Displaying 17 results from an estimated 17 matches for "sshkey_free".
2015 Jun 23
2
Call for testing: OpenSSH 6.9
...,10 @@ sshkey_file_tests(void)
{
struct sshkey *k1, *k2;
struct sshbuf *buf, *pw;
- BIGNUM *a, *b, *c;
char *cp;
+#ifdef WITH_OPENSSL
+ BIGNUM *a, *b, *c;
+#endif
TEST_START("load passphrase");
pw = load_text_file("pw");
@@ -102,6 +104,7 @@ sshkey_file_tests(void)
sshkey_free(k1);
#endif
+#ifdef WITH_OPENSSL
TEST_START("parse RSA from private");
buf = load_file("rsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa_1",
@@ -388,6 +391,7 @@ sshkey_file_tests(void)
sshkey_free(k1);
#endif /* OPENSSL_HAS_ECC...
2015 May 29
16
Call for testing: OpenSSH 6.9
Hi,
OpenSSH 6.9 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains
some substantial new features and a number of bugfixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is
2014 Sep 08
1
possible deadcodes in sources
...> -1)
close(tmp1);
- if (tmp2 > 0)
- close(tmp2);
return 0;
}
close(tmp1);
* sshkey.c:1321:dead_error_line ? Execution cannot reach this statement "break;".
code:
retval = 0;
/*XXXX*/
sshkey_free(k);
if (retval != 0)
break;
XXXX here probably means fix in future, but the last two lines seem to be functionless
* clientloop.c:2087:dead_error_line ? Execution cannot reach this expression "81" inside statement "packet_start((success ? 81 ...".
I hope that it m...
2015 Jul 26
2
[PATCH] ssh-agent: Add support to load additional certificates
...quot;Certificate added: %s (%s)\n", filename,
+ cert->cert->key_id);
+ if (lifetime != 0)
+ fprintf(stderr, "Lifetime set to %d seconds\n", lifetime);
+ if (confirm != 0)
+ fprintf(stderr, "The user must confirm each use of the key\n");
+ out:
+ free(comment);
+ sshkey_free(cert);
+
+ return ret;
+}
+
+static int
add_file(int agent_fd, const char *filename, int key_only)
{
struct sshkey *private, *cert;
@@ -445,13 +488,16 @@ lock_agent(int agent_fd, int lock)
}
static int
-do_file(int agent_fd, int deleting, int key_only, char *file)
+do_file(int agent_fd, int...
2020 Jun 09
3
[PATCH v2 0/2] Add openssl engine keys with provider upgrade path
I've architected this in a way that looks future proof at least to the
openssl provider transition. What will happen in openssl 3.0.0 is
that providers become active and will accept keys via URI. The
current file mechanisms will still be available but internally it will
become a file URI. To support the provider interface, openssl will
have to accept keys by URI instead of file and may
2020 Apr 15
2
[PATCH] regression of comment extraction in private key file without passphrase
Hello,
In one recent change
(https://anongit.mindrot.org/openssh.git/commit/?id=2b13d3934d5803703c04803ca3a93078ecb5b715),
I noticed a regression.
If ssh-keygen is given a private file without passphrase and without the
corresponding .pub file, I doesn't extract the comment after the commit,
while it did before:
Before the commit:
$ ./ssh-keygen -q -t dsa -N '' -C foobar -f
2017 Oct 26
3
[RFC 0/2] add engine based keys
Engine keys are private key files which are only understood by openssl
external engines. ?The problem is they can't be loaded with the usual
openssl methods, they have to be loaded via ENGINE_load_private_key().
?Because they're files, they fit well into openssh pub/private file
structure, so they're not very appropriately handled by the pkcs11
interface because it assumes the private
2020 Apr 25
2
[PATCH 1/3] Add private key protection information extraction to ssh-keygen
...al("%s: %s", identity_file, strerror(errno));
-?? ?prv = load_identity(identity_file, &comment);
+?? ?prv = load_identity(identity_file, &comment, &vault_info);
??? ?if ((r = sshkey_write(prv, stdout)) != 0)
??? ??? ?error("sshkey_write failed: %s", ssh_err(r));
??? ?sshkey_free(prv);
??? ?if (comment != NULL && *comment != '\0')
-?? ??? ?fprintf(stdout, " %s", comment);
-?? ?fprintf(stdout, "\n");
+?? ??? ?printf(" %s", comment);
+?? ?printf("\n");
+?? ?if (log_level_get() >= SYSLOG_LEVEL_VERBOSE) {
+?? ??? ?print...
