Displaying 19 results from an estimated 19 matches for "sshkey_load_public".
2020 Apr 15
2
[PATCH] regression of comment extraction in private key file without passphrase
...bar (DSA)
$ rm test_dsa.pub
$ ./ssh-keygen -l -f test_dsa
1024 SHA256:/E/JUVD3FO4vHYs+8RfXJW+ah4H4bHcBrCRKFcfZSJk foobar (DSA)
Last command after the commit:
$ ./ssh-keygen -l -f test_dsa
1024 SHA256:/E/JUVD3FO4vHYs+8RfXJW+ah4H4bHcBrCRKFcfZSJk no comment (DSA)
It is due to the fact that the 'sshkey_load_public' function is now
finishing by sshkey_load_public_from_private, which is not failing on a
(new format) private file. Previously, if did fail and so the
fingerprint_private function was calling sshkey_load_private without
passphrase as a fallback.
I suggest to move the fallback inside the sshke...
2016 Feb 17
2
Call for testing: OpenSSH 7.2
...t.c:74
> #2 0x0000000000429992 in test_die () at
> regress/unittests/test_helper/test_helper.c:290
> #3 0x0000000000406b0a in assert_int (file=file at entry=0x42a188
> "regress/unittests/hostkeys/test_iterate.c", line=line at entry=163,
> a1=a1 at entry=0x42a1e0 "sshkey_load_public(
> test_data_file(expected[i].key_file), &expected[i].l.key, NULL)",
> a2=a2 at entry=0x42d2cf "0", aa1=-24, aa2=aa2 at entry=0,
This one is failing a test assetion - there should be some more useful
output available from the test itself.
-d
2016 Feb 17
2
Call for testing: OpenSSH 7.2
...failing a test assetion - there should be some more useful
> > output available from the test itself.
>
> I think it's this:
>
> test_hostkeys:
> regress/unittests/hostkeys/test_iterate.c:163 test #1 "hostkeys_iterate all
> with key parse"
> ASSERT_INT_EQ(sshkey_load_public( test_data_file(expected[i].key_file),
> &expected[i].l.key, NULL), 0) failed:
> sshkey_load_public( test_data_file(expected[i].key_file), &expected[i].l.key,
> NULL) = -24
I need to make these error messages more user-friendly :(
-24 is SSH_ERR_SYSTEM_ERROR, so it's likely f...
2020 Apr 17
2
[PATCH] regression of comment extraction in private key file without passphrase
...24 SHA256:/E/JUVD3FO4vHYs+8RfXJW+ah4H4bHcBrCRKFcfZSJk foobar (DSA)
>>
>> Last command after the commit:
>>
>> $ ./ssh-keygen -l -f test_dsa
>> 1024 SHA256:/E/JUVD3FO4vHYs+8RfXJW+ah4H4bHcBrCRKFcfZSJk no comment (DSA)
>>
>> It is due to the fact that the 'sshkey_load_public' function is now
>> finishing by sshkey_load_public_from_private, which is not failing on a
>> (new format) private file. Previously, if did fail and so the
>> fingerprint_private function was calling sshkey_load_private without
>> passphrase as a fallback.
>>
>...
2020 Feb 17
3
sshd crashes
Hi,
sshd crashes at below location.
After compilation, when I start sshd it crashes in ?sshbuf-misc.c? file
inside ?sshbuf_b64tod? function at line size_t plen = strlen(b64);
The call trace is as below,
Sshd main function -> sshkey_load_public -> sshkey_try_load_public ->
sshkey_read -> sshbuf_b64tod
During compilation a warning is thrown. Is this the trigger point for the
crash?
"sshkey.c", : warning #2223-D: function "strndup" declared implicitly
if ((blobcopy = strndup(cp, space)) == NULL)
Please...
2019 Aug 06
2
[PATCH v2] Remove sshkey_load_private()
...commentp)
{
diff --git a/authfile.h b/authfile.h
index a6b9759c5ea..0279a89e2b4 100644
--- a/authfile.h
+++ b/authfile.h
@@ -38,7 +38,6 @@ int sshkey_save_private(struct sshkey *, const char *,
int sshkey_load_file(int, struct sshbuf *);
int sshkey_load_cert(const char *, struct sshkey **);
int sshkey_load_public(const char *, struct sshkey **, char **);
-int sshkey_load_private(const char *, const char *, struct sshkey **, char **);
int sshkey_load_private_cert(int, const char *, const char *,
struct sshkey **);
int sshkey_load_private_type(int, const char *, const char *,
diff --git a/ssh-keygen.c...
2015 Jun 23
2
Call for testing: OpenSSH 6.9
...ntinue;
#endif
+#ifndef WITH_OPENSSL
+ if (expected[i].l.keytype == KEY_RSA ||
+ expected[i].l.keytype == KEY_DSA)
+ continue;
#ifndef OPENSSL_HAS_ECC
if (expected[i].l.keytype == KEY_ECDSA)
continue;
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
ASSERT_INT_EQ(sshkey_load_public(
test_data_file(expected[i].key_file), &expected[i].l.key,
NULL), 0);
diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c
index c61e2bd..cf35f09 100644
--- a/regress/unittests/kex/test_kex.c
+++ b/regress/unittests/kex/test_kex.c
@@ -141,13 +141,16 @@...
2016 Feb 17
3
Call for testing: OpenSSH 7.2
On Tue, 16 Feb 2016, Hisashi T Fujinaka wrote:
> On Wed, 17 Feb 2016, Damien Miller wrote:
>
> > > Core was generated by `test_sshkey'.
