Attachment #3433 for bug #3195

View | Details | Raw Unified | Return to bug 3195
Collapse All | Expand All

Lines 2868-2873 if test "x$openssl" = "xyes" ; then Link Here

(-)a/configure.ac (+23 lines)
2868	EVP_MD_CTX_new \	2868	EVP_MD_CTX_new \
2869	EVP_MD_CTX_free \	2869	EVP_MD_CTX_free \
2870	EVP_chacha20 \	2870	EVP_chacha20 \
		2871	EVP_PKEY_get_raw_public_key \
		2872	EVP_PKEY_get_raw_private_key \
2871	])	2873	])
2872		2874
2873	if test "x$openssl_engine" = "xyes" ; then	2875	if test "x$openssl_engine" = "xyes" ; then
Lines 2904-2909 if test "x$openssl" = "xyes" ; then Link Here
2904	]	2906	]
2905	)	2907	)
2906		2908
		2909	# Check for OpenSSL with ED25519
		2910	AC_MSG_CHECKING([whether OpenSSL has ED25519 support])
		2911	AC_LINK_IFELSE(
		2912	[AC_LANG_PROGRAM([[
		2913	#include <string.h>
		2914	#include <openssl/evp.h>
		2915	]], [[
		2916	unsigned char buf[64];
		2917	exit(EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519,
		2918	buf, sizeof(buf)) == NULL);
		2919	]])],
		2920	[
		2921	AC_MSG_RESULT([no])
		2922	],
		2923	[
		2924	AC_MSG_RESULT([yes])
		2925	AC_DEFINE([OPENSSL_HAS_ED25519], [1],
		2926	[libcrypto has ed25519 support])
		2927	]
		2928	)
		2929
2907	# Check for OpenSSL with EVP_aes_*ctr	2930	# Check for OpenSSL with EVP_aes_*ctr
2908	AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])	2931	AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
2909	AC_LINK_IFELSE(	2932	AC_LINK_IFELSE(




	struct sshkey *prv = NULL;
	BIO *bio = NULL;
	int r;
	size_t len;

	if (keyp != NULL)
		*keyp = NULL;

			sshkey_dump_ec_key(prv->ecdsa);
# endif
#endif /* OPENSSL_HAS_ECC */
#ifdef OPENSSL_HAS_ED25519
	} else if (EVP_PKEY_base_id(pk) == EVP_PKEY_ED25519 &&
	    (type == KEY_UNSPEC || type == KEY_ED25519)) {
		if ((prv = sshkey_new(KEY_UNSPEC)) == NULL ||
		    (prv->ed25519_sk = calloc(1, ED25519_SK_SZ)) == NULL ||
		    (prv->ed25519_pk = calloc(1, ED25519_PK_SZ)) == NULL) {
			r = SSH_ERR_ALLOC_FAIL;
			goto out;
		}
		prv->type = KEY_ED25519;
		len = ED25519_PK_SZ;
		if (!EVP_PKEY_get_raw_public_key(pk, prv->ed25519_pk, &len)) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		if (len != ED25519_PK_SZ) {
			r = SSH_ERR_INVALID_FORMAT;
			goto out;
		}
		len = ED25519_SK_SZ - ED25519_PK_SZ;
		if (!EVP_PKEY_get_raw_private_key(pk, prv->ed25519_sk, &len)) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		if (len != ED25519_SK_SZ - ED25519_PK_SZ) {
			r = SSH_ERR_INVALID_FORMAT;
			goto out;
		}
		/* Append the public key to our private */
		memcpy(prv->ed25519_sk + (ED25519_SK_SZ - ED25519_PK_SZ),
		    prv->ed25519_pk, ED25519_PK_SZ);
#endif /* OPENSSL_HAS_ED25519 */
	} else {
		r = SSH_ERR_INVALID_FORMAT;
		goto out;

		*commentp = NULL;

	switch (type) {
	case KEY_ED25519:
	case KEY_XMSS:
		/* No fallback for new-format-only keys */
		return sshkey_parse_private2(blob, type, passphrase,

Return to bug 3195

Lines 4531-4536 sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, Link Here

(-)a/sshkey.c (-1 / +33 lines)
4531	struct sshkey *prv = NULL;	4531	struct sshkey *prv = NULL;
4532	BIO *bio = NULL;	4532	BIO *bio = NULL;
4533	int r;	4533	int r;
		4534	size_t len;
4534		4535
4535	if (keyp != NULL)	4536	if (keyp != NULL)
4536	*keyp = NULL;	4537	*keyp = NULL;
Lines 4609-4614 sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, Link Here
4609	sshkey_dump_ec_key(prv->ecdsa);	4610	sshkey_dump_ec_key(prv->ecdsa);
4610	# endif	4611	# endif
4611	#endif /* OPENSSL_HAS_ECC */	4612	#endif /* OPENSSL_HAS_ECC */
		4613	#ifdef OPENSSL_HAS_ED25519
		4614	} else if (EVP_PKEY_base_id(pk) == EVP_PKEY_ED25519 &&
		4615	(type == KEY_UNSPEC \|\| type == KEY_ED25519)) {
		4616	if ((prv = sshkey_new(KEY_UNSPEC)) == NULL \|\|
		4617	(prv->ed25519_sk = calloc(1, ED25519_SK_SZ)) == NULL \|\|
		4618	(prv->ed25519_pk = calloc(1, ED25519_PK_SZ)) == NULL) {
		4619	r = SSH_ERR_ALLOC_FAIL;
		4620	goto out;
		4621	}
		4622	prv->type = KEY_ED25519;
		4623	len = ED25519_PK_SZ;
		4624	if (!EVP_PKEY_get_raw_public_key(pk, prv->ed25519_pk, &len)) {
		4625	r = SSH_ERR_LIBCRYPTO_ERROR;
		4626	goto out;
		4627	}
		4628	if (len != ED25519_PK_SZ) {
		4629	r = SSH_ERR_INVALID_FORMAT;
		4630	goto out;
		4631	}
		4632	len = ED25519_SK_SZ - ED25519_PK_SZ;
		4633	if (!EVP_PKEY_get_raw_private_key(pk, prv->ed25519_sk, &len)) {
		4634	r = SSH_ERR_LIBCRYPTO_ERROR;
		4635	goto out;
		4636	}
		4637	if (len != ED25519_SK_SZ - ED25519_PK_SZ) {
		4638	r = SSH_ERR_INVALID_FORMAT;
		4639	goto out;
		4640	}
		4641	/* Append the public key to our private */
		4642	memcpy(prv->ed25519_sk + (ED25519_SK_SZ - ED25519_PK_SZ),
		4643	prv->ed25519_pk, ED25519_PK_SZ);
		4644	#endif /* OPENSSL_HAS_ED25519 */
4612	} else {	4645	} else {
4613	r = SSH_ERR_INVALID_FORMAT;	4646	r = SSH_ERR_INVALID_FORMAT;
4614	goto out;	4647	goto out;
Lines 4638-4644 sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, Link Here
4638	*commentp = NULL;	4671	*commentp = NULL;
4639		4672
4640	switch (type) {	4673	switch (type) {
4641	case KEY_ED25519:
4642	case KEY_XMSS:	4674	case KEY_XMSS:
4643	/* No fallback for new-format-only keys */	4675	/* No fallback for new-format-only keys */
4644	return sshkey_parse_private2(blob, type, passphrase,	4676	return sshkey_parse_private2(blob, type, passphrase,