[Bug 2799] RSA Signatures using SHA2 provided by different ssh-agent are not properly verified

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Dec 8 14:23:50 AEDT 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2799

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
I don't think the "Check signature algorithm while verifying RSA
signatures" patch is correct: key types and signature types are allowed
to be different, and the patch doesn't actually supply the signature
type in many cases where we could (esp. KEX).

I'll have a look at this now.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list