[Bug 3094] New: Signature verification fails on windows
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu Nov 14 11:34:10 AEDT 2019
https://bugzilla.mindrot.org/show_bug.cgi?id=3094
Bug ID: 3094
Summary: Signature verification fails on windows
Product: Portable OpenSSH
Version: 8.1p1
Hardware: Other
OS: Windows 10
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: balu.gajjala at gmail.com
On windows, I tried to sign a file. The created signature file ends
with \r\n as it's windows. Then I tried to verify the signature. It
fails with the error message "Couldn't parse signature: missing
header".
===================
Relevant Code
===================
sshsig_dearmor() -> calls timingsafe_bcmp()
timingsafe_bcmp() -> This function fails as "\r\n" != "\n"
#define BEGIN_SIGNATURE "-----BEGIN SSH SIGNATURE-----\n"
===================
Steps:
===================
PS E:\code\openssh-portable> get-content -raw .\version.h |
.\bin\x64\Debug\ssh-keygen.exe -vvv -Y sign -f .\id_rsa -n "abc" |
out-file .\id_rsa.sig
PS E:\code\openssh-portable> get-content -raw ./version.h |
.\bin\x64\Debug\ssh-keygen.exe -vvv -Y verify -s
E:\code\openssh-portable\id_rsa.sig -n "abc" -f
E:\code\openssh-portable\id_rsa.pub -I test
Couldn't parse signature: missing header
verify: sshsig_armor: invalid format
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list