search for: key_to_blob

...identity_file, NULL) != 1) { if ((k = load_identity(identity_file)) == NULL) { fprintf(stderr, "load failed\n"); exit(1); } + private = 1; } if (k->type == KEY_RSA1) { fprintf(stderr, "version 1 keys are not supported\n"); exit(1); } - if (key_to_blob(k, &blob, &len) <= 0) { - fprintf(stderr, "key_to_blob failed\n"); - exit(1); + if (private) { + if (do_convert_private_ssh2_to_blob(k, &blob, &len) <= 0) { + fprintf(stderr, "do_convert_private_ssh2_to_blob failed\n"); + exit(1); + } } - fprintf...

...d on subsequent loop iterations. if ((nkeys = pkcs11_add_provider(name, pin, &keys)) > 0) { buffer_put_char(&msg, SSH2_AGENT_IDENTITIES_ANSWER); buffer_put_int(&msg, nkeys); for (i = 0; i < nkeys; i++) { key_to_blob(keys[i], &blob, &blen) buffer_put_string(&msg, blob, blen); buffer_put_cstring(&msg, name); free(blob); add_key(keys[i], name); -- You are receiving this mail because: You are watching...

...(inkernel) { + u_char *blob; + u_int len; + + xfree(comment); + comment = xmalloc(strlen(filename) + strlen("ssh:") + 1); + sprintf(comment, "ssh:%s", filename); + + fprintf(stderr, "Adding key %s\n", key_fingerprint(private, SSH_FP_MD5, SSH_FP_HEX)); + if (!key_to_blob(private, &blob, &len)) + fatal("key_to_blob: %s\n", filename); + + if (add_key("user", comment, blob, len, KEY_SPEC_USER_SESSION_KEYRING) < 0) + fatal("Failed to add key: %s\n", filename); + + xfree(comment); + key_free(private); + + ret = 0; + re...

...509, NULL); + buf = buffer_append_space(&b, len); + i2d_X509(key->x509, &buf); + } else { + buffer_put_cstring(&b, key_ssh_name(key)); + buffer_put_bignum2(&b, key->rsa->e); + buffer_put_bignum2(&b, key->rsa->n); + } break; default: error("key_to_blob: unsupported key type %d", key->type); Index: key.h =================================================================== RCS file: /home/markus/cvs/ssh/key.h,v retrieving revision 1.17 diff -u -r1.17 key.h --- key.h 17 Sep 2001 19:27:15 -0000 1.17 +++ key.h 30 Jan 2002 15:23:11 -0000 @@ -28,...

...N_num_bytes(k->rsa->e); + len = nlen + elen; + blob = xmalloc(len); + BN_bn2bin(k->rsa->n, blob); + BN_bn2bin(k->rsa->e, blob + nlen); + break; + case KEY_DSA: + case KEY_RSA: + key_to_blob(k, &blob, &len); + break; + case KEY_UNSPEC: + fatal("key_fingerprint_raw: bad key type %d",k->type); + break; + default: + fatal("key_fingerprint_raw: bad key type %d", k->type); +...

...-- openssh-2.5.1p1/key.h Sun Mar 11 22:50:23 2001 *************** *** 55,60 **** --- 55,61 ---- Key *key_generate(int type, u_int bits); Key *key_from_private(Key *k); int key_type_from_name(char *name); + int pkalg_valid(const char *name); Key *key_from_blob(char *blob, int blen); int key_to_blob(Key *key, u_char **blobp, u_int *lenp); Only in orig/openssh-2.5.1p1/: mkstring diff -c3 -r orig/openssh-2.5.1p1/readconf.c openssh-2.5.1p1/readconf.c *** orig/openssh-2.5.1p1/readconf.c Thu Feb 15 03:02:00 2001 --- openssh-2.5.1p1/readconf.c Sun Mar 11 23:12:34 2001 *************** *** 25,30 ****...