> > > Program terminated with signal SIGSEGV, Segmentation fault.
> > > #0 0x000000000041273e in cert_parse (key=0x7f7ff7b120c0,
> > > certbuf=0x7f7ff7b16200, b=0x7f7ff7b161b0) at sshkey.c:1896
> > > 1896
2016 Dec 28
2
certificates keys on pkcs11 devices
Hi,
I have not found any way to use a Certificate with ssh-agent when my Key is
stored on a pkcs11 device. I can add my key with
ssh-add -s /usr/local/lib/opensc-pkcs11.so
but
ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub
does not add the certificate to my agent. As far as I undestand, in
ssh-add.c line 580
if (pkcs11provider != NULL) {
if (update_card(agent_fd,
2019 Sep 10
3
[Bug 3068] New: Duplicate code in sshkey_load_private() function
https://bugzilla.mindrot.org/show_bug.cgi?id=3068
Bug ID: 3068
Summary: Duplicate code in sshkey_load_private() function
Product: Portable OpenSSH
Version: 8.0p1
Hardware: Other
OS: Windows 10
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keygen
Assignee:
2015 May 29
16
Call for testing: OpenSSH 6.9
Hi,
OpenSSH 6.9 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains
some substantial new features and a number of bugfixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is
2020 Apr 25
2
[PATCH 1/3] Add private key protection information extraction to ssh-keygen
...struct sshkey_vault;
?
?/* XXX document these */
?/* XXX some of these could probably be merged/retired */
@@ -37,13 +38,13 @@ int sshkey_save_private(struct sshkey *, const char *,
???? const char *, const char *, int, const char *, int);
?int sshkey_load_cert(const char *, struct sshkey **);
?int sshkey_load_public(const char *, struct sshkey **, char **);
-int sshkey_load_private(const char *, const char *, struct sshkey **,
char **);
+int sshkey_load_private(const char *, const char *, struct sshkey **,
char **, struct sshkey_vault **);
?int sshkey_load_private_cert(int, const char *, const char *,
???? str...
2020 Jun 09
3
[PATCH v2 0/2] Add openssl engine keys with provider upgrade path
I've architected this in a way that looks future proof at least to the
openssl provider transition. What will happen in openssl 3.0.0 is
that providers become active and will accept keys via URI. The
current file mechanisms will still be available but internally it will
become a file URI. To support the provider interface, openssl will
have to accept keys by URI instead of file and may
2016 Apr 03
22
[Bug 2561] New: ssh-keygen -A does not recreate broken zero-sized host keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2561
Bug ID: 2561
Summary: ssh-keygen -A does not recreate broken zero-sized host
keys
Product: Portable OpenSSH
Version: 7.2p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: ssh-keygen
2015 Jul 26
2
[PATCH] ssh-agent: Add support to load additional certificates
...penssh.cert_shadow/ssh-add.c 2015-07-26 15:58:06.513151180 +0200
@@ -180,6 +180,49 @@ delete_all(int agent_fd)
}
static int
+add_certificate_only(int agent_fd, const char *filename)
+{
+ struct sshkey *cert = NULL;
+ char *comment = NULL;
+ int r, ret = -1;
+
+ /* Load certificate */
+ if ((r = sshkey_load_public(filename, &cert, &comment)) != 0) {
+ if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT)
+ error("Failed to load certificate \"%s\": %s",
+ filename, ssh_err(r));
+ goto out;
+ }
+ if (!sshkey_is_cert(cert)) {
+ error("Not a certificate: %s", filename...
2017 Oct 26
3
[RFC 0/2] add engine based keys
Engine keys are private key files which are only understood by openssl
external engines. ?The problem is they can't be loaded with the usual
openssl methods, they have to be loaded via ENGINE_load_private_key().
?Because they're files, they fit well into openssh pub/private file
structure, so they're not very appropriately handled by the pkcs11
interface because it assumes the private
2016 Feb 12
22
Call for testing: OpenSSH 7.2
Hi,
OpenSSH 7.2 is almost ready for release, so we would appreciate
testing on as many platforms and systems as possible. This release
contains many bugfixes and several new features.
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is available via Git at
https://anongit.mindrot.org/openssh.git/ or via a mirror on Github at
2020 Jan 30
6
[PATCH 1/2] Add support for openssl engine based keys
...NFIRM:
+ confirm = 1;
+ break;
+ default:
+ error("%s: Unknown constraint type %d", __func__, type);
+ goto send;
+ }
+ }
+ if (lifetime && !death)
+ death = monotime() + lifetime;
+
+ if ((r = engine_process_add(engine, file, pin, &k)) < 0)
+ goto send;
+
+ if (sshkey_load_public(file, &kp, &comment) < 0)
+ comment = xstrdup(file);
+ else
+ sshkey_free(kp);
+
+ r = SSH_AGENT_SUCCESS;
+ if (lookup_identity(k) == NULL) {
+ id = xcalloc(1, sizeof(Identity));
+ id->key = k;
+ id->provider = xstrdup(engine);
+ id->comment = comment;
+ id->death = de...
2020 Jul 21
11
[RFC PATCH 0/4] PAM module for ssh-agent user authentication
Hi,
The main (and probably the only) use case of this PAM module is to let
sudo authenticate users via their ssh-agent, therefore without having
to type any password and without being tempted to use the NOPASSWD sudo
option for such convenience.
The principle is originally implemented by an existing module [0][1]
and many pages that explain how to use it for such purpose can be
found online.