Details
-
Fix
-
Status: Released (View Workflow)
-
Minor
-
Resolution: Fixed
-
1.12
-
None
Description
Current Situation
Users report the bug JSCH-111
Jurrie Overgoor traced the bug, he states:
quote
I've traced this to be a bug in the conversion of mpint (which SSH uses) to ASN.1 (which JCA expects). It's in SignatureDSA.java. I've fixed this and notified the JSCH team, but as I need the fix myself (and right now) I've published a Maven artifact that you can use to fix this bug. It contains an alternative implementation of SignatureDSA.java.
Please see https://github.com/Jurrie/jsch-111-bugfix for more information.
By the way: during testing I also hit another bug. When the first integer in the hash is very small (starts with 0x00, 0x00, 0x00), JSCH incorrectly assumes it to be the SSH identification string exchange message, and hash verification fails. This bug wouldn't surface that often, but still I managed to hit it. My alternative implementation now checks the first 8 bytes instead of the first 3. This doesn't prevent the bug, but reduces the chance of it surfacing drastically.
quote
Desired Behavior
YADE should use the fix provided by Jurrie Overgoor