From 7bd3364494a4b173f5bffc24bfa52fab6b26806a Mon Sep 17 00:00:00 2001 From: simon Date: Sat, 7 Feb 2004 10:02:20 +0000 Subject: [PATCH] Charles Wilcox reported a signature validation bug with 2500-bit RSA keys. This _appears_ to be due to me computing the byte count of the key by dividing the bit count by 8 and rounding _down_ rather than up. Therefore, I can't see how this code could ever have worked on any SSH2 RSA key whose length was not a multiple of 8 bits; and therefore I'm staggered that we haven't noticed it before! OpenSSH's keygen appears to be scrupulous about ensuring the returned key length is exactly what you asked for rather than one bit less, but even so I'm astonished that _all_ keygen implementations for servers we've ever interoperated with have avoided tripping this bug... git-svn-id: svn://svn.tartarus.org/sgt/putty@3815 cda61777-01e9-0310-a592-d414129be87e --- sshrsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sshrsa.c b/sshrsa.c index b7732105..f7817361 100644 --- a/sshrsa.c +++ b/sshrsa.c @@ -727,7 +727,7 @@ static int rsa2_verifysig(void *key, char *sig, int siglen, ret = 1; - bytes = bignum_bitcount(rsa->modulus) / 8; + bytes = (bignum_bitcount(rsa->modulus)+7) / 8; /* Top (partial) byte should be zero. */ if (bignum_byte(out, bytes - 1) != 0) ret = 0; -- 2.11.0