On Sunday 06 of December 2009 13:47:11 Kamil Dudka wrote: > The OpenSSL part looks good, it ran without a single error for several > hours today. However the libgcrypt part still seems to be broken. It fails > now with probability about 50% for me, always with the following error: > > SSH public key authentication failed: Would block requesting userauth list > > I haven't investigated it further yet.
Attached is my follow-up. > Kamil
From 80f3cf2d3679c7a38e43e0126c13a8e394d1ee97 Mon Sep 17 00:00:00 2001 From: Kamil Dudka <[email protected]> Date: Sun, 6 Dec 2009 14:32:32 +0100 Subject: [PATCH 1/2] libgcrypt: follow-up for ssh-dss padding fix --- src/libgcrypt.c | 24 ++++++++++++++++++++++-- 1 files changed, 22 insertions(+), 2 deletions(-) diff --git a/src/libgcrypt.c b/src/libgcrypt.c index b06be42..84d708e 100644 --- a/src/libgcrypt.c +++ b/src/libgcrypt.c @@ -435,7 +435,17 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, } tmp = gcry_sexp_nth_data(data, 1, &size); - if (!tmp || size < 1 || size > 20) { + if (!tmp) { + ret = -1; + goto out; + } + + if (tmp[0] == '\0') { + tmp++; + size--; + } + + if (size < 1 || size > 20) { ret = -1; goto out; } @@ -453,7 +463,17 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, } tmp = gcry_sexp_nth_data(data, 1, &size); - if (!tmp || size < 1 || size > 20) { + if (!tmp) { + ret = -1; + goto out; + } + + if (tmp[0] == '\0') { + tmp++; + size--; + } + + if (size < 1 || size > 20) { ret = -1; goto out; } -- 1.6.2.5
From 05df81b63339f1693ad9cf36447235fd0a78f792 Mon Sep 17 00:00:00 2001 From: Kamil Dudka <[email protected]> Date: Sun, 6 Dec 2009 14:35:03 +0100 Subject: [PATCH 2/2] libgcrypt: simplify code of _libssh2_dsa_sha1_sign --- src/libgcrypt.c | 41 ++++++++++++++++------------------------- 1 files changed, 16 insertions(+), 25 deletions(-) diff --git a/src/libgcrypt.c b/src/libgcrypt.c index 84d708e..2da0559 100644 --- a/src/libgcrypt.c +++ b/src/libgcrypt.c @@ -429,26 +429,20 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, /* Extract R. */ data = gcry_sexp_find_token(sig_sexp, "r", 0); - if (!data) { - ret = -1; - goto out; - } + if (!data) + goto err; tmp = gcry_sexp_nth_data(data, 1, &size); - if (!tmp) { - ret = -1; - goto out; - } + if (!tmp) + goto err; if (tmp[0] == '\0') { tmp++; size--; } - if (size < 1 || size > 20) { - ret = -1; - goto out; - } + if (size < 1 || size > 20) + goto err; memcpy(sig + (20 - size), tmp, size); @@ -457,30 +451,27 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, /* Extract S. */ data = gcry_sexp_find_token(sig_sexp, "s", 0); - if (!data) { - ret = -1; - goto out; - } + if (!data) + goto err; tmp = gcry_sexp_nth_data(data, 1, &size); - if (!tmp) { - ret = -1; - goto out; - } + if (!tmp) + goto err; if (tmp[0] == '\0') { tmp++; size--; } - if (size < 1 || size > 20) { - ret = -1; - goto out; - } + if (size < 1 || size > 20) + goto err; memcpy(sig + 20 + (20 - size), tmp, size); + goto out; + + err: + ret = -1; - ret = 0; out: if (sig_sexp) { gcry_sexp_release(sig_sexp); -- 1.6.2.5
_______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
