search for: lookup_identity

...ty *id) { - sshkey_free(id->key); + refkey_unref(id->idkey); + refkey_unref(id->shadowed_key); free(id->provider); free(id->comment); free(id); } -/* return matching private key for given public key */ +/* return matching Identity for given public key */ static Identity * lookup_identity(struct sshkey *key, int version) { @@ -205,7 +238,22 @@ lookup_identity(struct sshkey *key, int Idtab *tab = idtab_lookup(version); TAILQ_FOREACH(id, &tab->idlist, next) { - if (sshkey_equal(key, id->key)) + if (sshkey_equal(key, id->idkey->key)) + return (id); + } + retu...

...Version: BSDI Status: NEW Severity: major Priority: P2 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: spike at indra.com OpenSSH 3.1p1 will not build on BSD/OS 4.2 Two files fail: ssh-agent.c: In function `lookup_identity': ssh-agent.c:135: warning: implicit declaration of function `TAILQ_FOREACH' ssh-agent.c:135: `next' undeclared (first use in this function) ssh-agent.c:135: (Each undeclared identifier is reported only once ssh-agent.c:135: for each function it appears in.) ssh-agent.c:135: syntax erro...

..._SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_PIDDIR=\"/var/run\" -DSSH_RAND_HELPER=\"/usr/local/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c ssh-agent.c ssh-agent.c: In function `lookup_identity': ssh-agent.c:135: warning: implicit declaration of function `TAILQ_FOREACH' ssh-agent.c:135: `next' undeclared (first use this function) ssh-agent.c:135: (Each undeclared identifier is reported only once ssh-agent.c:135: for each function it appears in.) ssh-agent.c:135: syntax error b...

...t.c.orig 2006-08-28 13:36:05.000000000 +0300 @@ -111,9 +111,6 @@ /* Default lifetime (0 == forever) */ static int lifetime = 0; -/* global confirm */ -static int confirm = 0; - static void close_socket(SocketEntry *e) { @@ -246,7 +243,7 @@ goto failure; id = lookup_identity(key, 1); - if (id != NULL && ((!confirm && !id->confirm) || confirm_key(id) == 0)) { + if (id != NULL && (!id->confirm || confirm_key(id) == 0)) { Key *private = id->key; /* Decrypt the challenge using the private key. *...

...H_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" - D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" - D_PATH_SSH_PIDDIR=\"/var/run\" -DSSH_RAND_HELPER=\"/usr/local/libexec/ssh-rand- helper\" -DHAVE_CONFIG_H -c ssh-agent.c ssh-agent.c: In function `lookup_identity': ssh-agent.c:135: warning: implicit declaration of function `TAILQ_FOREACH' ssh-agent.c:135: `next' undeclared (first use this function) ssh-agent.c:135: (Each undeclared identifier is reported only once ssh-agent.c:135: for each function it appears in.) ssh-agent.c:135: syntax error b...

Hello, I noticed a problem recently when running some test code against the OpenSSH 7.6p1 ssh-agent. These tests ran fine against OpenSSH 7.5p1 and earlier, but with OpenSSH 7.6p1, they were suddenly causing ssh-agent to exit. The request being made was a ?sign? request, and the point of the test was to have the sign operation fail. To trigger this, I was passing in an invalid key blob

..., 1 deletion(-) diff -uprN openssh-4.3p2/ssh-agent.c openssh-4.3p2-kylie/ssh-agent.c --- openssh-4.3p2/ssh-agent.c 2005-11-04 22:15:00.000000000 -0600 +++ openssh-4.3p2-kylie/ssh-agent.c 2006-05-04 15:05:48.000000000 -0500 @@ -305,8 +305,8 @@ process_sign_request2(SocketEntry *e) Identity *id = lookup_identity(key, 2); if (id != NULL && (!id->confirm || confirm_key(id) == 0)) ok = key_sign(id->key, &signature, &slen, data, dlen); + key_free(key); } - key_free(key); buffer_init(&msg); if (ok == 0) { buffer_put_char(&msg, SSH2_AGENT_SIGN_RESPONSE);

...__, ssh_err(r)); > + (r = sshbuf_get_u32(e->request, &flags)) != 0) { > + error("%s: couldn't parse request: %s", __func__, ssh_err(r)); > + goto send; > + } > + > if (flags & SSH_AGENT_OLD_SIGNATURE) > compat = SSH_BUG_SIGBLOB; > if ((id = lookup_identity(key)) == NULL) { Thanks Damien, but I?m not sure this is a good fix. Now both cases turn into an error(), but if there is a problem reading the initial pair of strings and u32 value, you really can?t safely keep the connection open to receive additional requests. An error in reading any of those...

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private

https://bugzilla.mindrot.org/show_bug.cgi?id=1506 Summary: rationalize agent behavior on smartcard removal/reattachment Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo:

...if (lifetime && !death) + death = monotime() + lifetime; + + if ((r = engine_process_add(engine, file, pin, &k)) < 0) + goto send; + + if (sshkey_load_public(file, &kp, &comment) < 0) + comment = xstrdup(file); + else + sshkey_free(kp); + + r = SSH_AGENT_SUCCESS; + if (lookup_identity(k) == NULL) { + id = xcalloc(1, sizeof(Identity)); + id->key = k; + id->provider = xstrdup(engine); + id->comment = comment; + id->death = death; + id->confirm = confirm; + TAILQ_INSERT_TAIL(&idtab->idlist, id, next); + idtab->nentries++; + } else { + /* key is alr...