Displaying 8 results from an estimated 8 matches for "sshkey_from_blob".
2024 Mar 30
11
[Bug 3675] New: CASignatureAlgorithms should be verified before verifying signatures
...decrypt to be
redirected to a payload. This is not reachable for normal pubkey
authentication without
1) the key algorithm being of a permitted type
2) knowing at least the signature of a pubkey in authorized_keys etc
However, certificates are verified before such checks:
userauth_pubkey()
-> sshkey_from_blob()
-> sshkey_from_blob_internal()
-> cert_parse()
-> sshkey_verify(key->cert->signature_key)
-> ssh_rsa_verify() (or others, depending on cert type)
-> openssh_RSA_verify()
-> RSA_public_decrypt()
The signature algorithm *is* subsequently checked, but of course
RSA_public_de...
2017 Nov 14
2
OpenSSH 7.6p1 ssh-agent exiting if passed an invalid key blob
...(e->request, &data, &dlen)) != 0 ||
(r = sshbuf_get_u32(e->request, &flags)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (flags & SSH_AGENT_OLD_SIGNATURE)
compat = SSH_BUG_SIGBLOB;
if ((r = sshkey_from_blob(blob, blen, &key)) != 0) {
error("%s: cannot parse key blob: %s", __func__, ssh_err(r));
goto send;
}
However, in 7.6p1, this changed to:
if ((r = sshkey_froms(e->request, &key)) != 0 ||
(r = sshbuf_get_string_direct...
2015 Nov 26
4
[Bug 2507] New: missing or misleading error messages
...eporter: tomas.kuthan at oracle.com
After code refactoring for library-like interfaces, error messages are
no longer printed for DSA_do_sign() or RSA_sign() failures in some code
paths.
When investigating error messaging for signing failures I also noticed,
that incorrect messages are printed for sshkey_from_blob() and
sshkey_sign() errors in ssh-agent.c.
--
You are receiving this mail because:
You are watching the assignee of the bug.
2016 Feb 17
2
Call for testing: OpenSSH 7.2
On Wed, 17 Feb 2016, Hisashi T Fujinaka wrote:
> > I need to make these error messages more user-friendly :(
> >
> > -24 is SSH_ERR_SYSTEM_ERROR, so it's likely failing to find/load the
> > key for some reason. I'll make a patch to improve the error message,
> > but in the meantime you could probably figure out the exact failure
> > using
2016 Feb 17
4
Call for testing: OpenSSH 7.2
On Wed, Feb 17, 2016 at 3:51 AM, Hisashi T Fujinaka <htodd at twofifty.com> wrote:
> Sorry, I haven't been paying too much attention here, but I'm having
> repeated failures when I tried this morning.
>
> NetBSD-current:
> test_sshkey: ..................................[1] Segmentation fault
> (core dumped) ${V} /home/htodd...
> *** Error code 139
did it
2017 Jan 26
4
Server accepts key: pkalg rsa-sha2-512 vs ssh-rsa
Hi,
I'm doing some test with a pkcs11 token that can only sign short messages.
When connecting to one server, that reports pkalg rsa-sha2-512 blen
151, it fails to sign the pubkey because it is 83 bytes long. (sshd:
OpenSSH_7.3p1)
A older server that reports pkalg ssh-rsa blen 151, works perfectly as
the pubkey signature required is only 35 bytes long. (sshd:
OpenSSH_6.7p1)
I am not sure
2017 Feb 17
11
[Bug 2680] New: Regression in server-sig-algs offer in 7.4p1 (Deprecation of SHA1 is not being enforced)
...@@ int sshkey_ec_validate_private(const EC_KEY *);
const char *sshkey_ssh_name(const struct sshkey *);
const char *sshkey_ssh_name_plain(const struct sshkey *);
int sshkey_names_valid2(const char *, int);
-char *sshkey_alg_list(int, int, char);
+char *sshkey_alg_list(int, int, int, char);
int sshkey_from_blob(const u_char *, size_t, struct sshkey **);
int sshkey_fromb(struct sshbuf *, struct sshkey **);
--
You are receiving this mail because:
You are watching the assignee of the bug.
2016 Jul 22
18
Call for testing: OpenSSH 7.3
Hi,
OpenSSH 5.3 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains some
substantial new features and a number of bugfixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is