Re: 1024 RSA keys failing at mm_answer_keyverify

Darren Tucker <dtucker@xxxxxxxxxxx> · Tue, 30 Apr 2019 09:56:30 +1000

On Mon, Apr 29, 2019 at 12:19:15PM -0700, Manju Prabhu wrote:
> Hi,
> I am trying to debug why, when I use 1024 size RSA keys, ssh from client
> fails. The keys are copied fine. Permissions looks good. 2048 to 8192 sized
> keys work fine.
[...]
> *auth.debug: Apr 26 18:48:21 vm1 sshd[2442]: debug3: mm_answer_keyverify:
> publickey 0x7f4120b43cd0 signature unverified*

That ultimately ends up in ssh-rsa.c:ssh_rsa_verify(), but the debug
message does not include the return code.  This adds a bit more
debugging, what does it report?

diff --git a/monitor.c b/monitor.c
index 60e529444..f2f875732 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1431,8 +1431,8 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
 
 	ret = sshkey_verify(key, signature, signaturelen, data, datalen,
 	    sigalg, ssh->compat);
-	debug3("%s: %s %p signature %s", __func__, auth_method, key,
-	    (ret == 0) ? "verified" : "unverified");
+	debug3("%s: %s %p signature %s (%s)", __func__, auth_method, key,
+	    (ret == 0) ? "verified" : "unverified", ssh_err(ret));
 	auth2_record_key(authctxt, ret == 0, key);
 
 	free(blob);
diff --git a/ssh-rsa.c b/ssh-rsa.c
index 9b14f9a9a..378db0300 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -248,7 +248,7 @@ ssh_rsa_verify(const struct sshkey *key,
 {
 	const BIGNUM *rsa_n;
 	char *sigtype = NULL;
-	int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR;
+	int bits, hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR;
 	size_t len = 0, diff, modlen, dlen;
 	struct sshbuf *b = NULL;
 	u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL;
@@ -258,9 +258,12 @@ ssh_rsa_verify(const struct sshkey *key,
 	    sig == NULL || siglen == 0)
 		return SSH_ERR_INVALID_ARGUMENT;
 	RSA_get0_key(key->rsa, &rsa_n, NULL, NULL);
-	if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
+	bits = BN_num_bits(rsa_n);
+	if (bits < SSH_RSA_MINIMUM_MODULUS_SIZE) {
+		debug3("%s: key smaller than minimum %d bits vs %d", __func__,
+		    bits, SSH_RSA_MINIMUM_MODULUS_SIZE);
 		return SSH_ERR_KEY_LENGTH;
-
+	}
 	if ((b = sshbuf_from(sig, siglen)) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
 	if (sshbuf_get_cstring(b, &sigtype, NULL) != 0) {

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev






