Displaying 9 results from an estimated 9 matches for "siglen".
Did you mean:
sglen
2002 Apr 24
2
RSA_verify question on OpenSSH Client w/ OpenSSL0.9.6a
...lient and OpenSSL 0.9.6a
When trying to ssh to OpenSSH server of
higher versions SSH-1.99-OpenSSH_2.5.2p2 or such,
I see error in RSA key exchange:
RSA_verify(..)routine.
I see:
error at:int RSA_verify(int dtype, unsigned char *m,
unsigned int m_len,
unsigned char *sigbuf, unsigned int siglen,
RSA *rsa)
{
int i,ret=0,sigtype;
unsigned char *p,*s;
X509_SIG *sig=NULL;
if (siglen != (unsigned int)RSA_size(rsa))
{
RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
return(0);
}
debugger output:
Breakpoint 1, RSA_verify (dtype=64,...
2002 Jul 20
0
opensc smartcard support does not work
...ctx->reader_count) {
+ r = SC_ERROR_NO_READERS_FOUND;
+ goto err;
+ }
r = sc_connect_card(ctx->reader[sc_reader_id], 0, &card);
if (r)
goto err;
***************
*** 190,212 ****
unsigned char *sigret, unsigned int *siglen, RSA *rsa)
{
struct sc_pkcs15_object *key_obj;
! int r;
unsigned long flags = 0;
r = sc_prkey_op_init(rsa, &key_obj);
! if (r)
! return -1;
/* FIXME: length of sigret correct? */
/* FIXME: check 'type' and modify fla...
2020 Jun 09
3
[PATCH v2 0/2] Add openssl engine keys with provider upgrade path
I've architected this in a way that looks future proof at least to the
openssl provider transition. What will happen in openssl 3.0.0 is
that providers become active and will accept keys via URI. The
current file mechanisms will still be available but internally it will
become a file URI. To support the provider interface, openssl will
have to accept keys by URI instead of file and may
2013 Jun 25
1
RFC: encrypted hostkeys patch
...int
mm_answer_sign(int sock, Buffer *m)
{
@@ -714,10 +717,16 @@ mm_answer_sign(int sock, Buffer *m)
memcpy(session_id2, p, session_id2_len);
}
- if ((key = get_hostkey_by_index(keyid)) == NULL)
+ if ((key = get_hostkey_by_index(keyid)) != NULL) {
+ if (key_sign(key, &signature, &siglen, p, datlen) < 0)
+ fatal("%s: key_sign failed", __func__);
+ } else if ((key = get_hostkey_public_by_index(keyid)) != NULL &&
+ auth_conn != NULL) {
+ if (ssh_agent_sign(auth_conn, key, &signature, &siglen, p,
+ datlen) < 0)
+ fatal("%s: ssh_agent_...
2017 Oct 26
3
[RFC 0/2] add engine based keys
Engine keys are private key files which are only understood by openssl
external engines. ?The problem is they can't be loaded with the usual
openssl methods, they have to be loaded via ENGINE_load_private_key().
?Because they're files, they fit well into openssh pub/private file
structure, so they're not very appropriately handled by the pkcs11
interface because it assumes the private
2020 Jan 30
6
[PATCH 1/2] Add support for openssl engine based keys
...d->ret = 1;
+ }
+ }
+
+ return d->ret;
+}
+
+int
+engine_process_add(char *engine, char *file, char *pin,
+ struct sshkey **k)
+{
+ EVP_PKEY *pk;
+ ENGINE *e;
+ struct sshkey *key;
+ int ret;
+ UI_METHOD *ui;
+ EVP_PKEY_CTX *ctx;
+ char hash[SHA256_DIGEST_LENGTH], result[1024];
+ size_t siglen;
+ struct ui_data d;
+
+ verbose("%s: add provider=%s, key=%s", __func__, engine, file);
+
+ ret = SSH_ERR_INTERNAL_ERROR;
+ e = ENGINE_by_id(engine);
+ if (!e) {
+ verbose("%s: failed to get engine %s", __func__, engine);
+ ERR_print_errors_fp(stderr);
+ return ret;
+ }
+
+...
2015 Mar 31
7
Wanted: smartcard with ECDSA support
Hi list,
I have no idea if Damien Miller had the time to work on that.
I have an initial patch to authenticate using PKCS#11 and ECDSA keys.
This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the
required interfaces to override the signature function pointer for ECDSA.
The only limitation is that the OpenSSL API misses some cleanup function
(finish, for instance), hence I have yet
2003 Oct 08
4
OS/390 openssh
..._func__);
keyid = buffer_get_int(m);
- p = buffer_get_string(m, &datlen);
+ p = buffer_get_binary(m, &datlen);
if (datlen != 20)
fatal("%s: data length incorrect: %u", __func__, datlen);
@@ -527,7 +527,7 @@
debug3("%s: signature %p(%u)", __func__, signature, siglen);
buffer_clear(m);
- buffer_put_string(m, signature, siglen);
+ buffer_put_binary(m, signature, siglen);
xfree(p);
xfree(signature);
@@ -574,7 +574,7 @@
authctxt->valid = 1;
buffer_put_char(m, 1);
- buffer_put_string(m, pwent, sizeof(struct passwd));
+ buffer_put_binary(m, pwent,...
2006 Nov 15
11
OpenSSH Certkey (PKI)
...const u_char *cert, const Key *ca_key, const Key *key,
+ const u_char *identity)
+{
+ u_char ca_fp[128], ca_name[128], ca_id[128], ca_opts[512];
+ u_char ca_vf[16], ca_vt[16], ca_alg[64], ca_sig[1024];
+ u_char sigbuf[1024], datbuf[2048], c, *fp;
+ unsigned long vf, vt, now = time(NULL);
+ u_int siglen, i;
+
+ if (cert == NULL || ca_key == NULL || ca_key->type != KEY_RSA ||
+ ca_key->rsa == NULL || key == NULL) {
+ debug2("cert_verify: invalid arguments");
+ return 0;
+ }
+
+ cert_token(&cert, ca_fp, sizeof(ca_fp));
+ cert_token(&cert, ca_name, sizeof(ca_name));
+ ce...