search for: cka_id

...0 CKR_OK 8: C_FindObjects 2014-01-28 03:26:42.353 [in] hSession = 0x3c60002 [in] ulMaxObjectCount = 0x1 [out] ulObjectCount = 0x1 Object 0x8690003 matches Returned: 0 CKR_OK 9: C_GetAttributeValue 2014-01-28 03:26:42.353 [in] hSession = 0x3c60002 [in] hObject = 0x8690003 [in] pTemplate[3]: CKA_ID 0000000000000000 / 0 CKA_MODULUS 0000000000000000 / 0 CKA_PUBLIC_EXPONENT 0000000000000000 / 0 [out] pTemplate[3]: CKA_ID 0000000000000000 / 0 CKA_MODULUS 0000000000000000 / 256 CKA_PUBLIC_EXPONENT 0000000000000000 / 3 Retur...

https://bugzilla.mindrot.org/show_bug.cgi?id=2429 Bug ID: 2429 Summary: ssh-keygen ignores keys that have CKA_ID == 0 Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Smartcard Assignee: unassigned-bugs at mindrot.org Reporter:...

...report in our bugzilla [1] (though on older version and with different use case), I can reproduce the same behaviour with two different key pairs on smartcard (opencryptoki softtoken), when only the second is accepted. This is caused by the fact, that when the public key is read from the card, its CKA_ID is not stored alongside with the public key and ssh later does not know which key use for signing (use the first one implicitly, since it is first result of search). So far, the key is identified by its pkcs11 provider library [2] and by flag SSHKEY_FLAG_EXT [3], which is obviously not enough (see...

...1490e85ed3890fcd9e0ce421e994d10cedf3b4e43ada46dec5f7da0dd9c62e4470b32c3e77430752f29b70dc6d450a248aefebf7925134cde9814e89271404f93b2e5788720b2e435c7235e6275d9ecb0d6a517fe333bafe08e19041f79f61bbfc7e8931272f9d481d8998fa8e4f4e6cb2f33 PublicExponent: 0x03 # everything after this point is CKA_ID in hex format - not the real values PrivateExponent: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Prime1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Prime2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Exponent1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Exponen...

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet

...ated to the bug #2429 (see proposed and applied patch with check of the length before calling xmalloc in attachment #2670). Your original error should not appear again, because the check for length is at the moment before calling xmalloc. The note in the code and in linked bugzilla says that the CKA_ID is allowed to be empty. Can you elaborate more on what problems you see at the moment? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.

...890fcd9e0ce421e994d10cedf3b4e43ada46dec5f7da0dd9c62e4470b32c3e77430752f29b70dc6d450a248aefebf7925134cde9814e89271404f93b2e5788720b2e435c7235e6275d9ecb0d6a517fe333bafe08e19041f79f61bbfc7e8931272f9d481d8998fa8e4f4e6cb2f33 > PublicExponent: 0x03 > # everything after this point is CKA_ID in hex format - not > the real values > PrivateExponent: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 > Prime1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 > Prime2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 > Exponent1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c...

...he ssh(1) manual page to include a better description of Unix domain socket forwarding; bz#2423 * ssh(1), ssh-agent(1): skip uninitialised PKCS#11 slots, fixing failures to load keys when they are present. bz#2427 * ssh(1), ssh-agent(1): do not ignore PKCS#11 hosted keys that wth empty CKA_ID; bz#2429 * sshd(8): clarify documentation for UseDNS option; bz#2045 Portable OpenSSH ---------------- * Check realpath(3) behaviour matches what sftp-server requires and use a replacement if necessary. Checksums: ========== - SHA1 (openssh-7.0.tar.gz) = a19ff0bad2a67348b1d01a38a95802361...

...he ssh(1) manual page to include a better description of Unix domain socket forwarding; bz#2423 * ssh(1), ssh-agent(1): skip uninitialised PKCS#11 slots, fixing failures to load keys when they are present. bz#2427 * ssh(1), ssh-agent(1): do not ignore PKCS#11 hosted keys that wth empty CKA_ID; bz#2429 * sshd(8): clarify documentation for UseDNS option; bz#2045 Portable OpenSSH ---------------- * Check realpath(3) behaviour matches what sftp-server requires and use a replacement if necessary. Checksums: ========== - SHA1 (openssh-7.0.tar.gz) = a19ff0bad2a67348b1d01a38a95802361...

Just trying to follow the instructions here https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html I don't think I am doing anything special. At the point where there is some communication going on Getting this error packet from *****:1024: received Vendor ID payload [Cisco-Unity] Apr 01 17:33:44

https://bugzilla.mindrot.org/show_bug.cgi?id=2403 Bug ID: 2403 Summary: Bugs intended to be fixed in 7.0 Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at