search for: sshkey_load_publ

...bar (DSA) $ rm test_dsa.pub $ ./ssh-keygen -l -f test_dsa 1024 SHA256:/E/JUVD3FO4vHYs+8RfXJW+ah4H4bHcBrCRKFcfZSJk foobar (DSA) Last command after the commit: $ ./ssh-keygen -l -f test_dsa 1024 SHA256:/E/JUVD3FO4vHYs+8RfXJW+ah4H4bHcBrCRKFcfZSJk no comment (DSA) It is due to the fact that the 'sshkey_load_public' function is now finishing by sshkey_load_public_from_private, which is not failing on a (new format) private file. Previously, if did fail and so the fingerprint_private function was calling sshkey_load_private without passphrase as a fallback. I suggest to move the fallback inside the ssh...

...t.c:74 > #2 0x0000000000429992 in test_die () at > regress/unittests/test_helper/test_helper.c:290 > #3 0x0000000000406b0a in assert_int (file=file at entry=0x42a188 > "regress/unittests/hostkeys/test_iterate.c", line=line at entry=163, > a1=a1 at entry=0x42a1e0 "sshkey_load_public( > test_data_file(expected[i].key_file), &expected[i].l.key, NULL)", > a2=a2 at entry=0x42d2cf "0", aa1=-24, aa2=aa2 at entry=0, This one is failing a test assetion - there should be some more useful output available from the test itself. -d

...failing a test assetion - there should be some more useful > > output available from the test itself. > > I think it's this: > > test_hostkeys: > regress/unittests/hostkeys/test_iterate.c:163 test #1 "hostkeys_iterate all > with key parse" > ASSERT_INT_EQ(sshkey_load_public( test_data_file(expected[i].key_file), > &expected[i].l.key, NULL), 0) failed: > sshkey_load_public( test_data_file(expected[i].key_file), &expected[i].l.key, > NULL) = -24 I need to make these error messages more user-friendly :( -24 is SSH_ERR_SYSTEM_ERROR, so it's likely...

...24 SHA256:/E/JUVD3FO4vHYs+8RfXJW+ah4H4bHcBrCRKFcfZSJk foobar (DSA) >> >> Last command after the commit: >> >> $ ./ssh-keygen -l -f test_dsa >> 1024 SHA256:/E/JUVD3FO4vHYs+8RfXJW+ah4H4bHcBrCRKFcfZSJk no comment (DSA) >> >> It is due to the fact that the 'sshkey_load_public' function is now >> finishing by sshkey_load_public_from_private, which is not failing on a >> (new format) private file. Previously, if did fail and so the >> fingerprint_private function was calling sshkey_load_private without >> passphrase as a fallback. >> &g...

Hi, sshd crashes at below location. After compilation, when I start sshd it crashes in ?sshbuf-misc.c? file inside ?sshbuf_b64tod? function at line size_t plen = strlen(b64); The call trace is as below, Sshd main function -> sshkey_load_public -> sshkey_try_load_public -> sshkey_read -> sshbuf_b64tod During compilation a warning is thrown. Is this the trigger point for the crash? "sshkey.c", : warning #2223-D: function "strndup" declared implicitly if ((blobcopy = strndup(cp, space)) == NULL) Plea...

...commentp) { diff --git a/authfile.h b/authfile.h index a6b9759c5ea..0279a89e2b4 100644 --- a/authfile.h +++ b/authfile.h @@ -38,7 +38,6 @@ int sshkey_save_private(struct sshkey *, const char *, int sshkey_load_file(int, struct sshbuf *); int sshkey_load_cert(const char *, struct sshkey **); int sshkey_load_public(const char *, struct sshkey **, char **); -int sshkey_load_private(const char *, const char *, struct sshkey **, char **); int sshkey_load_private_cert(int, const char *, const char *, struct sshkey **); int sshkey_load_private_type(int, const char *, const char *, diff --git a/ssh-keygen....

