bugzilla-daemon at mindrot.org
2004-Jun-23 23:42 UTC
[Bug 884] DSA keys (id_dsa.pub) with 8192 bits or more aren't correctly recognized
http://bugzilla.mindrot.org/show_bug.cgi?id=884 dmr at gmx.it changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|DSA keys (id_dsa.pub) with |DSA keys (id_dsa.pub) with |8192 bytes or more aren't |8192 bits or more aren't |correctly recognized |correctly recognized ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Jun-24 00:01 UTC
[Bug 884] DSA keys (id_dsa.pub) with 8192 bits or more aren't correctly recognized
http://bugzilla.mindrot.org/show_bug.cgi?id=884 ------- Additional Comments From dmr at gmx.it 2004-06-24 10:01 ------- Oops, I've written: 'this is what I get using ssh with a 8192 bytes DSA key...' but I wanted to say 'this is what I get using ssh with a 8192 bits DSA key...'. Sorry. Unfortunately it seems that the key size has been hard-wired in some other place, because every attempt to raise the keysize over 8192 bits limit won't work at all. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Jun-24 05:27 UTC
[Bug 884] DSA keys (id_dsa.pub) with 8192 bits or more aren't correctly recognized
http://bugzilla.mindrot.org/show_bug.cgi?id=884 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From dtucker at zip.com.au 2004-06-24 15:27 -------> every attempt to raise the keysize over 8192 bits limit won't workMaybe a limit in OpenSSL's DSA functions? Your read_whole_line() function seems a lot more complicated than it needs to be. xrealloc will leave the file content intact, so instead of ftell/fseek/goto you can just initialise everthing to zero/NULL then just repeatedly read chunks until you get a newline, eg, while (1) { buf = xrealloc(buf, size + CHUNKSZ); size += CHUNKSZ; nextpart = buf + len; if (fgets(nextpart, CHUNKSZ, f) == NULL) break; len += strlen(nextpart); if (buf[len - 1] == '\n') break; } (For bonus points, add some better handling of fgets() == NULL. Or use buffer_append instead of xrealloc.) Anyway, an 8kbit key is just over 4KBytes encoded and I don't think it's worth the extra complexity of making it dynamic just to save a couple of KB of stack space. Either way key_try_load_public shouldn't pass incomplete lines to key_read, though. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Jun-24 05:30 UTC
[Bug 884] DSA keys (id_dsa.pub) with 8192 bits or more aren't correctly recognized
http://bugzilla.mindrot.org/show_bug.cgi?id=884 ------- Additional Comments From dtucker at zip.com.au 2004-06-24 15:30 ------- Created an attachment (id=659) --> (http://bugzilla.mindrot.org/attachment.cgi?id=659&action=view) discard excessively long lines in key_try_load_public ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Jun-24 07:16 UTC
[Bug 884] DSA keys (id_dsa.pub) with 8192 bits or more aren't correctly recognized
http://bugzilla.mindrot.org/show_bug.cgi?id=884 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #659 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2004-06-24 17:16 ------- Created an attachment (id=660) --> (http://bugzilla.mindrot.org/attachment.cgi?id=660&action=view) Allow large keys to work. Try this patch, tested OK with up to 16 kbit keys. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Jun-24 13:36 UTC
[Bug 884] DSA keys (id_dsa.pub) with 8192 bits or more aren't correctly recognized
http://bugzilla.mindrot.org/show_bug.cgi?id=884 ------- Additional Comments From dmr at gmx.it 2004-06-24 23:36 -------> > every attempt to raise the keysize over 8192 bits limit won't work > > Maybe a limit in OpenSSL's DSA functions? > > Your read_whole_line() function seems a lot more complicated than it needs to > be. xrealloc will leave the file content intact, so instead of ftell/fseek/goto > you can just initialise everthing to zero/NULL then just repeatedly read chunks > until you get a newline, eg, > > while (1) { > buf = xrealloc(buf, size + CHUNKSZ); > size += CHUNKSZ; > nextpart = buf + len; > if (fgets(nextpart, CHUNKSZ, f) == NULL) > break; > len += strlen(nextpart); > if (buf[len - 1] == '\n') > break; > } > > (For bonus points, add some better handling of fgets() == NULL. Or use > buffer_append instead of xrealloc.)You are right... but that patch was only a quick and dirty trick... that function has been stripped down from another place only for testing purposes. However now it shoud be ok.> Anyway, an 8kbit key is just over 4KBytes encoded and I don't think it's > worth the extra complexity of making it dynamic just to save a couple of KB > of stack space.IMHO the problem here is that the maximum key size is hard coded in openssh, while it should be _at most_ hard coded in (e.g.) openssl...> Either way key_try_load_public shouldn't pass incomplete lines to key_read,though. I agree... However, the following patch should fix - it worked pretty fine for me - any key-size troubles: tested ok with 32K keys, actually in production on my cluster and several other systems. Thanks a lot for your support. Regards, Alessandro ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Jun-24 13:40 UTC
[Bug 884] DSA keys (id_dsa.pub) with 8192 bits or more aren't correctly recognized
http://bugzilla.mindrot.org/show_bug.cgi?id=884 dmr at gmx.it changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #658 is|0 |1 obsolete| | ------- Additional Comments From dmr at gmx.it 2004-06-24 23:40 ------- Created an attachment (id=661) --> (http://bugzilla.mindrot.org/attachment.cgi?id=661&action=view) lets openssh to accept and use very large keys (>8Kbits) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Jun-25 07:40 UTC
[Bug 884] DSA keys (id_dsa.pub) with 8192 bits or more aren't correctly recognized
http://bugzilla.mindrot.org/show_bug.cgi?id=884 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #660 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2004-06-25 17:40 ------- Created an attachment (id=663) --> (http://bugzilla.mindrot.org/attachment.cgi?id=663&action=view) Allow arbitary sized rsa1, rsa & dsa keys Current WIP patch for dynamically allocating memory for keys. Tests OK for 4kbit -> 16kbit keys (I have a regression test for this which I'll attach separately). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Jun-25 07:40 UTC
[Bug 884] DSA keys (id_dsa.pub) with 8192 bits or more aren't correctly recognized
http://bugzilla.mindrot.org/show_bug.cgi?id=884 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |822 nThis| | Keywords| |openbsd, patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Possibly Parallel Threads
- [Bug 884] DSA keys (id_dsa.pub) with 8192 bytes or more aren't correctly recognized
- [Bug 884] DSA keys (id_dsa.pub) with 8192 bits or more aren't correctly recognized
- [Bug 884] DSA keys (id_dsa.pub) with 8192 bits or more aren't correctly recognized
- [Bug 884] DSA keys (id_dsa.pub) with 8192 bits or more aren't correctly recognized
- [Bug 884] DSA keys (id_dsa.pub) with 8192 bits or more aren't correctly recognized