[crypto] ssh/agent: enforce strict limits on DSA key parameters

0 views
Skip to first unread message

Nicola Murino (Gerrit)

unread,
Jun 30, 2026, 1:06:35 PM (23 hours ago) Jun 30
to goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, Junyang Shao, Roland Shoemaker, Filippo Valsorda, Gopher Robot, golang...@luci-project-accounts.iam.gserviceaccount.com, golang-co...@googlegroups.com

Nicola Murino submitted the change

Change information

Commit message:
ssh/agent: enforce strict limits on DSA key parameters

The parseDSAKey function constructed a *dsa.PrivateKey directly from the
add-identity request without validating the key parameters. Unlike DSA
certificates, whose parameters are checked by the ssh package when the
certificate's public key is parsed, raw DSA keys added to the agent were
not validated at all.

Align the raw DSA key parsing with the validation already performed by
the main ssh package.

Fixes golang/go#79725
Change-Id: I537cc2175d35c19848c90c68739cf94ba7b50e10
Reviewed-by: Roland Shoemaker <rol...@golang.org>
Reviewed-by: Junyang Shao <shaoj...@google.com>
Files:
  • M ssh/agent/server.go
  • M ssh/agent/server_test.go
Change size: M
Delta: 2 files changed, 117 insertions(+), 6 deletions(-)
Branch: refs/heads/master
Submit Requirements:
Open in Gerrit
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: merged
Gerrit-Project: crypto
Gerrit-Branch: master
Gerrit-Change-Id: I537cc2175d35c19848c90c68739cf94ba7b50e10
Gerrit-Change-Number: 795422
Gerrit-PatchSet: 3
Gerrit-Owner: Nicola Murino <nicola...@gmail.com>
Gerrit-Reviewer: Junyang Shao <shaoj...@google.com>
Gerrit-Reviewer: Nicola Murino <nicola...@gmail.com>
Gerrit-Reviewer: Roland Shoemaker <rol...@golang.org>
Gerrit-CC: Filippo Valsorda <fil...@golang.org>
Gerrit-CC: Gopher Robot <go...@golang.org>
open
diffy
satisfied_requirement
Reply all
Reply to author
Forward
0 new messages