...ntinue; #endif +#ifndef WITH_OPENSSL + if (expected[i].l.keytype == KEY_RSA || + expected[i].l.keytype == KEY_DSA) + continue; #ifndef OPENSSL_HAS_ECC if (expected[i].l.keytype == KEY_ECDSA) continue; -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ ASSERT_INT_EQ(sshkey_load_public( test_data_file(expected[i].key_file), &expected[i].l.key, NULL), 0); diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c index c61e2bd..cf35f09 100644 --- a/regress/unittests/kex/test_kex.c +++ b/regress/unittests/kex/test_kex.c @@ -141,13 +141,16 @...

On Tue, 16 Feb 2016, Hisashi T Fujinaka wrote: > On Wed, 17 Feb 2016, Damien Miller wrote: > > > > Core was generated by `test_sshkey'. > > > Program terminated with signal SIGSEGV, Segmentation fault. > > > #0 0x000000000041273e in cert_parse (key=0x7f7ff7b120c0, > > > certbuf=0x7f7ff7b16200, b=0x7f7ff7b161b0) at sshkey.c:1896 > > > 1896

Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,

https://bugzilla.mindrot.org/show_bug.cgi?id=3068 Bug ID: 3068 Summary: Duplicate code in sshkey_load_private() function Product: Portable OpenSSH Version: 8.0p1 Hardware: Other OS: Windows 10 Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee:

Hi, OpenSSH 6.9 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

...struct sshkey_vault; ? ?/* XXX document these */ ?/* XXX some of these could probably be merged/retired */ @@ -37,13 +38,13 @@ int sshkey_save_private(struct sshkey *, const char *, ???? const char *, const char *, int, const char *, int); ?int sshkey_load_cert(const char *, struct sshkey **); ?int sshkey_load_public(const char *, struct sshkey **, char **); -int sshkey_load_private(const char *, const char *, struct sshkey **, char **); +int sshkey_load_private(const char *, const char *, struct sshkey **, char **, struct sshkey_vault **); ?int sshkey_load_private_cert(int, const char *, const char *, ???? s...

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

https://bugzilla.mindrot.org/show_bug.cgi?id=2561 Bug ID: 2561 Summary: ssh-keygen -A does not recreate broken zero-sized host keys Product: Portable OpenSSH Version: 7.2p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh-keygen

...penssh.cert_shadow/ssh-add.c 2015-07-26 15:58:06.513151180 +0200 @@ -180,6 +180,49 @@ delete_all(int agent_fd) } static int +add_certificate_only(int agent_fd, const char *filename) +{ + struct sshkey *cert = NULL; + char *comment = NULL; + int r, ret = -1; + + /* Load certificate */ + if ((r = sshkey_load_public(filename, &cert, &comment)) != 0) { + if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT) + error("Failed to load certificate \"%s\": %s", + filename, ssh_err(r)); + goto out; + } + if (!sshkey_is_cert(cert)) { + error("Not a certificate: %s", filena...

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private

Hi, OpenSSH 7.2 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains many bugfixes and several new features. The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is available via Git at https://anongit.mindrot.org/openssh.git/ or via a mirror on Github at

...NFIRM: + confirm = 1; + break; + default: + error("%s: Unknown constraint type %d", __func__, type); + goto send; + } + } + if (lifetime && !death) + death = monotime() + lifetime; + + if ((r = engine_process_add(engine, file, pin, &k)) < 0) + goto send; + + if (sshkey_load_public(file, &kp, &comment) < 0) + comment = xstrdup(file); + else + sshkey_free(kp); + + r = SSH_AGENT_SUCCESS; + if (lookup_identity(k) == NULL) { + id = xcalloc(1, sizeof(Identity)); + id->key = k; + id->provider = xstrdup(engine); + id->comment = comment; + id->death =...

Hi, The main (and probably the only) use case of this PAM module is to let sudo authenticate users via their ssh-agent, therefore without having to type any password and without being tempted to use the NOPASSWD sudo option for such convenience. The principle is originally implemented by an existing module [0][1] and many pages that explain how to use it for such purpose can be found online.