo'
ssh_pki_signature_verify_blob: ssh_pki_signature_verify_blob: Going to verify a ssh-rsa type signature
pki_signature_verify: pki_signature_verify: RSA error: error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length
ssh_packet_userauth_request: ssh_packet_userauth_request: Received an invalid signature from peer
For cross-reference this issue once also existed between
PuTTY and OpenSSH:
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rsa-verify-failed.html
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-rsa.c?rev=1.19;content-type=text%2Fx-cvsweb-markup
With the fix I am unable to reproduce the above failure mode when
testing with 'plink'.
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
BUG: https://red.libssh.org/issues/118
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Found by Coverity.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
for both gcrypt and openssl
|
| |
|
|
| |
Would have been an embarrassing bug...
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Looks like only DSA in grypt needs a leading zero to mark the has as
positive. See
http://lists.gnupg.org/pipermail/gcrypt-devel/2005-February/000754.html
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
