URL: https://github.com/SSSD/sssd/pull/5566 Title: #5566: Fix exponent padding when deriving rsapubkey to ssh
peptekmail commented: """ > Hi, > > thanks for the patch, I agree with the fix. You are right, this issue is not > specific to rsassa-pss but is related to how BIGNUM handles negative numbers > (highest bit must be set). The similar code is just in the following lines in > `rsa_pub_key_to_ssh()` where the `0` is added unconditionally to the modulus. > Iirc in the old NSS based code there was a similar if-block than the one you > used here. I guess adding the `0` unconditionally to the exponent should work > as well. > > I added some inline comments as well. > > bye, > Sumit I tester. O > Hi, > > thanks for the patch, I agree with the fix. You are right, this issue is not > specific to rsassa-pss but is related to how BIGNUM handles negative numbers > (highest bit must be set). The similar code is just in the following lines in > `rsa_pub_key_to_ssh()` where the `0` is added unconditionally to the modulus. > Iirc in the old NSS based code there was a similar if-block than the one you > used here. I guess adding the `0` unconditionally to the exponent should work > as well. > > I added some inline comments as well. > > bye, > Sumit Thanks for pointing that out. I tested both conditional an unconditional padding with '0' om both exponent and modulus but this setup is the only one that seems to work every time. Openssh does this in a diffrent way I do not fullty grasp so if anyone gets into trouble with this change that is where to look. But the integration test should catch that and make it easy to compare diffrent certs. """ See the full comment at https://github.com/SSSD/sssd/pull/5566#issuecomment-816198991
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
