search for: ec_key

Displaying 16 results from an estimated 16 matches for "ec_key".

2015 Mar 31
7
Wanted: smartcard with ECDSA support
Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet
2015 Sep 28
4
[PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent
...rs. I have tested it with P-256 keys. P-384 and P-521 should work out-of-the box. The code is ready for non-FIPS curves (named or explicit), but OpenSSH currently limits ECDSA to those 3 curves. At high level it works like the support for RSA, but because of differences in OpenSSL between RSA and EC_KEY, implementation has a few differences. The RSA and RSA_METHOD structures are exposed and the existing ssh-pkcs11 code uses that to create an RSA_METHOD object for each key. Because of APIs (in addition to ECDSA support) needed by the patch this currently works with: - LibreSSL >= 2.2.2: until...
2017 Jan 16
2
Plugin "mail_crypt" does not work
We tried these rights: [root at mail44 dovecot]# ls -la ????? 80 drwxr-xr-x 8 root root 4096 ??? 13 13:17 . drwxr-xr-x 98 root root 12288 ??? 11 11:47 .. drwxrwxrwx 2 root root 4096 ??? 10 15:58 eckey drwxr-xr-x 2 root root 4096 ??? 13 12:42 eckey2 drwxr-xr-x 2 vmail vmail 4096 ??? 11 09:14 RSAkey [root at mail44 dovecot]# cd eckey2 [root at mail44 eckey2]# ls -la ????? 16
2013 Jul 06
1
[PATCH] login-common: Add support for ECDH/ECDHE cipher suites
...urn xnames; +} + +static void +ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx, + const struct master_service_ssl_settings *set) +{ +#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10002000L + EC_KEY *ecdh; + int nid; + const char *curve_name; +#endif if (SSL_CTX_need_tmp_RSA(ssl_ctx)) SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key); SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_tmp_dh_callback); - return xnames; +#if !defined(OPENSSL_NO_ECDH) + /* In the non-recommended situation wher...
2017 Jan 17
2
Plugin "mail_crypt" does not work
...rneechev at altlinux.org> > ????: "dovecot" <dovecot at dovecot.org> > ????????????: ???????, 17 ?????? 2017 ? 17:32:38 > ????: Re: Plugin "mail_crypt" does not work > Hi, guys. Also, currently a problem (with > http://wiki2.dovecot.org/Plugins/MailCrypt#EC_key): > > # dovecot mailbox cryptokey generate -u name at example.com -UR > doveadm(name at example.com): Error: > mail_crypt_user_get_public_key(name at example.com) failed: > mailbox_attribute_get(INBOX, > /shared/vendor/vendor.dovecot/pvt/server/vendor/vendor.dovecot/pvt/crypt/act...
2015 Sep 28
33
[Bug 2474] New: Enabling ECDSA in PKCS#11 support for ssh-agent
...rs. I have tested it with P-256 keys. P-384 and P-521 should work out-of-the box. The code is ready for non-FIPS curves (named or explicit), but OpenSSH currently limits ECDSA to those 3 curves. At high level it works like the support for RSA, but because of differences in OpenSSL between RSA and EC_KEY, implementation has a few differences. The RSA and RSA_METHOD structures are exposed and the existing ssh-pkcs11 code uses that to create an RSA_METHOD object for each key. Because of APIs (in addition to ECDSA support) needed by the patch this currently works with: - LibreSSL >= 2.2.2: until...
2017 Jan 17
0
Plugin "mail_crypt" does not work
Hi, guys. Also, currently a problem (with http://wiki2.dovecot.org/Plugins/MailCrypt#EC_key): # dovecot mailbox cryptokey generate -u name at example.com -UR doveadm(name at example.com): Error: mail_crypt_user_get_public_key(name at example.com) failed: mailbox_attribute_get(INBOX, /shared/vendor/vendor.dovecot/pvt/server/vendor/vendor.dovecot/pvt/crypt/active) failed: Mailbox attribu...
2017 Jan 17
0
Plugin "mail_crypt" does not work
...gt; > ????: "dovecot" <dovecot at dovecot.org> > > ????????????: ???????, 17 ?????? 2017 ? 17:32:38 > > ????: Re: Plugin "mail_crypt" does not work > > > Hi, guys. Also, currently a problem (with > > http://wiki2.dovecot.org/Plugins/MailCrypt#EC_key): > > > > # dovecot mailbox cryptokey generate -u name at example.com -UR > > doveadm(name at example.com): Error: > > mail_crypt_user_get_public_key(name at example.com) failed: > > mailbox_attribute_get(INBOX, > > /shared/vendor/vendor.dovecot/pvt/server/vendo...