2016 Dec 28
2
certificates keys on pkcs11 devices
Hi,
I have not found any way to use a Certificate with ssh-agent when my Key is
stored on a pkcs11 device. I can add my key with
ssh-add -s /usr/local/lib/opensc-pkcs11.so
but
ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub
does not add the certificate to my agent. As far as I undestand, in
ssh-add.c line 580
if (pkcs11provider != NULL) {
if (update_card(agent_fd,
2020 Jan 30
6
[PATCH 1/2] Add support for openssl engine based keys
...quot;, __func__, type);
+ goto send;
+ }
+ }
+ if (lifetime && !death)
+ death = monotime() + lifetime;
+
+ if ((r = engine_process_add(engine, file, pin, &k)) < 0)
+ goto send;
+
+ if (sshkey_load_public(file, &kp, &comment) < 0)
+ comment = xstrdup(file);
+ else
+ sshkey_free(kp);
+
+ r = SSH_AGENT_SUCCESS;
+ if (lookup_identity(k) == NULL) {
+ id = xcalloc(1, sizeof(Identity));
+ id->key = k;
+ id->provider = xstrdup(engine);
+ id->comment = comment;
+ id->death = death;
+ id->confirm = confirm;
+ TAILQ_INSERT_TAIL(&idtab->idlist, id, next)...
2016 Apr 22
2
Client-side public key causing mess
...id->key != NULL &&
> + !sshkey_equal(id->key, private)) {
> + error("Load key \"%s\": private key does not match "
> + "public key", id->filename);
> + sshkey_free(private);
> + private = NULL;
> + quit = 1;
> + }
> if (!quit && private != NULL && id->agent_fd == -1 &&
> !(id->key && id->isprivate))
>...
2018 Sep 06
4
Some wishes regarding revoked keys
Hello.
I am trying to play through the following test scenario about
certificate revocation on Ubuntu 18.04, which has OpenSSH of this version:
OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017
1. A CA key is created
ssh-keygen -t ed25519 -f ca
2. The CA public key is added to ~/.ssh/authorized_keys on some server:
cert-authority ssh-ed25519 AAAA...e ca at yoga
3. A user key is created on a
2016 Apr 19
4
Client-side public key causing mess
Hello,
I have a client machine and a server machine. I generated a pair of
private-public rsa keys using ssh-keygen.
On the client-machine, I uploaded my private key onto ~/.ssh/id_rsa
On the server machine, I appended the content of the public key to
.ssh/authorized_keys
I can successfully connect from the client to the server with that config.
However, on the client-side, if I add a
2017 Jul 04
12
[Bug 2737] New: function identity_sign() assume private key's pub part as same as the .pub key.
https://bugzilla.mindrot.org/show_bug.cgi?id=2737
Bug ID: 2737
Summary: function identity_sign() assume private key's pub part
as same as the .pub key.
Product: Portable OpenSSH
Version: 7.5p1
Hardware: Other
OS: Other
Status: NEW
Severity: enhancement
Priority: P5
2020 Oct 06
2
Accessing SSH key path using SSH_ASKPASS and passwordstore
Hello,
With the introduction of SSH_ASKPASS_REQUIRE in version 8.4, I've set
up a script for SSH_ASKPASS to query my local passwordstore
(https://www.passwordstore.org/) vault to retrieve the password for a
given key. This works for ssh-add as well as ssh (configured with
AddKeysToAgent set to 'yes'). My workflow effectively transforms into
entering the password for the GPG key used
2017 Mar 02
61
[Bug 2687] New: Coverity scan fixes
https://bugzilla.mindrot.org/show_bug.cgi?id=2687
Bug ID: 2687
Summary: Coverity scan fixes
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
2015 Sep 25
24
[Bug 2472] New: Add support to load additional certificates
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
Bug ID: 2472
Summary: Add support to load additional certificates
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-agent
Assignee: unassigned-bugs at