Attachment #3277 for bug #3005




	{ -1,			NULL,		0,	NULL },
};

const EVP_MD *
ssh_digest_to_md(int digest_type)
{
	switch (digest_type) {
	case SSH_DIGEST_SHA1:
		return EVP_sha1();
	case SSH_DIGEST_SHA256:
		return EVP_sha256();
	case SSH_DIGEST_SHA384:
		return EVP_sha384();
	case SSH_DIGEST_SHA512:
		return EVP_sha512();
	}
	return NULL;
}

static const struct ssh_digest *
ssh_digest_by_alg(int alg)
{

Lines 32-37 Link Here

(-)a/digest.h (+6 lines)
32	struct sshbuf;	32	struct sshbuf;
33	struct ssh_digest_ctx;	33	struct ssh_digest_ctx;
34		34
		35	#ifdef WITH_OPENSSL
		36	#include <openssl/evp.h>
		37	/* Converts internal digest representation to the OpenSSL one */
		38	const EVP_MD *ssh_digest_to_md(int digest_type);
		39	#endif
		40
35	/* Looks up a digest algorithm by name */	41	/* Looks up a digest algorithm by name */
36	int ssh_digest_alg_by_name(const char *name);	42	int ssh_digest_alg_by_name(const char *name);
37		43




rsa_n(struct sshkey *k)
{
	const BIGNUM *n = NULL;
	const RSA *rsa = NULL;

	ASSERT_PTR_NE(k, NULL);
	rsa = EVP_PKEY_get0_RSA(k->pkey);
	ASSERT_PTR_NE(rsa, NULL);
	RSA_get0_key(rsa, &n, NULL, NULL);
	return n;
}


rsa_e(struct sshkey *k)
{
	const BIGNUM *e = NULL;
	const RSA *rsa = NULL;

	ASSERT_PTR_NE(k, NULL);
	rsa = EVP_PKEY_get0_RSA(k->pkey);
	ASSERT_PTR_NE(rsa, NULL);
	RSA_get0_key(rsa, NULL, &e, NULL);
	return e;
}


rsa_p(struct sshkey *k)
{
	const BIGNUM *p = NULL;
	const RSA *rsa = NULL;

	ASSERT_PTR_NE(k, NULL);
	rsa = EVP_PKEY_get0_RSA(k->pkey);
	ASSERT_PTR_NE(rsa, NULL);
	RSA_get0_factors(rsa, &p, NULL);
	return p;
}


rsa_q(struct sshkey *k)
{
	const BIGNUM *q = NULL;
	const RSA *rsa = NULL;

	ASSERT_PTR_NE(k, NULL);
	rsa = EVP_PKEY_get0_RSA(k->pkey);
	ASSERT_PTR_NE(rsa, NULL);
	RSA_get0_factors(rsa, NULL, &q);
	return q;
}


dsa_g(struct sshkey *k)
{
	const BIGNUM *g = NULL;
	const DSA *dsa = NULL;

	ASSERT_PTR_NE(k, NULL);
	dsa = EVP_PKEY_get0_DSA(k->pkey);
	ASSERT_PTR_NE(dsa, NULL);
	DSA_get0_pqg(dsa, NULL, NULL, &g);
	return g;
}


dsa_pub_key(struct sshkey *k)
{
	const BIGNUM *pub_key = NULL;
	const DSA *dsa = NULL;

	ASSERT_PTR_NE(k, NULL);
	dsa = EVP_PKEY_get0_DSA(k->pkey);
	ASSERT_PTR_NE(dsa, NULL);
	DSA_get0_key(dsa, &pub_key, NULL);
	return pub_key;
}


dsa_priv_key(struct sshkey *k)
{
	const BIGNUM *priv_key = NULL;
	const DSA *dsa = NULL;

	ASSERT_PTR_NE(k, NULL);
	dsa = EVP_PKEY_get0_DSA(k->pkey);
	ASSERT_PTR_NE(dsa, NULL);
	DSA_get0_key(dsa, NULL, &priv_key);
	return priv_key;
}





	struct sshkey *k1, *k2;
	struct sshbuf *buf, *pw;
	BIGNUM *a, *b, *c;
	EC_KEY *ecdsa;
	char *cp;

