diff options
| author | Ilia Mirkin <imirkin@alum.mit.edu> | 2024-07-16 15:48:14 -0400 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2024-07-26 16:39:19 +0000 |
| commit | 3375612bf41a8cdb0cdfdc21e6ca2c7ae0f764b5 (patch) | |
| tree | 9c19635aa5deb5ced79e9f1a3e443791ad92bbe4 /go.sum | |
| parent | bb80217080b0e04c6e73e5dcd9f3a9bb11fe23f6 (diff) | |
| download | go-x-crypto-3375612bf41a8cdb0cdfdc21e6ca2c7ae0f764b5.tar.xz | |
ssh: add support for unpadded RSA signatures
The original SSH RFC 4253 explicitly disallows padding. This applies to
ssh-rsa signatures.
The updated SSH RFC 8332 which defines the SHA2 RSA signature variants
explicitly calls out the existence of signers who produce short
signatures and specifies that verifiers may allow this behavior.
In practice, PuTTY 0.81 and prior versions, as well as SSH.NET prior to
2024.1.0 always generated short signatures. Furthermore, PuTTY is
embedded in other software like WinSCP and FileZilla, which are updated
on their own schedules as well. This leads to occasional unexplained
login errors, when using RSA keys.
OpenSSH server allows these short signatures for all RSA algorithms.
Fixes golang/go#68286
Change-Id: Ia60ece21bf9c111c490fac0c066443ed5ff7dd29
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/598534
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Diffstat (limited to 'go.sum')
0 files changed, 0 insertions, 0 deletions