search for: identity_sign

https://bugzilla.mindrot.org/show_bug.cgi?id=2737 Bug ID: 2737 Summary: function identity_sign() assume private key's pub part as same as the .pub key. Product: Portable OpenSSH Version: 7.5p1 Hardware: Other OS: Other Status: NEW Severity: enhancement Priority: P5 Component: ssh...

...load_identity_file(char *); +static Key *load_identity_file(char *, AuthenticationConnection *); static Authmethod *authmethod_get(char *authlist); static Authmethod *authmethod_lookup(const char *name); @@ -1102,7 +1102,7 @@ input_userauth_jpake_server_confirm(int type, u_int32_ static int identity_sign(Identity *id, u_char **sigp, u_int *lenp, - u_char *data, u_int datalen) + u_char *data, u_int datalen, AuthenticationConnection *auth) { Key *prv; int ret; @@ -1118,7 +1118,7 @@ identity_sign(Identity *id, u_char **sigp, u_int *lenp if (id->isprivate || (id->key->flags &...

https://bugzilla.mindrot.org/show_bug.cgi?id=2617 Bug ID: 2617 Summary: sign_and_send_pubkey: no separate private key for certificate Product: Portable OpenSSH Version: 7.3p1 Hardware: 68k OS: Mac OS X Status: NEW Severity: normal Priority: P5 Component: ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=2507 Bug ID: 2507 Summary: missing or misleading error messages Product: Portable OpenSSH Version: 7.1p1 Hardware: Sparc OS: Solaris Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

On 2019-11-14, Damien Miller <djm at mindrot.org> wrote: > Please give this a try - security key support is a substantial change and > it really needs testing ahead of the next release. Hi Damien, Thanks for working on security key support, this is a really nice feature to have in openssh. My non-FIDO2 security key (YubiKey NEO) doesn't work with the latest changes to openssh

..._sk_options: option uv is unknown debug1: ssh_sk_sign: check_sk_options uv debug1: sshsk_sign: sk_sign failed with code -3 debug1: ssh-sk-helper: Signing failed: incorrect passphrase supplied to decrypt private key debug1: main: reply len 8 debug1: client_converse: helper returned error -43 debug1: identity_sign: sshkey_sign: incorrect passphrase supplied to decrypt private key Enter PIN for ECDSA-SK key /tmp/TEST-id_ed25519-sk: Confirm user presence for key ECDSA-SK SHA256:HixXHmVbrCZRxWUXIDOZF50VAIf/cVESDcBZsKSWcro debug1: start_helper: starting /usr/lib/ssh/ssh-sk-helper debug1: process_sign: ready to s...

...d2->key) && + id->key->type != id2->key->type) { + id = id2; + matched = 1; + break; + } + } + if (!matched) { + free(blob); + buffer_free(&b); + return 0; + } + break; + } + } + } + /* generate signature */ ret = identity_sign(id, &signature, &slen, buffer_ptr(&b), buffer_len(&b), datafellows); @@ -1189,9 +1217,11 @@ load_identity_file(char *filename, int userprovided) /* * try keys in the following order: - * 1. agent keys that are found in the config file - * 2. other agent keys - * 3. keys t...

https://bugzilla.mindrot.org/show_bug.cgi?id=2698 Bug ID: 2698 Summary: Tracking bug for OpenSSH 7.6 release Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at

...} buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); @@ -863,7 +863,7 @@ buffer_put_char(&b, have_sig); buffer_put_cstring(&b, key_ssh_name(id->key)); } - buffer_put_string(&b, blob, bloblen); + buffer_put_binary(&b, blob, bloblen); /* generate signature */ ret = identity_sign(id, &signature, &slen, @@ -887,12 +887,12 @@ buffer_put_char(&b, have_sig); if (!(datafellows & SSH_BUG_PKAUTH)) buffer_put_cstring(&b, key_ssh_name(id->key)); - buffer_put_string(&b, blob, bloblen); + buffer_put_binary(&b, blob, bloblen); } xfree(blob...

...PKAUTH) { + buffer_put_char(&b, have_sig); + } else { + buffer_put_cstring(&b, authctxt->method->name); + buffer_put_char(&b, have_sig); + buffer_put_cstring(&b, key_ssh_name(id->key)); + } + buffer_put_string(&b, blob, bloblen); + + /* generate signature */ + ret = identity_sign(id, &signature, &slen, + buffer_ptr(&b), buffer_len(&b)); + if (ret == -1) { + xfree(blob); + buffer_free(&b); + return 0; + } +#ifdef DEBUG_PK + buffer_dump(&b); +#endif + if (datafellows & SSH_BUG_PKSERVICE) { + buffer_clear(&b); + buffer_append(&b, se...