search for: buffer_put_bignum2

Hi When buffer_put_bugnum2 is called with zero bignum, it touches unallocated memory: BN_num_bytes returns 0, one byte is allocated and hasnohigh = (buf[1] & 0x80) ? 0 : 1; touches array out of bounds. Mikulas

...EY_DSA; + } else if (strcmp(name, "x509v3-sign-rsa") == 0) { + return KEY_RSA; + } else if (strcmp(name, "x509v3-sign-dss") == 0) { + return KEY_DSA; } debug2("key_type_from_name: unknown key type '%s'", name); return KEY_UNSPEC; @@ -739,9 +751,16 @@ buffer_put_bignum2(&b, key->dsa->pub_key); break; case KEY_RSA: - buffer_put_cstring(&b, key_ssh_name(key)); - buffer_put_bignum2(&b, key->rsa->e); - buffer_put_bignum2(&b, key->rsa->n); + if (key->x509) { + /* XXX ssh.com does not accept a key name here */ + len = i2...

...sa1"; + break; case KEY_RSA: return "ssh-rsa"; break; @@ -698,6 +701,7 @@ type = key_type_from_name(ktype); switch (type) { + case KEY_RSA1: case KEY_RSA: key = key_new(type); if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || @@ -762,6 +766,7 @@ buffer_put_bignum2(&b, key->dsa->g); buffer_put_bignum2(&b, key->dsa->pub_key); break; + case KEY_RSA1: case KEY_RSA: buffer_put_cstring(&b, key_ssh_name(key)); buffer_put_bignum2(&b, key->rsa->e); diff -ubr -x configure openssh-4.1p1/key.h openssh-4.1p1-hacked/key.h --...

...d RFC 2437... that seemed straightforward. I tried to read the underlying RSA signature code in the openssl library; truth be told, I couldn't follow that. But I'm pretty sure the SSH2_AGENT_SIGN_RESPONSE message carries just the key type name ("ssh-rsa") and the signature data in buffer_put_bignum2 SSH2 format; I should be able to just decode that bignum and pass it right to k.verify(dh, (sigdata,)) no? Are there some padding bytes or encoding or something that I'm missing? Help?!?! -- Dan Connolly, W3C http://www.w3.org/People/Connolly/ -------------- next part -------------- A non-t...

...ckexinitlen, > + char *skexinit, int skexinitlen, > + u_char *serverhostkeyblob, int sbloblen, > + const unsigned char client_dh_pub[CURVE25519_PUBKEY_SIZE], > + const unsigned char server_dh_pub[CURVE25519_PUBKEY_SIZE], > + const BIGNUM *shared_secret, > ... > + buffer_put_bignum2(&b, shared_secret); > > It would be simpler to pass the shared_secret as a const u_char* and > length here - saving a round-trip to BIGNUM and back. > > diff --git a/kexc25519c.c b/kexc25519c.c > new file mode 100644 > index 0000000..b2000f0 > --- /dev/null > +++ b/...

...tlen+1); + buffer_put_char(&b, SSH2_MSG_KEXINIT); + buffer_append(&b, skexinit, skexinitlen); + + buffer_put_string(&b, serverhostkeyblob, sbloblen); + buffer_put_string(&b, client_dh_pub, CURVE25519_PUBKEY_SIZE); + buffer_put_string(&b, server_dh_pub, CURVE25519_PUBKEY_SIZE); + buffer_put_bignum2(&b, shared_secret); + +#ifdef DEBUG_KEX + buffer_dump(&b); +#endif + EVP_DigestInit(&md, evp_md); + EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); + EVP_DigestFinal(&md, digest, NULL); + + buffer_free(&b); + +#ifdef DEBUG_KEX + dump_digest("hash", d...

On 8 June 2018 at 11:21, PGNet Dev <pgnet.dev at gmail.com> wrote: > fyi > > add'l -- and looks unrelated -- issue > /usr/include/pthread.h:251:12: note: previous declaration of ?pthread_join? was here > extern int pthread_join (pthread_t __th, void **__thread_return); What included pthread.h? That's explicitly not supported by sshd: $ grep THREAD

...4 02:03:03 2003 +++ openssh-3.7.1p2/kexdh.c Tue Oct 7 08:22:00 2003 @@ -60,7 +60,7 @@ buffer_put_char(&b, SSH2_MSG_KEXINIT); buffer_append(&b, skexinit, skexinitlen); - buffer_put_string(&b, serverhostkeyblob, sbloblen); + buffer_put_binary(&b, serverhostkeyblob, sbloblen); buffer_put_bignum2(&b, client_dh_pub); buffer_put_bignum2(&b, server_dh_pub); buffer_put_bignum2(&b, shared_secret); diff -bur openssh-3.7.1p2.orig/kexdhc.c openssh-3.7.1p2/kexdhc.c --- openssh-3.7.1p2.orig/kexdhc.c Mon Feb 24 02:06:32 2003 +++ openssh-3.7.1p2/kexdhc.c Tue Oct 7 08:22:00 2003 @@ -62,...

http://bugzilla.mindrot.org/show_bug.cgi?id=1371 Summary: Add PKCS#11 (Smartcards) support into OpenSSH Product: Portable OpenSSH Version: 4.7p1 Platform: All URL: http://alon.barlev.googlepages.com/openssh-pkcs11 OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: