Problem/bug report for "bad decrypted len" error in OpenSSH
Markus Friedl
markus at openbsd.org
Tue Jun 17 19:06:23 EST 2003
On Tue, Jun 17, 2003 at 10:38:35AM +0200, Nils Larsch wrote:
> Markus Friedl wrote:
> >replace
> >
> > if (len != hlen + oidlen) {
> >with
> > if (len < hlen + oidlen) {
> >
> >instead of deleting lines.
>
> Hi Markus,
>
> are you sure this is correct ?
no, i'm not sure. perhaps we will back out this change.
> As far as I understand PKCS#1
> (in this case the RSASSA-PKCS1-v1_5-Verfiy (8.2.2) function)
> should the signature verification return "invalid signature"
> in this case (because the second encoded message would not
> contain this additional byte). From the error messange:
> sshd[1224] error: bad decrypted len: 36 != 20 + 15
> and the fact that disabling this checks results in a
> successful signature verification I guess that the decrypted
> content has the form decrypted = DigestInfo || hash || x, where
> x is a (unknown) byte. I think it's a bug in the signature
> generation (the x byte shouldn't be there).
yes, this is why i had the != there in the first place.
and this is why we get insulted :)
-m
More information about the openssh-unix-dev
mailing list