search for: sigbuf

Using OpenSSH 2.3.1 client and OpenSSL 0.9.6a When trying to ssh to OpenSSH server of higher versions SSH-1.99-OpenSSH_2.5.2p2 or such, I see error in RSA key exchange: RSA_verify(..)routine. I see: error at:int RSA_verify(int dtype, unsigned char *m, unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, RSA *rsa) { int i,ret=0,sigtype; unsigned char *p,*s; X509_SIG *sig=NULL; if (siglen != (unsigned int)RSA_size(rsa)) { RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); return(0); } debugger output: Breakpoint 1, RSA...

...ys, const char *revoked_keys, - char * const *opts, size_t nopts) + const char *principal, char **allowed_keys, size_t nallowed_keys, + const char *revoked_keys, char * const *opts, size_t nopts) { - int r, ret = -1; + int r, ret = -1, matched = 0; int print_pubkey = 0; struct sshbuf *sigbuf = NULL, *abuf = NULL; struct sshkey *sign_key = NULL; char *fp = NULL; struct sshkey_sig_details *sig_details = NULL; uint64_t verify_time = 0; + size_t i; if (sig_process_opts(opts, nopts, NULL, &verify_time, &print_pubkey) != 0) @@ -2850,9 +2855,23 @@ sig_verify(const ch...

Hello, I'm currently evaluating using `ssh-keygen -Y verify` to check OS artifacts (e.g. packages) and I noticed that the `-f allowed_signers_file` option can be passed only once. A side remark: technically it can be passed multiple times without a warning but the last invocation overrides all previous ones. Tested using: $ ssh-keygen -Y verify -f allowed_signers -f /dev/null -n file -s

From: Maxime Rey <maximejeanrey at gmail.com> Hello, I've discovered an issue with sshd when it's configured to use the SSH agent alongside multiple host keys. Specifically, this problem happens during the hostkeys-prove-00 at openssh.com request, when the server attempts to demonstrate ownership of the host keys by calling the agent. The issue occurs because, while processing the

...} + +/* check whether certificate is valid and signature correct */ +int +cert_verify(const u_char *cert, const Key *ca_key, const Key *key, + const u_char *identity) +{ + u_char ca_fp[128], ca_name[128], ca_id[128], ca_opts[512]; + u_char ca_vf[16], ca_vt[16], ca_alg[64], ca_sig[1024]; + u_char sigbuf[1024], datbuf[2048], c, *fp; + unsigned long vf, vt, now = time(NULL); + u_int siglen, i; + + if (cert == NULL || ca_key == NULL || ca_key->type != KEY_RSA || + ca_key->rsa == NULL || key == NULL) { + debug2("cert_verify: invalid arguments"); + return 0; + } + + cert_token(&am...