search for: flen

...e flag to 0 and hence OpenSC uses RSA raw to decipher the cryptogram => the Smartcard (or OpenSC) does not remove the PKCS#1 padding => v1 authentication fails because the returned data has the wrong length. To fix this problem simply replace: r = sc_pkcs15_decipher(p15card, key_obj, 0, from, flen, to, flen); with r = sc_pkcs15_decipher(p15card, key_obj, SC_ALGORITHM_RSA_PAD_PKCS1, from, flen, to, flen); Nils ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

OpenSSH Developers, I'm researching whether or not OpenSSH is a viable commercial alternative to F-SECURE SSH or SSH.COM's ssh, but I'm not getting the kind of results that I expected from a "Non patent encumbered ssh client". When I attempt to build OpenSSH against an OpenSSL build without rc5, idea, or rsa it bombs since OpenSSL doesn't place the header files in the

...ar 17 13:41:31 2015 +0100 Ensuring support for PINs that can only be entered on a secure keypad (CKF_PROTECTED_AUTHENTICATION_PATH) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index c3a112f..b053332 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -255,22 +255,30 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, si = &k11->provider->slotinfo[k11->slotidx]; if ((si->token.flags & CKF_LOGIN_REQUIRED) && !si->logged_in) { if (!pkcs11_interactive) { - error("need pin"); + error("need pin%s", + (si->t...

...ata); return -1; } + +int floadfile_w_callback(FILE *f, void **ptr, size_t *len, const void *prefix, + size_t prefix_len, const char *filename, void (*callback)(const char *name, size_t cur, size_t total)) +{ + struct stat st; + void *data, *dp; + size_t alen, clen, rlen, xlen, flen; + + clen = alen = 0; + data = NULL; + + if ( fstat(fileno(f), &st) ) + goto err; + + + if (!S_ISREG(st.st_mode)) { + /* Not a regular file, we can't assume we know the file size */ + flen = -1; + } + else { + flen = st.st_size + prefix_len - ftell(f); + } + + if (prefix...

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet

I'd like to use some matrix algebra in my c code that is called from R. I need matrix multiplication, transposition, and Cholesky decomposition. I haven't come across any easy way to do this, but from browsing the web and R-devel a few options come to mind: 1. use F77_CALL() to call matrix multiplication functions from blas. This should be ok as long as I remember that c and FORTRAN store

...0; buf[i] && i < SSH_MAX_PKCS11_PIN_BYTES; i++) { + if (buf[i] == '\n' || buf[i] == '\r') { + buf[i] = '\0'; + break; + } + } + + return xstrdup(buf); +} + /* openssl callback doing the actual signing operation */ static int pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, @@ -575,6 +607,9 @@ pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) CK_TOKEN_INFO *token; CK_ULONG i; + if (!pin) + pin = pkcs11_read_pinfile(); + *keyp = NULL; if (pkcs11_provider_lookup(provider_id) != NULL) { debug...

On 4 Jun 2020, at 0:54, James Y Knight via llvm-dev wrote: > While MLIR may be one part of the solution, I think it's also the case > that > the function-ABI interface between Clang and LLVM is just wrong and > should > be fixed -- independently of whether Clang might use MLIR in the > future. > > I've mentioned this idea before, I think, but never got around to

https://bugzilla.mindrot.org/show_bug.cgi?id=2638 Bug ID: 2638 Summary: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private objects Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement

...(i = 0; buf[i] && i < SSH_MAX_PKCS11_PIN_BYTES; i++) { + if (buf[i] == '\n' || buf[i] == '\r') { + buf[i] = '\0'; + break; + } + } + + return xstrdup(buf); +} + /* openssl callback doing the actual signing operation */ static int pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, @@ -575,6 +607,9 @@ pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) CK_TOKEN_INFO *token; CK_ULONG i; + if (!pin) + pin = pkcs11_read_pinfile(); + *keyp = NULL; if (pkcs11_provider_lookup(provider_id) != NULL) { debug("%s: p...

Hi, OpenSSH 6.7 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a big release containing a number of features, a lot of internal refactoring and some potentially-incompatible changes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: