search

wolfSSL / wolfssh

wolfSSH is a small, fast, portable SSH implementation, including support for SCP and SFTP.
https://www.wolfssl.com
367 stars 88 forks source link

RSA Verify Refactor #709

Closed ejohnstown closed 3 months ago

ejohnstown commented 3 months ago

Description

Some implementations of SSH will remove all leading zeros from an encoded RSA signature, which is allowed per the RFCs. Our verify function requires the signature to be the same size as the key. This refactor will pad a signature with leading zeros if it is short. (ZD 18095)

Testing

Run the echoserver and the PuTTY plink tools:

./examples/echoserver/echoserver -I putty:keys/putty_rsa.pub
plink -batch -P 22222 -l putty -i keys/putty_rsa.ppk localhost
while $(echo | plink -batch -P 22222 -l putty -i keys/putty_rsa.ppk localhost) ; do : ; done

The while version will repeatedly call the command. There's a 1/256 chance of the signature failing before the fix.