You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Writing an OpenSshCertificate to a Buffer and then reading it back from there corrupts the OpenSshCertificate.getMessage(), which is supposed to be the bytes signed by the signature.
Buffer.getPublicKey(() simply sets the message to all bytes read so far since offset zero. This is may include bytes before the raw public key. This renders getMessage() useless as it cannot be used for verifying the signature.
readBack.getMessage() would contain the extra 4 bytes for the overall public key length and signature verification of the readBack certificate fails if getMessage() is used.
Expected behavior
getMessage() correctly returns exactly the bytes of the raw certificate (including the key_type string), minus the signature.
Relevant log output
No response
Other information
No response
The text was updated successfully, but these errors were encountered:
Buffer.getBytesConsumed() is broken. It'll return wrong data for buffers
created on a slice of an array not starting at zero. Using it in
OpenSSHCertPublicKeyParser will return data before the raw certificate
in the buffer if that raw certificate is not the first thing in the
buffer.
Fix this by adding a Buffer.getBytesConsumed(int from) method, and use
that in OpenSSHCertPublicKeyParser.
Bug: apache#618
Version
2.14.0
Bug description
Writing an
OpenSshCertificate
to aBuffer
and then reading it back from there corrupts theOpenSshCertificate.getMessage()
, which is supposed to be the bytes signed by the signature.Buffer.getPublicKey(()
simply sets the message to all bytes read so far since offset zero. This is may include bytes before the raw public key. This rendersgetMessage()
useless as it cannot be used for verifying the signature.Actual behavior
After
readBack.getMessage()
would contain the extra 4 bytes for the overall public key length and signature verification of thereadBack
certificate fails ifgetMessage()
is used.Expected behavior
getMessage()
correctly returns exactly the bytes of the raw certificate (including the key_type string), minus the signature.Relevant log output
No response
Other information
No response
The text was updated successfully, but these errors were encountered: