[Bug 2737] function identity_sign() assume private key's pub part as same as the .pub key.

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jul 7 17:20:49 AEST 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2737

--- Comment #4 from jj.net at 163.com ---
thanks, i apply this patch and it will report error if mismatched but
not try private again,  and add some code to fix it and works.

a/sshconnect2.c

ssherr.h
---------------
    #define SSH_ERR_CONN_CORRUPT               -54
    #define SSH_ERR_PROTOCOL_ERROR          -55
+  #define SSH_ERR_KEY_RETRY_PRIVATE       -56

    /* Translate a numeric error code to a human-readable error string
*/
   const char *ssh_err(int n);


ssherr.c
---------------
        case SSH_ERR_PROTOCOL_ERROR:
            return "Protocol error";
+       case SSH_ERR_KEY_RETRY_PRIVATE:
+           return "Key retry private";
        default:
            return "unknown error";

ssconnect2.c
---------------
        /* load the private key from the file */
        if ((prv = load_identity_file(id)) == NULL)
                return SSH_ERR_KEY_NOT_FOUND;
+       if (id->key != NULL && !sshkey_equal_public(prv, id->key)) {
+               error("%s: private key %s contents do not match public,
try again with private key",
+                  __func__, id->filename);
+               return SSH_ERR_KEY_RETRY_PRIVATE;
+       }
        ret = sshkey_sign(prv, sigp, lenp, data, datalen,
            key_sign_encode(prv), compat);
        sshkey_free(prv);
...
     ret = identity_sign(id, &signature, &slen,
         buffer_ptr(&b), buffer_len(&b), datafellows);
     if (ret != 0) {
         if (ret != SSH_ERR_KEY_NOT_FOUND)
             error("%s: signing failed: %s", __func__, ssh_err(ret));
+        if (ret == SSH_ERR_KEY_RETRY_PRIVATE) {
+           id->tried = 0;
+            key_free(id->key);
+            id->key = NULL;
+            TAILQ_REMOVE(&authctxt->keys, id, next);
+            TAILQ_INSERT_HEAD(&authctxt->keys, id, next);
         }
         free(blob);
         buffer_free(&b);

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list