[ssh_x509] Segfault with ECDSA

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Fri Nov 23 23:14:08 EET 2012


The patch did not fix the problem, but I am not sure the fault is with your
code.  I think I need to run a separate test with x509 certificates (and not
the engine, in case my engine is broken).  Something ugly is happening - when
I run with valgrind the behaviour changes.

I will try to do this Monday.

Andrew

On Fri, Nov 23, 2012 at 05:53:40PM -0300, SSH X509 wrote:
> 
> OK< that worked.  thanks.
> 
> On Fri, Nov 23, 2012 at 10:33:45PM +0200, SSH X509 wrote:
> > Test.
> > 
> > ssh_x509 at roumenpetrov.info wrote:
> > >
> > >No patch was attached to that email (and I cannot find anything on download
> > >page)!
> > >
> > >Andrew
> > 
> > Resent after correction in list filters.
> > 
> > Let me check result.
> > 
> > Roumen
> 
> > From e3d873ecc7274e6cb68ac5e8ce28a207ba29bf50 Mon Sep 17 00:00:00 2001
> > From: Roumen Petrov <openssh at roumenpetrov.info>
> > Date: Sun, 14 Oct 2012 00:36:22 +0300
> > Subject: [PATCH 11/16] engine - do not load certificate if key is not
> >  supported
> > 
> > ---
> >  key-eng.c |   10 ++++++----
> >  key-eng.h |    3 ++-
> >  2 files changed, 8 insertions(+), 5 deletions(-)
> > 
> > diff --git a/key-eng.c b/key-eng.c
> > index a3d2403..2e3e0bf 100644
> > --- a/key-eng.c
> > +++ b/key-eng.c
> > @@ -1,5 +1,5 @@
> >  /*
> > - * Copyright (c) 2011 Roumen Petrov.  All rights reserved.
> > + * Copyright (c) 2011,2012 Roumen Petrov.  All rights reserved.
> >   *
> >   * Redistribution and use in source and binary forms, with or without
> >   * modification, are permitted provided that the following conditions
> > @@ -28,11 +28,11 @@
> >  #include <string.h>
> >  #include <openssl/ui.h>
> >  
> > -#include "key.h"
> >  #include "key-eng.h"
> > +#include "ssh-x509.h"
> > +#include "misc.h"
> >  #include "log.h"
> >  #include "xmalloc.h"
> > -#include "misc.h"
> >  
> >  #define USE_SSH_UI_PROMPT
> >  
> > @@ -205,6 +205,9 @@ eng_try_load_cert(ENGINE *e, const char *keyid, EVP_PKEY *pk, Key *k) {
> >  	if (e == NULL)
> >  		return;
> >  
> > +	if ((k->type != KEY_RSA) && (k->type != KEY_DSA))
> > +		return;
> > +
> >  	/* try to load certificate wth with LOAD_CERT_EVP command */
> >  	{
> >  		struct {
> > @@ -240,7 +243,6 @@ eng_try_load_cert(ENGINE *e, const char *keyid, EVP_PKEY *pk, Key *k) {
> >  	switch(k->type) {
> >  	case KEY_RSA: k->type = KEY_X509_RSA; k->x509 = x509; break;
> >  	case KEY_DSA: k->type = KEY_X509_DSA; k->x509 = x509; break;
> > -	default: X509_free(x509); break;
> >  	}
> >  }
> >  
> > diff --git a/key-eng.h b/key-eng.h
> > index 5a50b0f..3f76613 100644
> > --- a/key-eng.h
> > +++ b/key-eng.h
> > @@ -1,7 +1,7 @@
> >  #ifndef KEY_ENG_H
> >  #define KEY_ENG_H
> >  /*
> > - * Copyright (c) 2011 Roumen Petrov.  All rights reserved.
> > + * Copyright (c) 2011,2012 Roumen Petrov.  All rights reserved.
> >   *
> >   * Redistribution and use in source and binary forms, with or without
> >   * modification, are permitted provided that the following conditions
> > @@ -25,6 +25,7 @@
> >   */
> >  
> >  #include "includes.h"
> > +#include "key.h"
> >  
> >  extern void ssh_engines_startup(void);
> >  extern void ssh_engines_shutdown(void);
> > -- 
> > 1.7.4.4
> > 
> 
> > _______________________________________________
> > ssh_x509 mailing list
> > ssh_x509 at roumenpetrov.info
> > http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info
> 
> 
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info
> 




More information about the ssh_x509 mailing list