openssh/openssh-8.0p1-openssl-pem.patch

68 lines
1.9 KiB
Diff

commit 2fe812887139ce32eeca52f9a0c141bdc7c4c8af
Author: Jakub Jelen <jjelen@redhat.com>
Date: Wed May 22 17:25:22 2019 +0200
New PEM export format withou MD5
diff --git a/sshkey.c b/sshkey.c
index b95ed0b1..1a271512 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -3805,26 +3805,28 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob,
const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL;
char *bptr;
BIO *bio = NULL;
+ EVP_PKEY *pkey = NULL;
if (len > 0 && len <= 4)
return SSH_ERR_PASSPHRASE_TOO_SHORT;
if ((bio = BIO_new(BIO_s_mem())) == NULL)
return SSH_ERR_ALLOC_FAIL;
+ if ((pkey = EVP_PKEY_new()) == NULL) {
+ BIO_free(bio);
+ return SSH_ERR_ALLOC_FAIL;
+ }
switch (key->type) {
case KEY_DSA:
- success = PEM_write_bio_DSAPrivateKey(bio, key->dsa,
- cipher, passphrase, len, NULL, NULL);
+ success = EVP_PKEY_set1_DSA(pkey, key->dsa);
break;
#ifdef OPENSSL_HAS_ECC
case KEY_ECDSA:
- success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa,
- cipher, passphrase, len, NULL, NULL);
+ success = EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa);
break;
#endif
case KEY_RSA:
- success = PEM_write_bio_RSAPrivateKey(bio, key->rsa,
- cipher, passphrase, len, NULL, NULL);
+ success = EVP_PKEY_set1_RSA(pkey, key->rsa);
break;
default:
success = 0;
@@ -3834,6 +3836,12 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob,
r = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
+ success = PEM_write_bio_PrivateKey(bio, pkey,
+ cipher, passphrase, len, NULL, NULL);
+ if (success == 0) {
+ r = SSH_ERR_LIBCRYPTO_ERROR;
+ goto out;
+ }
if ((blen = BIO_get_mem_data(bio, &bptr)) <= 0) {
r = SSH_ERR_INTERNAL_ERROR;
goto out;
@@ -3842,6 +3850,7 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob,
goto out;
r = 0;
out:
+ EVP_PKEY_free(pkey);
BIO_free(bio);
return r;
}