Displaying 20 results from an estimated 32 matches for "keyp".
Did you mean:
keep
2019 Aug 06
2
[PATCH v2] Remove sshkey_load_private()
...-- a/authfile.c
+++ b/authfile.c
@@ -215,44 +215,6 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
return r;
}
-/* XXX this is almost identical to sshkey_load_private_type() */
-int
-sshkey_load_private(const char *filename, const char *passphrase,
- struct sshkey **keyp, char **commentp)
-{
- struct sshbuf *buffer = NULL;
- int r, fd;
-
- if (keyp != NULL)
- *keyp = NULL;
- if (commentp != NULL)
- *commentp = NULL;
-
- if ((fd = open(filename, O_RDONLY)) == -1)
- return SSH_ERR_SYSTEM_ERROR;
- if (sshkey_perm_ok(fd, filename) != 0) {
- r = SSH_ERR_KEY_BAD_PERM...
2020 Apr 25
2
[PATCH 1/3] Add private key protection information extraction to ssh-keygen
...formation.sh
diff --git a/authfile.c b/authfile.c
index 35ccf576c2b5..6c79369ebfc1 100644
--- a/authfile.c
+++ b/authfile.c
@@ -116,7 +116,7 @@ sshkey_perm_ok(int fd, const char *filename)
?
?int
?sshkey_load_private_type(int type, const char *filename, const char
*passphrase,
-??? struct sshkey **keyp, char **commentp)
+??? struct sshkey **keyp, char **commentp, struct sshkey_vault
**vault_infop)
?{
??? ?int fd, r;
?
@@ -124,6 +124,8 @@ sshkey_load_private_type(int type, const char
*filename, const char *passphrase,
??? ??? ?*keyp = NULL;
??? ?if (commentp != NULL)
??? ??? ?*commentp = NULL;
+??...
2019 Sep 10
3
[Bug 3068] New: Duplicate code in sshkey_load_private() function
https://bugzilla.mindrot.org/show_bug.cgi?id=3068
Bug ID: 3068
Summary: Duplicate code in sshkey_load_private() function
Product: Portable OpenSSH
Version: 8.0p1
Hardware: Other
OS: Windows 10
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keygen
Assignee:
2016 Feb 17
2
Call for testing: OpenSSH 7.2
On Wed, 17 Feb 2016, Hisashi T Fujinaka wrote:
> > I need to make these error messages more user-friendly :(
> >
> > -24 is SSH_ERR_SYSTEM_ERROR, so it's likely failing to find/load the
> > key for some reason. I'll make a patch to improve the error message,
> > but in the meantime you could probably figure out the exact failure
> > using
2016 Feb 17
4
Call for testing: OpenSSH 7.2
On Wed, Feb 17, 2016 at 3:51 AM, Hisashi T Fujinaka <htodd at twofifty.com> wrote:
> Sorry, I haven't been paying too much attention here, but I'm having
> repeated failures when I tried this morning.
>
> NetBSD-current:
> test_sshkey: ..................................[1] Segmentation fault
> (core dumped) ${V} /home/htodd...
> *** Error code 139
did it
2020 Jun 09
3
[PATCH v2 0/2] Add openssl engine keys with provider upgrade path
I've architected this in a way that looks future proof at least to the
openssl provider transition. What will happen in openssl 3.0.0 is
that providers become active and will accept keys via URI. The
current file mechanisms will still be available but internally it will
become a file URI. To support the provider interface, openssl will
have to accept keys by URI instead of file and may
2020 Apr 15
2
[PATCH] regression of comment extraction in private key file without passphrase
...Lo?c
---
?authfile.c?? | 5 +++++
?ssh-keygen.c | 6 +-----
?2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/authfile.c b/authfile.c
index 50fa48e4a3b6..9e6e2a00a896 100644
--- a/authfile.c
+++ b/authfile.c
@@ -304,6 +304,11 @@ sshkey_load_public(const char *filename, struct
sshkey **keyp, char **commentp)
???? if ((r = sshkey_try_load_public(keyp, pubfile, commentp)) == 0)
???? ??? goto out;
?
