lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-09 15:41:10 +03:00
Code Activity

libgcrypt: Prevent signature blob to start with 1 bit

Browse Source 
This should prevent the long standing random failures of libgcrypt pipeline. I
was recently able to reproduce it only with dropbear, which sounds like choking
on the signature starting with bit 1, possibly interpretting it as a negative
value.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
This commit is contained in:
Jakub Jelen
2024-04-17 10:49:31 +02:00
parent dceb17d2ad
commit 89c53e1962
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/pki_gcrypt.c
View File

@@ -1664,7 +1664,13 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
return NULL; return NULL;
} }
s = gcry_sexp_nth_data(sexp, 1, &size); s = gcry_sexp_nth_data(sexp, 1, &size);
if (*s == 0) {
/*
* Remove leading zeroes, but only the ones that do not make the MPI
* representation look like a negative value (first bit is one),
* which might confuse some implementations.
*/
while (size > 1 && s[0] == 0 && (s[1] & 0x80) == 0) {
size--; size--;
s++; s++;
} }