2017 Jan 13
2
Plugin "mail_crypt" does not work
...ecot: ......... lda(mail at example.com): Error: User initialization failed: mail_crypt_plugin: mail_crypt_global_public_key: Couldn't parse public key: Unknown key format ......... Try RSA and EC: https://wiki2.dovecot.org/Plugins/MailCrypt#RSA_key https://wiki2.dovecot.org/Plugins/MailCrypt#EC_key Why "Unknown key format"? RSA pubkey: -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4hfgRDlMJtN9rcV2VGa8gOF1g xiXHwokRkKmKfr64ZbqAhXzLzP8fSLo8ZEtRzfS3f/EyLRvYL9LHxlxYuSnq2LTW lbvSj8jcg3ucpA431Pbnq/OVI8WsXhXhZdipGcBDyzWHZw5Dp3I/am+FB96VlfPW maHO/oKGphXXhXSOXwIDAQAB --...
2017 Sep 22
2
Call for testing: OpenSSH 7.6
...s != 1024) + if (bits != 1024) { + fprintf(stderr, "%s bits %d expected %d\n", __func__, bits, 1024); return SSH_ERR_KEY_LENGTH; + } if ((private = DSA_new()) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; @@ -1505,8 +1510,10 @@ ecdsa_generate_private_key(u_int bits, int *nid, EC_KEY **ecdsap) if (nid == NULL || ecdsap == NULL) return SSH_ERR_INVALID_ARGUMENT; - if ((*nid = sshkey_ecdsa_bits_to_nid(bits)) == -1) + if ((*nid = sshkey_ecdsa_bits_to_nid(bits)) == -1) { + fprintf(stderr, "%s bits %d\n", __func__, bits); return SSH_ERR_KEY_LENGTH; + } *ecdsap...
2015 Apr 01
3
What did I miss when building openssh? cannot generate ecdsa key
I am assuming this is a user error (and the bug, if any is in configure not telling me how to activate it). I regularly see a message: Could not load host key: /etc/ssh/ssh_host_ecdsa_key And, obviously, I have never made the key before. I tried the following: ./ssh-keygen -t ecdsa -fssh_host_esdsa_key -N "" unknown key type ecdsa However, the syntax says it is a known type root at
2017 Jan 26
4
Server accepts key: pkalg rsa-sha2-512 vs ssh-rsa
Hi, I'm doing some test with a pkcs11 token that can only sign short messages. When connecting to one server, that reports pkalg rsa-sha2-512 blen 151, it fails to sign the pubkey because it is 83 bytes long. (sshd: OpenSSH_7.3p1) A older server that reports pkalg ssh-rsa blen 151, works perfectly as the pubkey signature required is only 35 bytes long. (sshd: OpenSSH_6.7p1) I am not sure
2017 Feb 17
11
[Bug 2680] New: Regression in server-sig-algs offer in 7.4p1 (Deprecation of SHA1 is not being enforced)
...(!sigonly_also && kt->sigonly) continue; if ((certs_only && !kt->cert) || (plain_only && kt->cert)) continue; diff --git a/sshkey.h b/sshkey.h index f393638..6a3ff2f 100644 --- a/sshkey.h +++ b/sshkey.h @@ -156,7 +156,7 @@ int sshkey_ec_validate_private(const EC_KEY *); const char *sshkey_ssh_name(const struct sshkey *); const char *sshkey_ssh_name_plain(const struct sshkey *); int sshkey_names_valid2(const char *, int); -char *sshkey_alg_list(int, int, char); +char *sshkey_alg_list(int, int, int, char); int sshkey_from_blob(const u_char *, size_t, struct...
2015 Jun 23
2
Call for testing: OpenSSH 6.9
.../test_sshbuf_getput_fuzz.c +++ b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c @@ -32,7 +32,9 @@ static void attempt_parse_blob(u_char *blob, size_t len) { struct sshbuf *p1; +#ifdef WITH_OPENSSL BIGNUM *bn; +#endif #if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256) EC_KEY *eck; #endif @@ -54,12 +56,14 @@ attempt_parse_blob(u_char *blob, size_t len) bzero(s, l); free(s); } +#ifdef WITH_OPENSSL bn = BN_new(); sshbuf_get_bignum1(p1, bn); BN_clear_free(bn); bn = BN_new(); sshbuf_get_bignum2(p1, bn); BN_clear_free(bn); +#endif #if defined(OPENSSL_HA...
2017 Sep 21
19
Call for testing: OpenSSH 7.6
Hi, OpenSSH 7.6p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at
2015 May 29
16
Call for testing: OpenSSH 6.9
Hi, OpenSSH 6.9 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is