[Bug 2474] Enabling ECDSA in PKCS#11 support for ssh-agent
https://bugzilla.mindrot.org/show_bug.cgi?id=2474 --- Comment #18 from Dmitry S.--- Hi Mathias - my colleagues identified a problem with the ECDSA signatures in the process_sign() function which happens when r and s in the signature are smaller than the order size. This does not happen most the times but is especially noticeable when a large number of signing operations are performed. We have come up with this fix: https://github.com/dmitris/openssh-portable/pull/3/files Could you please check it out and let me know if you have any questions, or otherwise incorporate it in the next version of your patch? Thanks. Regards, - Dmitry -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2472] Add support to load additional certificates
https://bugzilla.mindrot.org/show_bug.cgi?id=2472 --- Comment #13 from Thomas Jarosch--- Hi Peter, I can look into porting the patches to the newest openssh version. Right now I'm in an update release crunch period at work, so not much time for other things atm. Hopefully there is time for this either at the end of December 2017 or at the end of January 2018. Can you try to run the pkcs11 enabled ssh-agent via valgrind? That way we could get a backtrace of the crash. Actually the patches should improve the pkcs11 handling. Without the added refcounting it could happen that openssh accesses an pkcs11 provider that's already unloaded. At least with the "old" openssh 6.9 / 7.4. Cheers, Thomas -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs