[Bug 884] DSA keys (id_dsa.pub) with 8192 bits or more aren't correctly recognized
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Jun 24 23:36:30 EST 2004
http://bugzilla.mindrot.org/show_bug.cgi?id=884
------- Additional Comments From dmr at gmx.it 2004-06-24 23:36 -------
> > every attempt to raise the keysize over 8192 bits limit won't work
>
> Maybe a limit in OpenSSL's DSA functions?
>
> Your read_whole_line() function seems a lot more complicated than it needs to
> be. xrealloc will leave the file content intact, so instead of ftell/fseek/goto
> you can just initialise everthing to zero/NULL then just repeatedly read chunks
> until you get a newline, eg,
>
> while (1) {
> buf = xrealloc(buf, size + CHUNKSZ);
> size += CHUNKSZ;
> nextpart = buf + len;
> if (fgets(nextpart, CHUNKSZ, f) == NULL)
> break;
> len += strlen(nextpart);
> if (buf[len - 1] == '\n')
> break;
> }
>
> (For bonus points, add some better handling of fgets() == NULL. Or use
> buffer_append instead of xrealloc.)
You are right... but that patch was only a quick and dirty trick... that
function has been stripped down from another place only for testing purposes.
However now it shoud be ok.
> Anyway, an 8kbit key is just over 4KBytes encoded and I don't think it's
> worth the extra complexity of making it dynamic just to save a couple of KB
> of stack space.
IMHO the problem here is that the maximum key size is hard coded in openssh,
while it should be _at most_ hard coded in (e.g.) openssl...
> Either way key_try_load_public shouldn't pass incomplete lines to key_read,
though.
I agree... However, the following patch should fix - it worked pretty fine for
me - any key-size troubles: tested ok with 32K keys, actually in production on
my cluster and several other systems.
Thanks a lot for your support.
Regards,
Alessandro
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list