search for: sshkey_free

...,10 @@ sshkey_file_tests(void) { struct sshkey *k1, *k2; struct sshbuf *buf, *pw; - BIGNUM *a, *b, *c; char *cp; +#ifdef WITH_OPENSSL + BIGNUM *a, *b, *c; +#endif TEST_START("load passphrase"); pw = load_text_file("pw"); @@ -102,6 +104,7 @@ sshkey_file_tests(void) sshkey_free(k1); #endif +#ifdef WITH_OPENSSL TEST_START("parse RSA from private"); buf = load_file("rsa_1"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa_1", @@ -388,6 +391,7 @@ sshkey_file_tests(void) sshkey_free(k1); #endif /* OPENSSL_HAS_ECC...

Hi, OpenSSH 6.9 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

...> -1) close(tmp1); - if (tmp2 > 0) - close(tmp2); return 0; } close(tmp1); * sshkey.c:1321:dead_error_line ? Execution cannot reach this statement "break;". code: retval = 0; /*XXXX*/ sshkey_free(k); if (retval != 0) break; XXXX here probably means fix in future, but the last two lines seem to be functionless * clientloop.c:2087:dead_error_line ? Execution cannot reach this expression "81" inside statement "packet_start((success ? 81 ...". I hope that it m...

...quot;Certificate added: %s (%s)\n", filename, + cert->cert->key_id); + if (lifetime != 0) + fprintf(stderr, "Lifetime set to %d seconds\n", lifetime); + if (confirm != 0) + fprintf(stderr, "The user must confirm each use of the key\n"); + out: + free(comment); + sshkey_free(cert); + + return ret; +} + +static int add_file(int agent_fd, const char *filename, int key_only) { struct sshkey *private, *cert; @@ -445,13 +488,16 @@ lock_agent(int agent_fd, int lock) } static int -do_file(int agent_fd, int deleting, int key_only, char *file) +do_file(int agent_fd, int...

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

Hello, In one recent change (https://anongit.mindrot.org/openssh.git/commit/?id=2b13d3934d5803703c04803ca3a93078ecb5b715), I noticed a regression. If ssh-keygen is given a private file without passphrase and without the corresponding .pub file, I doesn't extract the comment after the commit, while it did before: Before the commit: $ ./ssh-keygen -q -t dsa -N '' -C foobar -f

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private

...al("%s: %s", identity_file, strerror(errno)); -?? ?prv = load_identity(identity_file, &comment); +?? ?prv = load_identity(identity_file, &comment, &vault_info); ??? ?if ((r = sshkey_write(prv, stdout)) != 0) ??? ??? ?error("sshkey_write failed: %s", ssh_err(r)); ??? ?sshkey_free(prv); ??? ?if (comment != NULL && *comment != '\0') -?? ??? ?fprintf(stdout, " %s", comment); -?? ?fprintf(stdout, "\n"); +?? ??? ?printf(" %s", comment); +?? ?printf("\n"); +?? ?if (log_level_get() >= SYSLOG_LEVEL_VERBOSE) { +?? ??? ?print...

Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,

...quot;, __func__, type); + goto send; + } + } + if (lifetime && !death) + death = monotime() + lifetime; + + if ((r = engine_process_add(engine, file, pin, &k)) < 0) + goto send; + + if (sshkey_load_public(file, &kp, &comment) < 0) + comment = xstrdup(file); + else + sshkey_free(kp); + + r = SSH_AGENT_SUCCESS; + if (lookup_identity(k) == NULL) { + id = xcalloc(1, sizeof(Identity)); + id->key = k; + id->provider = xstrdup(engine); + id->comment = comment; + id->death = death; + id->confirm = confirm; + TAILQ_INSERT_TAIL(&idtab->idlist, id, next)...

...id->key != NULL && > + !sshkey_equal(id->key, private)) { > + error("Load key \"%s\": private key does not match " > + "public key", id->filename); > + sshkey_free(private); > + private = NULL; > + quit = 1; > + } > if (!quit && private != NULL && id->agent_fd == -1 && > !(id->key && id->isprivate)) >...

Hello. I am trying to play through the following test scenario about certificate revocation on Ubuntu 18.04, which has OpenSSH of this version: OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017 1. A CA key is created ssh-keygen -t ed25519 -f ca 2. The CA public key is added to ~/.ssh/authorized_keys on some server: cert-authority ssh-ed25519 AAAA...e ca at yoga 3. A user key is created on a

Hello, I have a client machine and a server machine. I generated a pair of private-public rsa keys using ssh-keygen. On the client-machine, I uploaded my private key onto ~/.ssh/id_rsa On the server machine, I appended the content of the public key to .ssh/authorized_keys I can successfully connect from the client to the server with that config. However, on the client-side, if I add a

https://bugzilla.mindrot.org/show_bug.cgi?id=2737 Bug ID: 2737 Summary: function identity_sign() assume private key's pub part as same as the .pub key. Product: Portable OpenSSH Version: 7.5p1 Hardware: Other OS: Other Status: NEW Severity: enhancement Priority: P5

Hello, With the introduction of SSH_ASKPASS_REQUIRE in version 8.4, I've set up a script for SSH_ASKPASS to query my local passwordstore (https://www.passwordstore.org/) vault to retrieve the password for a given key. This works for ssh-add as well as ssh (configured with AddKeysToAgent set to 'yes'). My workflow effectively transforms into entering the password for the GPG key used

https://bugzilla.mindrot.org/show_bug.cgi?id=2687 Bug ID: 2687 Summary: Coverity scan fixes Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2472 Bug ID: 2472 Summary: Add support to load additional certificates Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-agent Assignee: unassigned-bugs at