search for: sshkey_load_public

Displaying 19 results from an estimated 19 matches for "sshkey_load_public".

2020 Apr 15
2
[PATCH] regression of comment extraction in private key file without passphrase
...bar (DSA) $ rm test_dsa.pub $ ./ssh-keygen -l -f test_dsa 1024 SHA256:/E/JUVD3FO4vHYs+8RfXJW+ah4H4bHcBrCRKFcfZSJk foobar (DSA) Last command after the commit: $ ./ssh-keygen -l -f test_dsa 1024 SHA256:/E/JUVD3FO4vHYs+8RfXJW+ah4H4bHcBrCRKFcfZSJk no comment (DSA) It is due to the fact that the 'sshkey_load_public' function is now finishing by sshkey_load_public_from_private, which is not failing on a (new format) private file. Previously, if did fail and so the fingerprint_private function was calling sshkey_load_private without passphrase as a fallback. I suggest to move the fallback inside the sshke...
2016 Feb 17
2
Call for testing: OpenSSH 7.2
...t.c:74 > #2 0x0000000000429992 in test_die () at > regress/unittests/test_helper/test_helper.c:290 > #3 0x0000000000406b0a in assert_int (file=file at entry=0x42a188 > "regress/unittests/hostkeys/test_iterate.c", line=line at entry=163, > a1=a1 at entry=0x42a1e0 "sshkey_load_public( > test_data_file(expected[i].key_file), &expected[i].l.key, NULL)", > a2=a2 at entry=0x42d2cf "0", aa1=-24, aa2=aa2 at entry=0, This one is failing a test assetion - there should be some more useful output available from the test itself. -d
2016 Feb 17
2
Call for testing: OpenSSH 7.2
...failing a test assetion - there should be some more useful > > output available from the test itself. > > I think it's this: > > test_hostkeys: > regress/unittests/hostkeys/test_iterate.c:163 test #1 "hostkeys_iterate all > with key parse" > ASSERT_INT_EQ(sshkey_load_public( test_data_file(expected[i].key_file), > &expected[i].l.key, NULL), 0) failed: > sshkey_load_public( test_data_file(expected[i].key_file), &expected[i].l.key, > NULL) = -24 I need to make these error messages more user-friendly :( -24 is SSH_ERR_SYSTEM_ERROR, so it's likely f...
2020 Apr 17
2
[PATCH] regression of comment extraction in private key file without passphrase
...24 SHA256:/E/JUVD3FO4vHYs+8RfXJW+ah4H4bHcBrCRKFcfZSJk foobar (DSA) >> >> Last command after the commit: >> >> $ ./ssh-keygen -l -f test_dsa >> 1024 SHA256:/E/JUVD3FO4vHYs+8RfXJW+ah4H4bHcBrCRKFcfZSJk no comment (DSA) >> >> It is due to the fact that the 'sshkey_load_public' function is now >> finishing by sshkey_load_public_from_private, which is not failing on a >> (new format) private file. Previously, if did fail and so the >> fingerprint_private function was calling sshkey_load_private without >> passphrase as a fallback. >> >...
2020 Feb 17
3
sshd crashes
Hi, sshd crashes at below location. After compilation, when I start sshd it crashes in ?sshbuf-misc.c? file inside ?sshbuf_b64tod? function at line size_t plen = strlen(b64); The call trace is as below, Sshd main function -> sshkey_load_public -> sshkey_try_load_public -> sshkey_read -> sshbuf_b64tod During compilation a warning is thrown. Is this the trigger point for the crash? "sshkey.c", : warning #2223-D: function "strndup" declared implicitly if ((blobcopy = strndup(cp, space)) == NULL) Please...
2019 Aug 06
2
[PATCH v2] Remove sshkey_load_private()
...commentp) { diff --git a/authfile.h b/authfile.h index a6b9759c5ea..0279a89e2b4 100644 --- a/authfile.h +++ b/authfile.h @@ -38,7 +38,6 @@ int sshkey_save_private(struct sshkey *, const char *, int sshkey_load_file(int, struct sshbuf *); int sshkey_load_cert(const char *, struct sshkey **); int sshkey_load_public(const char *, struct sshkey **, char **); -int sshkey_load_private(const char *, const char *, struct sshkey **, char **); int sshkey_load_private_cert(int, const char *, const char *, struct sshkey **); int sshkey_load_private_type(int, const char *, const char *, diff --git a/ssh-keygen.c...
2015 Jun 23
2
Call for testing: OpenSSH 6.9
...ntinue; #endif +#ifndef WITH_OPENSSL + if (expected[i].l.keytype == KEY_RSA || + expected[i].l.keytype == KEY_DSA) + continue; #ifndef OPENSSL_HAS_ECC if (expected[i].l.keytype == KEY_ECDSA) continue; -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ ASSERT_INT_EQ(sshkey_load_public( test_data_file(expected[i].key_file), &expected[i].l.key, NULL), 0); diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c index c61e2bd..cf35f09 100644 --- a/regress/unittests/kex/test_kex.c +++ b/regress/unittests/kex/test_kex.c @@ -141,13 +141,16 @@...
2016 Feb 17
3
Call for testing: OpenSSH 7.2
On Tue, 16 Feb 2016, Hisashi T Fujinaka wrote: > On Wed, 17 Feb 2016, Damien Miller wrote: > > > > Core was generated by `test_sshkey'. > > > Program terminated with signal SIGSEGV, Segmentation fault. > > > #0 0x000000000041273e in cert_parse (key=0x7f7ff7b120c0, > > > certbuf=0x7f7ff7b16200, b=0x7f7ff7b161b0) at sshkey.c:1896 > > > 1896
2016 Dec 28
2
certificates keys on pkcs11 devices
Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,
2019 Sep 10
3
[Bug 3068] New: Duplicate code in sshkey_load_private() function
https://bugzilla.mindrot.org/show_bug.cgi?id=3068 Bug ID: 3068 Summary: Duplicate code in sshkey_load_private() function Product: Portable OpenSSH Version: 8.0p1 Hardware: Other OS: Windows 10 Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee:
2015 May 29
16
Call for testing: OpenSSH 6.9
Hi, OpenSSH 6.9 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is
2020 Apr 25
2
[PATCH 1/3] Add private key protection information extraction to ssh-keygen
...struct sshkey_vault; ? ?/* XXX document these */ ?/* XXX some of these could probably be merged/retired */ @@ -37,13 +38,13 @@ int sshkey_save_private(struct sshkey *, const char *, ???? const char *, const char *, int, const char *, int); ?int sshkey_load_cert(const char *, struct sshkey **); ?int sshkey_load_public(const char *, struct sshkey **, char **); -int sshkey_load_private(const char *, const char *, struct sshkey **, char **); +int sshkey_load_private(const char *, const char *, struct sshkey **, char **, struct sshkey_vault **); ?int sshkey_load_private_cert(int, const char *, const char *, ???? str...
2020 Jun 09
3
[PATCH v2 0/2] Add openssl engine keys with provider upgrade path
I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may
2016 Apr 03
22
[Bug 2561] New: ssh-keygen -A does not recreate broken zero-sized host keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2561 Bug ID: 2561 Summary: ssh-keygen -A does not recreate broken zero-sized host keys Product: Portable OpenSSH Version: 7.2p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh-keygen
2015 Jul 26
2
[PATCH] ssh-agent: Add support to load additional certificates
...penssh.cert_shadow/ssh-add.c 2015-07-26 15:58:06.513151180 +0200 @@ -180,6 +180,49 @@ delete_all(int agent_fd) } static int +add_certificate_only(int agent_fd, const char *filename) +{ + struct sshkey *cert = NULL; + char *comment = NULL; + int r, ret = -1; + + /* Load certificate */ + if ((r = sshkey_load_public(filename, &cert, &comment)) != 0) { + if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT) + error("Failed to load certificate \"%s\": %s", + filename, ssh_err(r)); + goto out; + } + if (!sshkey_is_cert(cert)) { + error("Not a certificate: %s", filename...
2017 Oct 26
3
[RFC 0/2] add engine based keys
Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private
2016 Feb 12
22
Call for testing: OpenSSH 7.2
Hi, OpenSSH 7.2 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains many bugfixes and several new features. The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is available via Git at https://anongit.mindrot.org/openssh.git/ or via a mirror on Github at
2020 Jan 30
6
[PATCH 1/2] Add support for openssl engine based keys
...NFIRM: + confirm = 1; + break; + default: + error("%s: Unknown constraint type %d", __func__, type); + goto send; + } + } + if (lifetime && !death) + death = monotime() + lifetime; + + if ((r = engine_process_add(engine, file, pin, &k)) < 0) + goto send; + + if (sshkey_load_public(file, &kp, &comment) < 0) + comment = xstrdup(file); + else + sshkey_free(kp); + + r = SSH_AGENT_SUCCESS; + if (lookup_identity(k) == NULL) { + id = xcalloc(1, sizeof(Identity)); + id->key = k; + id->provider = xstrdup(engine); + id->comment = comment; + id->death = de...
2020 Jul 21
11
[RFC PATCH 0/4] PAM module for ssh-agent user authentication
Hi, The main (and probably the only) use case of this PAM module is to let sudo authenticate users via their ssh-agent, therefore without having to type any password and without being tempted to use the NOPASSWD sudo option for such convenience. The principle is originally implemented by an existing module [0][1] and many pages that explain how to use it for such purpose can be found online.