+??? /* If the comment is wanted, try loading the private key with no
passphrase,
+??? ??? since it contains the comment while the public key in the
private file doesn't */
+??? if (comm...
2016 Jul 22
18
Call for testing: OpenSSH 7.3
Hi,
OpenSSH 5.3 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains some
substantial new features and a number of bugfixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is
2020 Jul 14
7
[Bug 3192] New: openssh-8.2 & openssl-1.1.1d error: dereferencing pointer to incomplete type Not found struct BIO , bio->num_write
...te type
BIO_read(bio, keybuf, bio->num_write);
---
sshkey.c code view
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/ossl_typ.h>
....
static int
sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
const char *passphrase, struct sshkey **keyp)
{
EVP_PKEY *pk = NULL;
struct sshkey *prv = NULL;
BIO *bio = NULL;
int r;
if (keyp != NULL)
*keyp = NULL;
if ((bio = BIO_new(BIO_s_mem())) == NULL || sshbuf_len(blob) >
INT_MAX)
return SSH_ERR_ALLOC_FAIL;...
2020 Jul 02
8
[Bug 3190] New: Inconsistent handling of private keys without accompanying public keys
https://bugzilla.mindrot.org/show_bug.cgi?id=3190
Bug ID: 3190
Summary: Inconsistent handling of private keys without
accompanying public keys
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2016 Nov 16
3
[PATCH] ssh-pkcs11: allow providing unconditional pin code for PKCS11
...39;\0';
+ break;
+ }
+ }
+
+ return xstrdup(buf);
+}
+
/* openssl callback doing the actual signing operation */
static int
pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
@@ -575,6 +607,9 @@ pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp)
CK_TOKEN_INFO *token;
CK_ULONG i;
+ if (!pin)
+ pin = pkcs11_read_pinfile();
+
*keyp = NULL;
if (pkcs11_provider_lookup(provider_id) != NULL) {
debug("%s: provider already registered: %s",
2005 Aug 16
2
SIP "agent" phone w/ headset
...al phone "agent" sets (keyless phones) that have
headsets to a SIP based environment.
I am having trouble finding anything on the market that resembles this
in the VoIP world.
For reference, we're currently using Inter-Tel Agent Sets, which are
basically a digital phone with out any keypad, buttons or handset, just
a line input and a headset jack. I need the equivalent.
I know the first thing you think is why don't you use the agent's PC as
the VoIP client and do a softphone, however I need to protect the caller
from getting cut off should the PC crash/die/etc. While paran...
2016 Nov 16
2
[PATCH] ssh-pkcs11: allow providing unconditional pin code for PKCS11
...= '\0';
+ break;
+ }
+ }
+
+ return xstrdup(buf);
+}
+
/* openssl callback doing the actual signing operation */
static int
pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
@@ -575,6 +607,9 @@ pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp)
CK_TOKEN_INFO *token;
CK_ULONG i;
+ if (!pin)
+ pin = pkcs11_read_pinfile();
+
*keyp = NULL;
if (pkcs11_provider_lookup(provider_id) != NULL) {
debug("%s: provider already registered: %s",
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev at...
2017 Sep 22
2
Call for testing: OpenSSH 7.6
...its)) == -1) {
+ fprintf(stderr, "%s bits %d\n", __func__, bits);
return SSH_ERR_KEY_LENGTH;
+ }
*ecdsap = NULL;
if ((private = EC_KEY_new_by_curve_name(*nid)) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
@@ -1881,6 +1888,8 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
goto out;
}
if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
+ fprintf(stderr, "%s num_bits %d min %d\n", __func__,
+ BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
ret = SSH_ERR_KEY_LENGTH;
goto out;
}
@@ -2664,6 +2673,...
