[Bug 2474] Enabling ECDSA in PKCS#11 support for ssh-agent

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2474

--- Comment #18 from Dmitry S.  ---
Hi Mathias - my colleagues identified a problem with the ECDSA
signatures in the process_sign() function which happens when r and s in
the signature are smaller than the order size.  This does not happen
most the times but is especially noticeable when a large number of
signing operations are performed.

We have come up with this fix:
https://github.com/dmitris/openssh-portable/pull/3/files

Could you please check it out and let me know if you have any
questions, or otherwise incorporate it in the next version of your
patch?  Thanks.

Regards,

- Dmitry

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2472] Add support to load additional certificates

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2472

--- Comment #13 from Thomas Jarosch  ---
Hi Peter,

I can look into porting the patches to the newest openssh version.
Right now I'm in an update release crunch period at work, so not much
time for other things atm. Hopefully there is time for this either at
the end of December 2017 or at the end of January 2018.

Can you try to run the pkcs11 enabled ssh-agent via valgrind?
That way we could get a backtrace of the crash.

Actually the patches should improve the pkcs11 handling. Without the
added refcounting it could happen that openssh accesses an pkcs11
provider that's already unloaded. At least with the "old" openssh 6.9 /
7.4.

Cheers,
Thomas

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs