search for: pktype

http://bugzilla.mindrot.org/show_bug.cgi?id=526 Summary: potential ssh-keysign segfault if pktype == KEY_UNSPEC Product: Portable OpenSSH Version: 3.6p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: openssh-unix-dev at mindrot.org Repo...

...---- #include "ssh-gss.h" #endif + #include <openssl/sha.h> + #ifdef OPENSSL_FIPS + #include <openssl/fips.h> + #endif + + /* import */ extern char *client_version_string; extern char *server_version_string; *************** *** 591,597 **** key->type, pktype); goto done; } ! fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); debug2("input_userauth_pk_ok: fp %s", fp); xfree(fp); --- 604,611 ---- key->type, pktype); goto done; } ! fp = key_fingerprint(key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, !...

...misc.h" + +/* import */ +extern ServerOptions options; +extern u_char *session_id2; +extern u_int session_id2_len; + +static int +userauth_certkey(Authctxt *authctxt) +{ + Buffer b; + Key *key = NULL; + char *pkalg; + u_char *pkblob, *sig, *cert; + u_int alen, blen, slen, clen; + int have_sig, pktype; + int authenticated = 0; + + if (!authctxt->valid) { + debug2("userauth_certkey: disabled because of invalid user"); + return 0; + } + have_sig = packet_get_char(); + if (datafellows & SSH_BUG_PKAUTH) { + debug2("userauth_certkey: SSH_BUG_PKAUTH"); + /* no explicit p...

...ffer_init(&b); buffer_append(&b, pkblob, blen); /* so we have to extract the pkalg from the pkblob */ @@ -73,7 +73,7 @@ buffer_free(&b); } else { pkalg = packet_get_string(&alen); - pkblob = packet_get_string(&blen); + pkblob = packet_get_binary(&blen); } pktype = key_type_from_name(pkalg); if (pktype == KEY_UNSPEC) { @@ -93,13 +93,13 @@ goto done; } if (have_sig) { - sig = packet_get_string(&slen); + sig = packet_get_binary(&slen); packet_check_eom(); buffer_init(&b); if (datafellows & SSH_OLD_SESSIONID) { buffer_ap...

...SG_SERVICE_REQUEST, &input_service_request); dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt); - - do_authenticated(authctxt); + do_authenticated(authctxt, realname); } static void @@ -403,6 +428,13 @@ u_int alen, blen, slen; int have_sig, pktype; int authenticated = 0; + + char realname[40] = "UNKNOWN" ; + char tempreal[40] = "UNKNOWN" ; + + debug("**************************"); + debug("VIX userauth_pubkey called"); + debug("**************************")...

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,