search for: sshbuf_get_u32

...ough. It was only the key blob that was not recognizable. Looking more closely at the code, the 7.5p1 code looked like: if ((r = sshbuf_get_string(e->request, &blob, &blen)) != 0 || (r = sshbuf_get_string(e->request, &data, &dlen)) != 0 || (r = sshbuf_get_u32(e->request, &flags)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); if (flags & SSH_AGENT_OLD_SIGNATURE) compat = SSH_BUG_SIGBLOB; if ((r = sshkey_from_blob(blob, blen, &key)) != 0) { error("%s...

.../ssh-agent.c > @@ -272,8 +272,11 @@ process_sign_request2(SocketEntry *e) > fatal("%s: sshbuf_new failed", __func__); > if ((r = sshkey_froms(e->request, &key)) != 0 || > (r = sshbuf_get_string_direct(e->request, &data, &dlen)) != 0 || > - (r = sshbuf_get_u32(e->request, &flags)) != 0) > - fatal("%s: buffer error: %s", __func__, ssh_err(r)); > + (r = sshbuf_get_u32(e->request, &flags)) != 0) { > + error("%s: couldn't parse request: %s", __func__, ssh_err(r)); > + goto send; > + } > + > i...

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private

...fatal("%s: buffer error: %s", __func__, ssh_err(r)); + + while (sshbuf_len(e->request)) { + if ((r = sshbuf_get_u8(e->request, &type)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + switch (type) { + case SSH_AGENT_CONSTRAIN_LIFETIME: + if ((r = sshbuf_get_u32(e->request, &seconds)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); + death = monotime() + seconds; + break; + case SSH_AGENT_CONSTRAIN_CONFIRM: + confirm = 1; + break; + default: + error("%s: Unknown constraint type %d", __func__,...

...uot;) == 0 && strcmp(ciphername, "none") != 0) { ??? ??? ?r = SSH_ERR_INVALID_FORMAT; ??? ??? ?goto out; @@ -4108,6 +4168,7 @@ private2_decrypt(struct sshbuf *decoded, const char *passphrase, ??? ??? ?if ((r = sshbuf_get_string(kdf, &salt, &slen)) != 0 || ??? ??? ???? (r = sshbuf_get_u32(kdf, &rounds)) != 0) ??? ??? ??? ?goto out; +?? ??? ?vault_info->rounds = rounds; ??? ??? ?if (bcrypt_pbkdf(passphrase, strlen(passphrase), salt, slen, ??? ??? ???? key, keylen + ivlen, rounds) < 0) { ??? ??? ??? ?r = SSH_ERR_INVALID_FORMAT; @@ -4155,6 +4216,10 @@ private2_decrypt(struct...