[Bug 3094] New: Signature verification fails on windows

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Nov 14 11:34:10 AEDT 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=3094

            Bug ID: 3094
           Summary: Signature verification fails on windows
           Product: Portable OpenSSH
           Version: 8.1p1
          Hardware: Other
                OS: Windows 10
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-keygen
          Assignee: unassigned-bugs at mindrot.org
          Reporter: balu.gajjala at gmail.com

On windows, I tried to sign a file. The created signature file ends
with \r\n as it's windows. Then I tried to verify the signature. It
fails with the error message "Couldn't parse signature: missing
header".

===================
Relevant Code
===================
sshsig_dearmor() -> calls timingsafe_bcmp()
timingsafe_bcmp() -> This function fails as "\r\n" != "\n"
#define BEGIN_SIGNATURE         "-----BEGIN SSH SIGNATURE-----\n"

===================
Steps:
===================
PS E:\code\openssh-portable> get-content -raw .\version.h |
.\bin\x64\Debug\ssh-keygen.exe -vvv -Y sign -f .\id_rsa -n "abc" |
out-file .\id_rsa.sig


PS E:\code\openssh-portable> get-content -raw ./version.h |
.\bin\x64\Debug\ssh-keygen.exe -vvv -Y verify -s
E:\code\openssh-portable\id_rsa.sig -n "abc"  -f
E:\code\openssh-portable\id_rsa.pub -I test
Couldn't parse signature: missing header
verify: sshsig_armor: invalid format

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list