search for: ssh2_agent_sign_response

...!= SSH_AGENT_RSA_RESPONSE) { fatal("Bad authentication response: %d", type); *************** *** 366,372 **** return -1; } type = buffer_get_char(&msg); ! if (agent_failed(type)) { log("Agent admitted failure to sign using the key."); } else if (type != SSH2_AGENT_SIGN_RESPONSE) { fatal("Bad authentication response: %d", type); --- 366,372 ---- return -1; } type = buffer_get_char(&msg); ! if (type == SSH_AGENT_FAILURE) { log("Agent admitted failure to sign using the key."); } else if (type != SSH2_AGENT_SIGN_RESPONSE) { fa...

...licKey.RSA module, but it keeps failing to verify. I've stared at it for about 5 hours now... I went and read RFC 2437... that seemed straightforward. I tried to read the underlying RSA signature code in the openssl library; truth be told, I couldn't follow that. But I'm pretty sure the SSH2_AGENT_SIGN_RESPONSE message carries just the key type name ("ssh-rsa") and the signature data in buffer_put_bignum2 SSH2 format; I should be able to just decode that bignum and pass it right to k.verify(dh, (sigdata,)) no? Are there some padding bytes or encoding or something that I'm missing? Help?!?!...

...*e) Identity *id = lookup_identity(key, 2); if (id != NULL && (!id->confirm || confirm_key(id) == 0)) ok = key_sign(id->key, &signature, &slen, data, dlen); + key_free(key); } - key_free(key); buffer_init(&msg); if (ok == 0) { buffer_put_char(&msg, SSH2_AGENT_SIGN_RESPONSE);

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet

...+ blob = buffer_get_binary(&e->request, &blen); + data = buffer_get_binary(&e->request, &dlen); flags = buffer_get_int(&e->request); if (flags & SSH_AGENT_OLD_SIGNATURE) @@ -319,7 +319,7 @@ buffer_init(&msg); if (ok == 0) { buffer_put_char(&msg, SSH2_AGENT_SIGN_RESPONSE); - buffer_put_string(&msg, signature, slen); + buffer_put_binary(&msg, signature, slen); } else { buffer_put_char(&msg, SSH_AGENT_FAILURE); } @@ -354,7 +354,7 @@ key_size(key), bits); break; case 2: - blob = buffer_get_string(&e->request, &blen); + bl...