Displaying 7 results from an estimated 7 matches for "ssh_krl_from_blob".
2014 Nov 14
2
[Bug 2313] New: Corrupt KRL file when using multiple CA.
...omponent: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: peter at pean.org
When I have a KRL containing revokations from multiple CA it gets
corrupted some way. sshd cant read it.
This is what sshd says:
debug1: KRL version 0 generated at 20141114T080704
debug3: ssh_krl_from_blob: first pass, section 0x01
debug3: ssh_krl_from_blob: first pass, section 0x01
debug3: ssh_krl_from_blob: second pass, section 0x01
debug3: parse_revoked_certs: subsection type 0x20
debug3: revoked_certs_for_ca_key: new CA RSA
debug3: parse_revoked_certs: subsection type 0x22
debug3: parse_revoked_c...
2015 Dec 29
2
Bug in KRL signature verification
...t parse cursor, rather
than the number of parsed bytes before the cursor, is used as the length of
the data to be verified. I don't believe this bug has any security
implications, though, since both lengths are necessarily smaller than the
length of buf.
Fixing this bug uncovers another bug in ssh_krl_from_blob [3]: "if
(sshbuf_len(sect) > 0)" should read "if (sect != NULL && sshbuf_len(sect) >
0)" (or similar), since a KRL_SECTION_SIGNATURE above might cause sect to
be set to NULL. This bug results in a segmentation fault, but I don't
believe it can be triggered with...
2014 Dec 09
2
build problems on the latest portable tree
...ee - HEAD
3dfd8d93dfcc69261f5af99df56f3ff598581979
- rijndael.c:1104:7: error: ?Td4? undeclared (first use in this function)
(Td4[(t0 >> 24) ] << 24) ^
^
introduced in commit a1f8110cd5ed818d59b3a2964fab7de76e92c18e
- ./libssh.a(krl.o): In function `ssh_krl_from_blob': krl.c:1007:
undefined reference to `reallocarray'
introduced in commit in 74de254bb92c684cf53461da97f52d5ba34ded80 -
reallocarray() seems to only part of openbsd-5.6 stdlib
Petr
--
Petr Lautrbach
2013 Jan 27
1
null pointer dereference in krl.c?
Hi,
In ssh_krl_from_blob(), krl.c:984,
/* Record keys used to sign the KRL */
xrealloc(ca_used, nca_used + 1, sizeof(*ca_used));
ca_used[nca_used++] = key;
The result of `xrealloc' is never assigned to `ca_used', which remains
a null pointer. Will ca_used[...] crash?. Did I miss anything?
Thanks.
- xi
2018 Sep 06
4
Some wishes regarding revoked keys
Hello.
I am trying to play through the following test scenario about
certificate revocation on Ubuntu 18.04, which has OpenSSH of this version:
OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017
1. A CA key is created
ssh-keygen -t ed25519 -f ca
2. The CA public key is added to ~/.ssh/authorized_keys on some server:
cert-authority ssh-ed25519 AAAA...e ca at yoga
3. A user key is created on a
2013 Feb 26
16
Call for testing: OpenSSH-6.2
Hi,
It's that time again...
OpenSSH 6.2 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains
some substantial new features and a number of bugfixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
2017 Mar 02
61
[Bug 2687] New: Coverity scan fixes
https://bugzilla.mindrot.org/show_bug.cgi?id=2687
Bug ID: 2687
Summary: Coverity scan fixes
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org