Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
openssl 1..0.1e -bad sig size 32 32 for DSA 2048 keys
237 views
Skip to first unread message
Cipher
May 20, 2013, 11:07:03 AM5/20/13
to
Hi,
I built and installed openssl 1.0.1e. When i try to connect using ssh with
2048 DSA keys, i get *bad sig size 32 32* error.
Is this a bug?
Here is how i created the keys.
openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
openssl dsaparam -out dsaparam.pem 2048
openssl gendsa -out ssh_dsa_key dsaparam.pem
In sshd_config,
HostKey ssh_dsa_key
Here is the debug log.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 198.14.64.100 port 54130
debug1: Client protocol version 2.0; client software version OpenSSH_5.5p1
Debian-6+squeeze1
debug1: match: OpenSSH_5.5p1 Debian-6+squeeze1 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1
debug1: permanently_set_uid: 101/65534 [preauth]
debug1: list_hostkey_types: ssh-dss [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5 none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5 none [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
bad sig size 32 32
mm_answer_sign: key_sign failed
debug1: do_cleanup
Thanks in Advance.
--
View this message in context: http://openssl.6102.n7.nabble.com/openssl-1-0-1e-bad-sig-size-32-32-for-DSA-2048-keys-tp45189.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
I built and installed openssl 1.0.1e. When i try to connect using ssh with
2048 DSA keys, i get *bad sig size 32 32* error.
Is this a bug?
Here is how i created the keys.
openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
openssl dsaparam -out dsaparam.pem 2048
openssl gendsa -out ssh_dsa_key dsaparam.pem
In sshd_config,
HostKey ssh_dsa_key
Here is the debug log.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 198.14.64.100 port 54130
debug1: Client protocol version 2.0; client software version OpenSSH_5.5p1
Debian-6+squeeze1
debug1: match: OpenSSH_5.5p1 Debian-6+squeeze1 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1
debug1: permanently_set_uid: 101/65534 [preauth]
debug1: list_hostkey_types: ssh-dss [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5 none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5 none [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
bad sig size 32 32
mm_answer_sign: key_sign failed
debug1: do_cleanup
Thanks in Advance.
--
View this message in context: http://openssl.6102.n7.nabble.com/openssl-1-0-1e-bad-sig-size-32-32-for-DSA-2048-keys-tp45189.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
Dave Thompson
May 22, 2013, 7:22:16 PM5/22/13
to
> From: owner-ope...@openssl.org On Behalf Of Cipher
> Sent: Monday, 20 May, 2013 11:07
> I built and installed openssl 1.0.1e. When i try to connect
> using ssh with
> 2048 DSA keys, i get *bad sig size 32 32* error.
> Is this a bug?
> Here is how i created the keys.
>
openssh (through 6.2) ssh-dss.c limits sig parts to
20 bytes (matching a SHA1 hash), consistent with RFC 4253
6.6 which specifies SHA1 and 160-bit (20-byte) r & s.
Note 4253 was issued in 2006 well before DSS was updated
by 186-3 in 2009 with groups>1k subgroups>160 (and SHA2).
On checking I see 6668 less than a year ago defines new
*data* hmacs for SHA-256/512, but no change to pubkey auth.
So there doesn't appear to be any standard or interoperable
SSH protocol using 186-3, nor any openssh extension.
You may have hit the difference because openssl < 1.0.0
supported |p|>1024 as a then-nonstandard extension, but
still |q|=160 and SHA1 for signing (because of API issue).
Newer openssl does |q|=256 SHA-2 -- incompatible with (open)ssh.
In 1.0.0 unless you use what is intended as an internal routine
you can't generate parameters for 2048/160. But if you use
parameters generated by 0.9.8 (or some other thing that can
do 2048/160), and generate a key, the sign and verify logic
and thus I expect (probably) openssh can use it. But you
don't get any security benefit; SP800-57 rates 2048/224
or 2048/256 as 112-bit strength, but using 2048/160 will
reduce it to 80-bit strength no better than 1024/160.
And you may or may not be interoperable, because another
implementation may have coded to FIPS 186-2 as specified.
> Sent: Monday, 20 May, 2013 11:07
> I built and installed openssl 1.0.1e. When i try to connect
> using ssh with
> 2048 DSA keys, i get *bad sig size 32 32* error.
> Is this a bug?
> Here is how i created the keys.
>
20 bytes (matching a SHA1 hash), consistent with RFC 4253
6.6 which specifies SHA1 and 160-bit (20-byte) r & s.
Note 4253 was issued in 2006 well before DSS was updated
by 186-3 in 2009 with groups>1k subgroups>160 (and SHA2).
On checking I see 6668 less than a year ago defines new
*data* hmacs for SHA-256/512, but no change to pubkey auth.
So there doesn't appear to be any standard or interoperable
SSH protocol using 186-3, nor any openssh extension.
You may have hit the difference because openssl < 1.0.0
supported |p|>1024 as a then-nonstandard extension, but
still |q|=160 and SHA1 for signing (because of API issue).
Newer openssl does |q|=256 SHA-2 -- incompatible with (open)ssh.
In 1.0.0 unless you use what is intended as an internal routine
you can't generate parameters for 2048/160. But if you use
parameters generated by 0.9.8 (or some other thing that can
do 2048/160), and generate a key, the sign and verify logic
and thus I expect (probably) openssh can use it. But you
don't get any security benefit; SP800-57 rates 2048/224
or 2048/256 as 112-bit strength, but using 2048/160 will
reduce it to 80-bit strength no better than 1024/160.
And you may or may not be interoperable, because another
implementation may have coded to FIPS 186-2 as specified.
0 new messages