search for: nca_used

Hi, In ssh_krl_from_blob(), krl.c:984, /* Record keys used to sign the KRL */ xrealloc(ca_used, nca_used + 1, sizeof(*ca_used)); ca_used[nca_used++] = key; The result of `xrealloc' is never assigned to `ca_used', which remains a null pointer. Will ca_used[...] crash?. Did I miss anything? Thanks. - xi

Hello. I am trying to play through the following test scenario about certificate revocation on Ubuntu 18.04, which has OpenSSH of this version: OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017 1. A CA key is created ssh-keygen -t ed25519 -f ca 2. The CA public key is added to ~/.ssh/authorized_keys on some server: cert-authority ssh-ed25519 AAAA...e ca at yoga 3. A user key is created on a

I believe there has been a bug in KRL signature verification that has been present since the KRL feature was first introduced. It prevents signed KRLs from being loaded by OpenSSH [0]. I believe this bug applies to all versions of OpenSSH, although the majority of my effort has been devoted to (and all of my code snippets come from) openssl-portable. The bug is that an offset is incorrectly