2020 Sep 04
3
Incomplete attestation data for FIDO2 SKs?
I was recently looking at verifying the attestation data
(ssh-sk-attest-v00) for a SK key, but I believe the data saved in this
structure is insufficient for completing verification of the attestation.
While the structure has enough information for U2F devices, FIDO2 devices
sign their attestation over a richer "authData" blob [1] (concatenated with
the challenge hash). The authData blob
2015 Mar 31
7
Wanted: smartcard with ECDSA support
Hi list,
I have no idea if Damien Miller had the time to work on that.
I have an initial patch to authenticate using PKCS#11 and ECDSA keys.
This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the
required interfaces to override the signature function pointer for ECDSA.
The only limitation is that the OpenSSL API misses some cleanup function
(finish, for instance), hence I have yet
2017 Oct 11
1
[PATCH v1 01/27] x86/crypto: Adapt assembly for PIE support
...ovl $240, %r10d
- leaq _aesni_enc4, %r11
- leaq _aesni_dec4, %rax
+ leaq _aesni_enc4(%rip), %r11
+ leaq _aesni_dec4(%rip), %rax
cmovel %r10d, %ecx
cmoveq %rax, %r11
- movdqa .Lgf128mul_x_ble_mask, GF128MUL_MASK
+ movdqa .Lgf128mul_x_ble_mask(%rip), GF128MUL_MASK
movups (IVP), IV
mov 480(KEYP), KLEN
diff --git a/arch/x86/crypto/aesni-intel_avx-x86_64.S b/arch/x86/crypto/aesni-intel_avx-x86_64.S
index faecb1518bf8..488605b19fe8 100644
--- a/arch/x86/crypto/aesni-intel_avx-x86_64.S
+++ b/arch/x86/crypto/aesni-intel_avx-x86_64.S
@@ -454,7 +454,8 @@ _get_AAD_rest0\@:
vpshufb and an array...
2017 Sep 21
19
Call for testing: OpenSSH 7.6
Hi,
OpenSSH 7.6p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via git using the
instructions at
2020 Jun 16
0
[PATCH v5 2/2] mm, treewide: Rename kzfree() to kfree_sensitive()
...c);
+ kfree_sensitive(desc);
free_tfm:
crypto_free_shash(tfm);
diff --git a/crypto/adiantum.c b/crypto/adiantum.c
index cf2b9f4103dd..b7824e214961 100644
--- a/crypto/adiantum.c
+++ b/crypto/adiantum.c
@@ -177,7 +177,7 @@ static int adiantum_setkey(struct crypto_skcipher *tfm, const u8 *key,
keyp += NHPOLY1305_KEY_SIZE;
WARN_ON(keyp != &data->derived_keys[ARRAY_SIZE(data->derived_keys)]);
out:
- kzfree(data);
+ kfree_sensitive(data);
return err;
}
diff --git a/crypto/ahash.c b/crypto/ahash.c
index 68a0f0cb75c4..d9d65d1cc669 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c...
2020 Apr 13
0
[PATCH 1/2] mm, treewide: Rename kzfree() to kfree_sensitive()
...c);
+ kfree_sensitive(desc);
free_tfm:
crypto_free_shash(tfm);
diff --git a/crypto/adiantum.c b/crypto/adiantum.c
index cf2b9f4103dd..b7824e214961 100644
--- a/crypto/adiantum.c
+++ b/crypto/adiantum.c
@@ -177,7 +177,7 @@ static int adiantum_setkey(struct crypto_skcipher *tfm, const u8 *key,
keyp += NHPOLY1305_KEY_SIZE;
WARN_ON(keyp != &data->derived_keys[ARRAY_SIZE(data->derived_keys)]);
out:
- kzfree(data);
+ kfree_sensitive(data);
return err;
}
diff --git a/crypto/ahash.c b/crypto/ahash.c
index 68a0f0cb75c4..d9d65d1cc669 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c...