mirror of
https://github.com/danog/tgseclib.git
synced 2024-11-27 04:34:45 +01:00
SSH2: fix issues with RSA key verification
Sometimes SSH servers will null pad their RSA keys. this null padding broke Net/SSH2.php's RSA implementation (Crypt/RSA.php's implementation works just fine). Also, the -3 was counting the initial "\0" of $h twice so adjust it to -2.
This commit is contained in:
parent
e63fe3fbdf
commit
3eac2582d6
@ -77,7 +77,7 @@ define('NET_SSH2_MASK_CONNECTED', 0x00000002);
|
||||
define('NET_SSH2_MASK_LOGIN_REQ', 0x00000004);
|
||||
define('NET_SSH2_MASK_LOGIN', 0x00000008);
|
||||
define('NET_SSH2_MASK_SHELL', 0x00000010);
|
||||
define('NET_SSH2_MASK_WINDOW_ADJUST', 0X00000020);
|
||||
define('NET_SSH2_MASK_WINDOW_ADJUST', 0x00000020);
|
||||
/**#@-*/
|
||||
|
||||
/**#@+
|
||||
@ -3769,8 +3769,9 @@ class Net_SSH2
|
||||
$e = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
|
||||
|
||||
$temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
|
||||
$n = new Math_BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
|
||||
$nLength = $temp['length'];
|
||||
$rawN = $this->_string_shift($server_public_host_key, $temp['length']);
|
||||
$n = new Math_BigInteger($rawN, -256);
|
||||
$nLength = strlen(ltrim($rawN, "\0"));
|
||||
|
||||
/*
|
||||
$temp = unpack('Nlength', $this->_string_shift($signature, 4));
|
||||
@ -3807,7 +3808,7 @@ class Net_SSH2
|
||||
$s = $s->toBytes();
|
||||
|
||||
$h = pack('N4H*', 0x00302130, 0x0906052B, 0x0E03021A, 0x05000414, sha1($this->exchange_hash));
|
||||
$h = chr(0x01) . str_repeat(chr(0xFF), $nLength - 3 - strlen($h)) . $h;
|
||||
$h = chr(0x01) . str_repeat(chr(0xFF), $nLength - 2 - strlen($h)) . $h;
|
||||
|
||||
if ($s != $h) {
|
||||
user_error('Bad server signature');
|
||||
|
Loading…
Reference in New Issue
Block a user