search for: server_key

...ord[SHA1_RESULTLEN]; + const char *snonce; /* received: */ const char *gs2_cbind_flag; const char *cnonce; - const char *snonce; const char *client_first_message_bare; const char *client_final_message_without_proof; buffer_t *proof; + + /* stored */ + buffer_t *stored_key; + buffer_t *server_key; }; -static void Hi(const unsigned char *str, size_t str_size, - const unsigned char *salt, size_t salt_size, unsigned int i, - unsigned char result[SHA1_RESULTLEN]) -{ - struct hmac_context ctx; - unsigned char U[SHA1_RESULTLEN]; - unsigned int j, k; - - /* Calculate U1 */ - hmac_...

Hi, Has anybody produced diffs for openssh-2.3.0p1 for the rsa keyexchange problem that Core-SDI described ? ( I noticed that fix is already in openbsd tree ). -Jarno -- Jarno Huuskonen - System Administrator | Jarno.Huuskonen at uku.fi University of Kuopio - Computer Center | Work: +358 17 162822 PO BOX 1627, 70211 Kuopio, Finland | Mobile: +358 40 5388169

...hmac_final(&ctx, U); for (k = 0; k < SHA1_RESULTLEN; k++) result[k] ^= U[k]; } @@ -94,7 +95,7 @@ static const char *get_scram_server_final(struct scram_auth_request *request) { - struct hmac_sha1_context ctx; + struct hmac_context ctx; const char *auth_message; unsigned char server_key[SHA1_RESULTLEN]; unsigned char server_signature[SHA1_RESULTLEN]; @@ -104,17 +105,17 @@ request->server_first_message, ",", request->client_final_message_without_proof, NULL); - hmac_sha1_init(&ctx, request->salted_password, - sizeof(request->salted_pass...

Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this

...IZE crypto_scalarmult_curve25519_BYTES +#define CURVE25519_PRIVKEY_SIZE crypto_scalarmult_curve25519_SCALARBYTES + +void +kexc25519_server(Kex *kex) +{ + BIGNUM *shared_secret; + Key *server_host_private, *server_host_public; + u_char *server_host_key_blob = NULL, *signature = NULL; + u_char server_key[CURVE25519_PRIVKEY_SIZE]; + u_char *client_pubkey = NULL; + u_char server_pubkey[CURVE25519_PUBKEY_SIZE]; + u_char shared_secret_raw[CURVE25519_PUBKEY_SIZE]; + u_char *hash; + u_int rnd=0, slen, sbloblen, hashlen, i; + + /* generate private key */ + for (i = 0; i...

...is the device diff -Nur openssh-3.7.1p2/sshconnect1.c openssh-3.7.1p2-serverlieswarning/sshconnect1.c --- openssh-3.7.1p2/sshconnect1.c 2003-09-02 08:51:17.000000000 -0400 +++ openssh-3.7.1p2-serverlieswarning/sshconnect1.c 2003-11-04 02:29:50.000000000 -0500 @@ -494,7 +494,8 @@ packet_get_bignum(server_key->rsa->n); rbits = BN_num_bits(server_key->rsa->n); - if (bits != rbits) { + if (bits == rbits + 1 && ! options.server_lies_warning) { + } else if (bits != rbits) { logit("Warning: Server lies about size of server public key: " "actual size is %d bits...

...suggest an avenue of investigation. This seems to be happening with any release of openssh since at least 2.5.2p1. 1) Problem #1: If SSH protocol 1 is enabled then sshd segfaults right off. This turns out to be because the call to arc4random_stir is corrupting memory and making sensitive_data.server_key non NULL. When key_free is then called on it's UNALLOCATED storage, you get a pretty seg fault. 2) Problem #3: snprintf doesn't like the %.100s specifier. For some reason 00s gets printed, and all the arguments get shifted. This breaks all sorts of things in all sorts of horrible ways...

...t key: " "actual size is %d bits vs. announced %d.", rbits, bits); log("Warning: This may be due to an old implementation of ssh."); --- sshd.c.O Thu Jul 5 10:49:10 2001 +++ sshd.c Thu Jul 5 10:49:27 2001 @@ -1217,7 +1217,12 @@ packet_put_bignum(sensitive_data.server_key->rsa->n); /* Store our public host RSA key. */ - packet_put_int(BN_num_bits(sensitive_data.ssh1_host_key->rsa->n)); + len = BN_num_bits(sensitive_data.ssh1_host_key->rsa->n); + if ((datafellows & SSH_BUG_SERVERLIESSIZE) && (len & 1)) { + /* old ssh client e...

We've run into an interesting dilemma regarding last log information and ssh 4.2p1. In 3.8, we didn't see this problem, but now has cropped up in 4.2. When a user logs in, sshd seems to call 'last' to get the last log information. 'last' then opens the /var/log/wtmp file and processes the information. On some systems, this file can be quite large, and we're seeing

...openssh/sshconnect1.c openssh-sshfp/sshconnect1.c --- openssh/sshconnect1.c 2006-11-07 13:14:42.000000000 +0100 +++ openssh-sshfp/sshconnect1.c 2010-11-27 23:57:11.267747490 +0100 @@ -535,7 +535,7 @@ debug("Received server public key (%d bits) and host key (%d bits).", BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n)); - if (verify_host_key(host, hostaddr, host_key) == -1) + if (verify_host_key(host, hostaddr, host_key, NULL) == -1) fatal("Host key verification failed."); client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD...

...X fixme */ Kex *xxx_kex; +/* Daemon's agent connection */ +AuthenticationConnection *auth_conn = NULL; + /* * Any really sensitive data in the application is contained in this * structure. The idea is that this structure could be locked into memory so @@ -206,6 +210,7 @@ struct { Key *server_key; /* ephemeral server key */ Key *ssh1_host_key; /* ssh1 host key */ Key **host_keys; /* all private host keys */ + Key **host_pubkeys; /* all public host keys */ Key **host_certificates; /* all public host certificates */ int have_ssh1_key; int have_ssh2_key; @@ -652,11 +657,18 @@ pri...

Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer