search for: key_load_private_type

https://bugzilla.mindrot.org/show_bug.cgi?id=2505 Bug ID: 2505 Summary: key_load_private_type: unknown or unsupported key type Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: minor Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org...

https://bugzilla.mindrot.org/show_bug.cgi?id=2504 Bug ID: 2504 Summary: key_load_private_type: unknown or unsupported key type Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: RESOLVED Severity: minor Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org...

...amp; 007) != 0)) { error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); @@ -525,14 +528,14 @@ Key * key_load_private_type(int type, const char *filename, const char *passphrase, - char **commentp) + char **commentp, int group_private_key) { int fd; fd = open(filename, O_RDONLY); if (fd < 0) return NULL; - if (!key_perm_ok(fd, filename)) { + if (!key_perm_ok(fd, filename, group_private_key)) { e...

...hconnect1.c - in try_rsa_authentication() add a keycomment pointer and a few lines to print the keycomment string if requested and the comment string exists. diff: 212a213 > char *keycomment; //BUCC: key comment string 259c260,267 < private = key_load_private_type(KEY_RSA1, authfile, "", NULL); --- > { > //BUCC, change: private = key_load_private_type(KEY_RSA1, authfile, "", NULL); > //BUCC, to: > private = key_load_private_type(KEY_RSA1, authfile, "", &keycomment); > if...

...been addressed, but root follows a different code path. -- Iain Morgan diff --git a/ssh.c b/ssh.c index cceb36e..e32aa0a 100644 --- a/ssh.c +++ b/ssh.c @@ -1242,8 +1242,10 @@ main(int ac, char **av) sensitive_data.keys[i] = NULL; PRIV_START; +#ifdef WITH_SSH1 sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, _PATH_HOST_KEY_FILE, "", NULL, NULL); +#endif #ifdef OPENSSL_HAS_ECC sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, "", NULL);

...ve on to the next authentication method, rather than needlessly prompting the user for passphrases in this case. The attached patch attempts to remedy this situation by using access(2) after the stat(2) call. If the file is not readable, then the private key cannot be loaded, and thus the call to key_load_private_type() is skipped. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.

...- char prompt[300], *passphrase; - int perm_ok = 0, quit, i; + char prompt[300], *passphrase, *comment = NULL; + int perm_ok = 0, quit, i, allowed = 0; struct stat st; if (stat(filename, &st) < 0) { debug3("no such identity: %s", filename); return NULL; } - private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok); - if (!perm_ok) + private = key_load_private_type(KEY_UNSPEC, filename, "", &comment, &perm_ok); + if (!perm_ok) { + if (comment) + xfree(comment); return NULL; + } if (private == NULL) { - if (options.batch_mode) +...

...here and is a pointer somewhere inside the line being parsed. It cannot be freed itself. >--- sshconnect2.c 29 May 2011 11:42:34 -0000 1.180 >+++ sshconnect2.c 30 Dec 2011 09:27:33 -0000 >@@ -1323,8 +1323,11 @@ load_identity_file(char *filename) > return NULL; > } > private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok); >- if (!perm_ok) >+ if (!perm_ok) { >+ if (private != NULL) >+ key_free(private); This code has been refactored and the leak eliminated. >@@ -1892,9 +1895,9 @@ authmethod_get(char *authlist) > xfree(name); > re...

...Index: authfile.c =================================================================== RCS file: /usr/obsd-repos/src/usr.bin/ssh/authfile.c,v retrieving revision 1.78 diff -u -N -p authfile.c --- authfile.c 11 Jan 2010 04:46:45 -0000 1.78 +++ authfile.c 11 Jan 2010 22:35:04 -0000 @@ -552,8 +552,8 @@ key_load_private_type(int type, const char *filename, strerror(errno)); if (perm_ok != NULL) *perm_ok = 0; - } return NULL; + } if (!key_perm_ok(fd, filename)) { if (perm_ok != NULL) *perm_ok = 0;

...therwise, the server should respond with a challenge. */ + + /* Otherwise, the server should respond with a challenge. */ if (type != SSH_SMSG_AUTH_RSA_CHALLENGE) packet_disconnect("Protocol error during RSA authentication: %d", type); @@ -256,7 +270,15 @@ else private = key_load_private_type(KEY_RSA1, authfile, "", NULL, &perm_ok); - if (private == NULL && !options.batch_mode && perm_ok) { + + /*if -u flag is set just check to see if key is valid and exit.*/ + if (options.checkey && perm_ok) { + snprintf(buf, sizeof(buf), "RSA key '...

...nt key_save_private(Key *, const char *, const char *, const char *); Key *key_load_public(const char *, char **); Key *key_load_public_type(int, const char *, char **); +int key_try_load_public(Key *, const char *, char **); Key *key_load_private(const char *, const char *, char **); Key *key_load_private_type(int, const char *, const char *, char **); Key *key_load_private_pem(int, int, const char *, char **); --- ssh-keygen.c.orig 2005-03-02 02:33:04.000000000 +0100 +++ ssh-keygen.c 2005-05-19 22:20:02.000000000 +0200 @@ -24,6 +24,7 @@ #include "uuencode.h" #include "buffer.h"...

...25 23:37:13.000000000 +0200 @@ -240,7 +240,7 @@ * load the private key. Try first with empty passphrase; if it * fails, ask for a passphrase. */ - if (public->flags & KEY_FLAG_EXT) + if (public->flags & (KEY_FLAG_EXT | KEY_FLAG_KERN)) private = public; else private = key_load_private_type(KEY_RSA1, authfile, "", NULL); diff -ubr -x configure openssh-4.1p1/sshconnect2.c openssh-4.1p1-hacked/sshconnect2.c --- openssh-4.1p1/sshconnect2.c 2004-06-15 02:30:09.000000000 +0200 +++ openssh-4.1p1-hacked/sshconnect2.c 2005-07-23 22:39:24.000000000 +0200 @@ -832,7 +832,9 @@ * we h...

https://bugzilla.mindrot.org/show_bug.cgi?id=2451 Bug ID: 2451 Summary: Bugs intended to be fixed in 7.2 Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at