commit 2fe812887139ce32eeca52f9a0c141bdc7c4c8af
Author: Jakub Jelen <jjelen@redhat.com>
Date:   Wed May 22 17:25:22 2019 +0200

    New PEM export format withou MD5

diff --git a/sshkey.c b/sshkey.c
index b95ed0b1..1a271512 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -3805,26 +3805,28 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob,
 	const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL;
 	char *bptr;
 	BIO *bio = NULL;
+	EVP_PKEY *pkey = NULL;
 
 	if (len > 0 && len <= 4)
 		return SSH_ERR_PASSPHRASE_TOO_SHORT;
 	if ((bio = BIO_new(BIO_s_mem())) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
+	if ((pkey = EVP_PKEY_new()) == NULL) {
+		BIO_free(bio);
+		return SSH_ERR_ALLOC_FAIL;
+	}
 
 	switch (key->type) {
 	case KEY_DSA:
-		success = PEM_write_bio_DSAPrivateKey(bio, key->dsa,
-		    cipher, passphrase, len, NULL, NULL);
+		success = EVP_PKEY_set1_DSA(pkey, key->dsa);
 		break;
 #ifdef OPENSSL_HAS_ECC
 	case KEY_ECDSA:
-		success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa,
-		    cipher, passphrase, len, NULL, NULL);
+		success = EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa);
 		break;
 #endif
 	case KEY_RSA:
-		success = PEM_write_bio_RSAPrivateKey(bio, key->rsa,
-		    cipher, passphrase, len, NULL, NULL);
+		success = EVP_PKEY_set1_RSA(pkey, key->rsa);
 		break;
 	default:
 		success = 0;
@@ -3834,6 +3836,12 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob,
 		r = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 	}
+	success = PEM_write_bio_PrivateKey(bio, pkey,
+	    cipher, passphrase, len, NULL, NULL);
+	if (success == 0) {
+		r = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+	}
 	if ((blen = BIO_get_mem_data(bio, &bptr)) <= 0) {
 		r = SSH_ERR_INTERNAL_ERROR;
 		goto out;
@@ -3842,6 +3850,7 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob,
 		goto out;
 	r = 0;
  out:
+	EVP_PKEY_free(pkey);
 	BIO_free(bio);
 	return r;
 }