search for: err_print_errors_fp

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private

On 2018-04-07 11:24, Bernard Spil wrote: > On 2018-04-07 9:04, Joel Sing wrote: >> On Friday 06 April 2018 21:31:01 Bernard Spil wrote: >>> Hi, >>> >>> When using OpenSSH with LibreSSL 2.7.x it cannot read existing RSA >>> and >>> ECDSA private keys. >>> >>> Error loading key "./id_rsa": invalid format

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

...SHA256_DIGEST_LENGTH], result[1024]; + size_t siglen; + struct ui_data d; + + verbose("%s: add provider=%s, key=%s", __func__, engine, file); + + ret = SSH_ERR_INTERNAL_ERROR; + e = ENGINE_by_id(engine); + if (!e) { + verbose("%s: failed to get engine %s", __func__, engine); + ERR_print_errors_fp(stderr); + return ret; + } + + ui = UI_create_method("ssh-agent password writer"); + if (!ui) { + verbose("%s: failed to create UI method", __func__); + ERR_print_errors_fp(stderr); + return ret; + } + UI_method_set_reader(ui, ui_read); + + if (!ENGINE_init(e)) { + verbose(...

...gt; ENGINE_load_dynamic(); > > // Add the OpenSSL ENGINE configuration module > OPENSSL_load_builtin_modules(); > > // Identify the file and stanza for engine directives > if (CONF_modules_load_file(conffile, stanza, 0) <= 0) { > ERR_print_errors_fp(stderr); > error("Auto configuration failed"); > goto finish; > } > > // Fetch the external engine handle > eng = ENGINE_get_last(); > if (!eng) { > /* the engine isn't available */ >...

...")) { /* !env OPENSSH_NO_FIPS */ + fips_mode = 0; + } + else if (options.fips_mode == 0) { /* ssh_config options */ + fips_mode = 0; + } + } + if(fips_mode) + { + if(!FIPS_mode_set(1)) + { + ERR_load_crypto_strings(); + ERR_print_errors_fp(stderr); + exit(1); + } + else + fprintf(stderr,"*** IN FIPS MODE ***\n"); + } +#endif if (options.user == NULL) options.user = xstrdup(pw->pw_name);

I've just compiled and installed openssh-2.9.9p2 (compiled against openssl-0.9.6b using gcc-3.0.0) on a Slackware 7-based Linux machine (kernel 2.4.6ac2). The previously installed version was 2.9p2, compiled against openssl-0.9.6a, also with gcc-3.0.0, but with a different build of gcc-3.0.0. Everything seems to work fine except for one problem: passphrase matching for ssh2 keys

...file' /usr/lib/mysql/libmysqlclient.a(viosslfactories.o)(.text+0xfd): In function `vio_set_cert_stuff': : undefined reference to `SSL_CTX_check_private_key' /usr/lib/mysql/libmysqlclient.a(viosslfactories.o)(.text+0x14e): In function `vio_set_cert_stuff': : undefined reference to `ERR_print_errors_fp' /usr/lib/mysql/libmysqlclient.a(viosslfactories.o)(.text+0x1c1): In function `vio_set_cert_stuff': : undefined reference to `ERR_print_errors_fp' /usr/lib/mysql/libmysqlclient.a(viosslfactories.o)(.text+0x1e9): In function `vio_verify_callback': : undefined reference to `X509_STO...

...ntent of the file /proc/sys/crypto/fips_enabled is 1 I have executed the below mentioned code The code is #include "stdio.h" int main() { int ret=0; ret=FIPS_mode(); printf("\nFIPS_mode = %u \n",ret); ret=FIPS_selftest(); printf("\nFIPS_selftest=%u \n",ret); ERR_print_errors_fp(stderr); } Output is " FIPS_mode = 1 FIPS_selftest=0 140091346814640:error:0607B0A3:lib(6):func(123):reason(163):evp_enc.c:313: 140091346814640:error:2D06F065:lib(45):func(111):reason(101):fips_des_selftest.c:134: " Looks like flag EVP_CIPH_FLAG_FIPS is not set for the ciph...

...e res_crypto.c:244: dereferencing pointer to incomplete type res_crypto.c:245: dereferencing pointer to incomplete type res_crypto.c:246: dereferencing pointer to incomplete type res_crypto.c:246: dereferencing pointer to incomplete type res_crypto.c:248: warning: implicit declaration of function `ERR_print_errors_fp' res_crypto.c:252: dereferencing pointer to incomplete type res_crypto.c:253: dereferencing pointer to incomplete type res_crypto.c:260: dereferencing pointer to incomplete type res_crypto.c:268: dereferencing pointer to incomplete type res_crypto.c: In function `ast_sign': res_crypto.c:391...

...lob to OpenSSL function and waits if it can parse it. PEM_read_bio_PrivateKey() # called from sshkey.c @ 3791 Only return value from this function is NULL on failure. The reason can be obtained using ERR_ functions from OpenSSL ERR_get_error(); # actual error code ERR_print_errors_fp(stderr); # prints verbose info Possible reasons for failure of the above mentioned function are described in openssl/pem.h [4]. Basically, some of the reasons are obviously not related to wrong passphrase. I tried with somehow crippled keys and I ended up with attached patch so far (currently co...