Displaying 2 results from an estimated 2 matches for "encrypted_len".
2015 Mar 14
6
[Bug 2366] New: ssh-keygen doesn't correctly decode new format GCM-encrypted keys
...key format.
The error is in the call inside sshkey_parse_private2() where it passes
in the length of the encrypted buffer:
if ((r = cipher_crypt(&ciphercontext, 0, dp,
sshbuf_ptr(decoded),
sshbuf_len(decoded), 0, cipher_authlen(cipher))) != 0) {
The length here should be encrypted_len, not sshbuf_len(decoded), as
that includes the cipher_authlen(cipher) additional MAC bytes.
A few additional changes are needed to use encrypted_len safely here
and to later properly consume the auth data. I have attached a patch
which I believe fixes this problem.
With the fix, step 2 above succ...
2020 Apr 25
2
[PATCH 1/3] Add private key protection information extraction to ssh-keygen
...hbuf *decoded, const
char *passphrase,
??? ?struct sshbuf *kdf = NULL, *decrypted = NULL;
??? ?struct sshcipher_ctx *ciphercontext = NULL;
??? ?struct sshkey *pubkey = NULL;
+?? ?struct sshkey_vault *vault_info = NULL;
??? ?u_char *key = NULL, *salt = NULL, *dp;
??? ?u_int blocksize, rounds, nkeys, encrypted_len, check1, check2;
?
??? ?if (decoded == NULL || decryptedp == NULL || pubkeyp == NULL)
??? ??? ?return SSH_ERR_INVALID_ARGUMENT;
?
+?? ?if (vault_infop != NULL) {
+?? ??? ?*vault_infop = NULL;
+?? ?}
+?? ?if ((vault_info = sshkey_vault_new()) == NULL) {
+?? ??? ?r = SSH_ERR_ALLOC_FAIL;
+?? ??? ?goto...