..."Bad authentication response: %d", type); } else { ret = 0; - *sigp = buffer_get_string(&msg, lenp); + *sigp = buffer_get_binary(&msg, lenp); } buffer_free(&msg); return ret; @@ -573,7 +573,7 @@ } else if (key->type == KEY_DSA || key->type == KEY_RSA) { key_to_blob(key, &blob, &blen); buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); - buffer_put_string(&msg, blob, blen); + buffer_put_binary(&msg, blob, blen); xfree(blob); } else { buffer_free(&msg); diff -bur openssh-3.7.1p2.orig/auth2-hostbased.c openssh-3.7.1p2/auth2-...

https://bugzilla.mindrot.org/show_bug.cgi?id=2687 Bug ID: 2687 Summary: Coverity scan fixes Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org

I have just uploaded a new snapshot to: http://www.mindrot.org/misc/openssh/openssh-SNAP-20001114.tar.gz This snapshot includes Markus Friedl's new SSH2 RSA authentication work and -R portforwarding for SSH2. Please give these a good test. The new RSA authentications works similar to the current SSH2 DSA keys, but requires a little modification to config files. Currently RSA key cannot be

Playing around with the [wonderful] GSS-API patches for OpenSSH [1] I noticed that there is a bit of functionality missing from OpenSSH/GSS-API, namely that authorized_keys2 has no meaning when using GSS authentication. Yes, ~/.k5login can be used to grant access to an account for applications that support Kerberos, as does OpenSSH with those GSS patches, but .k5login does not and cannot provide

...(ret->rsa != NULL) RSA_free(ret->rsa); ret->rsa = k->rsa; @@ -488,7 +621,7 @@ } } else if ((key->type == KEY_DSA && key->dsa != NULL) || (key->type == KEY_RSA && key->rsa != NULL)) { - int len, n; + u_int len, n; u_char *blob, *uu; key_to_blob(key, &blob, &len); uu = xmalloc(2*len); @@ -499,6 +632,12 @@ } xfree(blob); xfree(uu); + } else if (key->type == KEY_NAME && key->name != NULL) { + fprintf(f, "%s ", key_ssh_name(key)); + if (key->name_type != NULL) + fprintf(f, ":%s", ke...

...(ret->rsa != NULL) RSA_free(ret->rsa); ret->rsa = k->rsa; @@ -487,7 +620,7 @@ } } else if ((key->type == KEY_DSA && key->dsa != NULL) || (key->type == KEY_RSA && key->rsa != NULL)) { - int len, n; + u_int len, n; u_char *blob, *uu; key_to_blob(key, &blob, &len); uu = xmalloc(2*len); @@ -498,6 +631,14 @@ } xfree(blob); xfree(uu); + } else if (key->type == KEY_NAME && key->name != NULL && + key->name_len) { + + fprintf(f, "%s ", key_ssh_name(key)); + if (key->name_type != NULL...

...ed_secret = BN_new()) == NULL) + fatal("%s: BN_new failed", __func__); + if (BN_bin2bn(shared_secret_raw, sizeof(shared_secret_raw), shared_secret) == NULL) + fatal("%s: BN_bin2bn failed", __func__); + memset(shared_secret_raw, 0, sizeof(shared_secret_raw)); + + /* calc H */ + key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); + kex_c25519_hash( + kex->evp_md, + kex->client_version_string, + kex->server_version_string, + buffer_ptr(&kex->peer), buffer_len(&kex->peer), + buffe...

...txt, id); break; } } @@ -851,6 +863,93 @@ } static int +sign_and_send_certkey(Authctxt *authctxt, Identity *id) +{ + Buffer b; + u_char *blob, *signature; + u_int bloblen, slen; + u_int skip = 0; + int ret = -1; + int have_sig = 1; + + debug3("sign_and_send_certkey"); + + if (key_to_blob(id->key, &blob, &bloblen) == 0) { + /* we cannot handle this key */ + debug3("sign_and_send_certkey: cannot handle key"); + return 0; + } + /* data to be signed */ + buffer_init(&b); + if (datafellows & SSH_OLD_SESSIONID) { + buffer_append(&b, session_id2, sessi...

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet