search for: rsa_verify

Using OpenSSH 2.3.1 client and OpenSSL 0.9.6a When trying to ssh to OpenSSH server of higher versions SSH-1.99-OpenSSH_2.5.2p2 or such, I see error in RSA key exchange: RSA_verify(..)routine. I see: error at:int RSA_verify(int dtype, unsigned char *m, unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, RSA *rsa) { int i,ret=0,sigtype; unsigned char *p,*s; X509_SIG *sig=NULL; if (siglen != (unsigned int)RSA_size(rsa)) {...

...us after upgrading to openssh-3.4p1 (we were at openssh-3.1p1) (openssl is at 0.96d). Any time we try to connect from another unix box also running openssh-3.4p1, we get the following error (on the server side) and host based auth fails (it falls back to password prompt). sshd[15038]: error: ssh_rsa_verify: RSA_verify failed: error:04077068:lib(4):func(119):reason(104) We are running on AIX 4.3.3 using the IBM VAC C compiler. User binaries: /usr/local/bin System binaries: /usr/local/sbin Configuration files: /usr/local/etc As...

...t. The other 200 systems are working fine. Every once in a blue-moon it will connect with version 2. When I try to connect to or from one of these hosts using SSH2 I get the following error (I have sshd -d -d -d and ssh -2 -v -v -v output if that helps): dhaag at cyberpup> ssh -2 waltst2 ssh_rsa_verify: RSA_verify failed: error:04077068:rsa routines:RSA_verify:bad signature key_verify failed for server_host_key Here's what I have done so far: -recompiled on the suspect box, no change. -compiled 2.5.2p2 on suspect box with no change. -don't see any network errors (netstat -i). -egd seems...

Package: logcheck-database Version: 1.2.63 > Apr 28 17:02:39 naam dkim-filter[15536]: 570BA180CE: bad signature data > Apr 28 17:03:20 naam dkim-filter[15536]: A08D2180CE: bad signature data > Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE SSL error:04077068:rsa routines:RSA_verify:bad signature > Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE: bad signature data > Apr 28 17:57:06 naam dkim-filter[15536]: AB641180CE SSL error:04077068:rsa routines:RSA_verify:bad signature > Apr 28 17:57:06 naam dkim-filter[15536]: AB641180CE: bad signature data > Apr 28 17:58...

...buffer code that can be exploited to cause a heap overflow: http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html Fortunately OpenSSH's sshd is not vulnerable - it has avoided the use of ASN.1 parsing since 2002 when Markus wrote a custom RSA verification function (openssh_RSA_verify): http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-rsa.c?rev=HEAD;content-type=text%2Fplain That's now eight exploitable bugs that this change has saved us from. It's a good lesson in how excising even a relatively small amount of complex attack surface can make a substantial dif...

Does anyone knows if there is a patch for OpenSSH in order to make it work with 0.9.8r OpenSSL in FIPS Mode ? I'm having problem with the RSA_public_decrypt() function that is failing in FIPS Mode, I changed it to use RSA_verify instead and setting the flag "RSA_FLAG_NON_FIPS_ALLOW", and it's working fine now, but I'm not sure if this is allowed in FIPS Mode, does anyone knows something about that ? I read something about the use of EVP_Verify* functions, is there any patch for this ? Great thanks ! --...

.../ignore.d.server/dkim-filter 2008-05-22 04:20:58.000000000 -0400 +++ logcheck-1.3.8/rulefiles/linux/ignore.d.server/dkim-filter 2010-05-04 16:32:31.000000000 -0400 @@ -1,2 +1,2 @@ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dkim-filter\[[[:digit:]]+\]: [[:xdigit:]]{10} SSL error:04077068:rsa routines:RSA_verify:bad signature$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dkim-filter\[[[:digit:]]+\]: [[:xdigit:]]{10}: bad signature data$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dkim-filter\[[[:digit:]]+\]: [[:xdigit:]]{11} SSL error:04077068:rsa routines:RSA_verify:bad signature$ +^\w{3} [ :[:digit:]]{11} [._...

This is debugs seen on server, whose keys are not accepted by the client: debug1: Seeding random number generator debug1: sshd version OpenSSH_2.5.2p2 debug1: load_private_key_autodetect: type 0 RSA1 debug1: read SSH2 private key done: name rsa w/o comment success 1 debug1: load_private_key_autodetect: type 1 RSA debug1: read SSH2 private key done: name dsa w/o comment success 1 debug1:

...quest_send entering: type 21 debug3: mm_request_receive entering debug3: mm_send_debug: Sending debug: Accepted for bester.cad.gatech.edu [130.20 7.84.20] by /etc/ssh/shosts.equiv. debug3: mm_key_verify entering debug3: mm_request_send entering: type 22 debug3: monitor_read: checking request 22 ssh_rsa_verify: RSA_verify failed: error:04077068:lib(4):func(119):reason(104) debug1: ssh_rsa_verify: signature incorrect debug3: mm_answer_keyverify: key 132398 signature unverified debug3: mm_request_send entering: type 23 Failed hostbased for vf5 from 130.207.84.20 port 33083 ssh2 debug3: mm_request_receive e...

...ars in.) res_crypto.c:400: dereferencing pointer to incomplete type res_crypto.c:403: dereferencing pointer to incomplete type res_crypto.c: In function `ast_check_signature': res_crypto.c:424: dereferencing pointer to incomplete type res_crypto.c:442: warning: implicit declaration of function `RSA_verify' res_crypto.c:442: `NID_sha1' undeclared (first use in this function) res_crypto.c:442: dereferencing pointer to incomplete type res_crypto.c: In function `crypto_load': res_crypto.c:462: dereferencing pointer to incomplete type res_crypto.c:463: dereferencing pointer to incomplete type...

Functionality request for supporting Digital Signatures for RSA and DSS Public Key Algorithms in alignment with NIST SP800-131A. I assume this has been asked before, but I could not find in the archives. Support of "ssh-rsa-sha256" and "ssh-dss-sha256" public key algorithms for OpenSSH? I know Suite B Algorithms and x509 SSH Extension Algorithms are supported, but not a

...ce to `ASN1_INTEGER_set' /usr/local/ssl/lib/libssl.so: undefined reference to `i2d_ASN1_OCTET_STRING' /usr/local/ssl/lib/libssl.so: undefined reference to `X509_STORE_CTX_get_ex_new_ index' /usr/local/ssl/lib/libssl.so: undefined reference to `RSA_verify' /usr/local/ssl/lib/libssl.so: undefined reference to `BN_dup' /usr/local/ssl/lib/libssl.so: undefined reference to `ERR_add_error_data' /usr/local/ssl/lib/libssl.so: undefined reference to `X509_NAME_cmp' /usr/local/ssl/lib/libssl.so: undefined reference to `EVP_PKEY_size' /usr...

...t mismatch ('%s' != '%s')", + fp, ca_fp); + xfree(fp); + return 0; + } + xfree(fp); + + fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); + snprintf(datbuf, sizeof(datbuf), "%s;%s;%s;%s;%lu;%lu", + fp, ca_name, ca_id, ca_opts, vf, vt); + xfree(fp); + + if (RSA_verify(NID_ripemd160, datbuf, strlen(datbuf), sigbuf, siglen, + ca_key->rsa) != 1) { + debug2("cert_verify: signature not valid ('%s')", ca_sig); + return 0; + } + if (vf && vf > now) { + debug2("cert_verify: certificate is not yet valid (%lu > %lu)", +...