simon-git: putty (main): Simon Tatham
Commits to Tartarus hosted VCS
tartarus-commits at lists.tartarus.org
Mon Jul 8 21:56:59 BST 2024
TL;DR:
a5bcf3d3 Pad RSA signature blobs if they're made with SHA-2.
Repository: https://git.tartarus.org/simon/putty.git
On the web: https://git.tartarus.org/?p=simon/putty.git
Branch updated: main
Committer: Simon Tatham <anakin at pobox.com>
Date: 2024-07-08 21:56:59
commit a5bcf3d384e1bf15a51a6923c3724cbbee022d8e
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=a5bcf3d384e1bf15a51a6923c3724cbbee022d8e;hp=b7174344e60f1a08b1288c79aa7f13f923bb4765
Author: Simon Tatham <anakin at pobox.com>
Date: Mon Jul 8 21:49:39 2024 +0100
Pad RSA signature blobs if they're made with SHA-2.
The "rsa-sha2-256" and "rsa-sha2-512" algorithms, as defined by RFC
8332, differ in one detail from "ssh-rsa" in addition to the change of
hash function. They also specify that the signature integer should be
encoded using the same number of bytes as the key modulus, even if
that means giving it a leading zero byte (or even more than one).
I hadn't noticed this, and had assumed that unrelated details wouldn't
have changed. But they had. Thanks to Ilia Mirkin for pointing this
out.
Nobody has previously reported a problem, so very likely most servers
are forgiving of people making this mistake! But now it's been pointed
out, we should comply with the spec. (Especially since the new spec is
more sensible, and only historical inertia justified sticking to the
old one.)
crypto/rsa.c | 31 +++++++++++++++++++++++++++++-
test/cryptsuite.py | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 86 insertions(+), 1 deletion(-)
More information about the tartarus-commits
mailing list