Problem/bug report for "bad decrypted len" error in OpenSSH
Nils Larsch
larsch at trustcenter.de
Tue Jun 17 18:38:35 EST 2003
Markus Friedl wrote:
> replace
>
> if (len != hlen + oidlen) {
> with
> if (len < hlen + oidlen) {
>
> instead of deleting lines.
Hi Markus,
are you sure this is correct ? As far as I understand PKCS#1
(in this case the RSASSA-PKCS1-v1_5-Verfiy (8.2.2) function)
should the signature verification return "invalid signature"
in this case (because the second encoded message would not
contain this additional byte). From the error messange:
sshd[1224] error: bad decrypted len: 36 != 20 + 15
and the fact that disabling this checks results in a
successful signature verification I guess that the decrypted
content has the form decrypted = DigestInfo || hash || x, where
x is a (unknown) byte. I think it's a bug in the signature
generation (the x byte shouldn't be there).
Nils
More information about the openssh-unix-dev
mailing list