	TEST_START("load passphrase");

	sshbuf_free(buf);
	a = load_bignum("ecdsa_1.param.priv");
	b = load_bignum("ecdsa_1.param.pub");
	ecdsa = EVP_PKEY_get0_EC_KEY(k1->pkey);
	c = EC_POINT_point2bn(EC_KEY_get0_group(ecdsa),
	    EC_KEY_get0_public_key(ecdsa), POINT_CONVERSION_UNCOMPRESSED,
	    NULL, NULL);
	ASSERT_PTR_NE(c, NULL);
	ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(ecdsa), a);
	ASSERT_BIGNUM_EQ(b, c);
	BN_free(a);
	BN_free(b);




#ifdef OPENSSL_HAS_ECC
	struct sshkey *ke;
#endif
	const RSA *rsa;
	const DSA *dsa;
	const EC_KEY *ecdsa;
	struct sshbuf *b;

	TEST_START("new invalid");

	TEST_START("new/free KEY_RSA");
	k1 = sshkey_new(KEY_RSA);
	ASSERT_PTR_NE(k1, NULL);
	rsa = EVP_PKEY_get0_RSA(k1->pkey);
	ASSERT_PTR_NE(rsa, NULL);
	sshkey_free(k1);
	TEST_DONE();

	TEST_START("new/free KEY_DSA");
	k1 = sshkey_new(KEY_DSA);
	ASSERT_PTR_NE(k1, NULL);
	dsa = EVP_PKEY_get0_DSA(k1->pkey);
	ASSERT_PTR_NE(dsa, NULL);
	sshkey_free(k1);
	TEST_DONE();


	TEST_START("new/free KEY_ECDSA");
	k1 = sshkey_new(KEY_ECDSA);
	ASSERT_PTR_NE(k1, NULL);
	ecdsa = EVP_PKEY_get0_EC_KEY(k1->pkey);
	ASSERT_PTR_EQ(ecdsa, NULL);  /* Can't allocate without NID */
	sshkey_free(k1);
	TEST_DONE();
#endif

	    SSH_ERR_KEY_LENGTH);
	ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0);
	ASSERT_PTR_NE(kr, NULL);
	rsa = EVP_PKEY_get0_RSA(kr->pkey);
	ASSERT_PTR_NE(rsa, NULL);
	ASSERT_PTR_NE(rsa_n(kr), NULL);
	ASSERT_PTR_NE(rsa_e(kr), NULL);
	ASSERT_PTR_NE(rsa_p(kr), NULL);

	TEST_START("generate KEY_DSA");
	ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0);
	ASSERT_PTR_NE(kd, NULL);
	dsa = EVP_PKEY_get0_DSA(kd->pkey);
	ASSERT_PTR_NE(dsa, NULL);
	ASSERT_PTR_NE(dsa_g(kd), NULL);
	ASSERT_PTR_NE(dsa_priv_key(kd), NULL);
	TEST_DONE();

	TEST_START("generate KEY_ECDSA");
	ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &ke), 0);
	ASSERT_PTR_NE(ke, NULL);
	ecdsa = EVP_PKEY_get0_EC_KEY(ke->pkey);
	ASSERT_PTR_NE(ecdsa, NULL);
	ASSERT_PTR_NE(EC_KEY_get0_public_key(ecdsa), NULL);
	ASSERT_PTR_NE(EC_KEY_get0_private_key(ecdsa), NULL);
	TEST_DONE();
#endif


	ASSERT_PTR_NE(k1, NULL);
	ASSERT_PTR_NE(kr, k1);
	ASSERT_INT_EQ(k1->type, KEY_RSA);
	rsa = EVP_PKEY_get0_RSA(k1->pkey);
	ASSERT_PTR_NE(rsa, NULL);
	ASSERT_PTR_NE(rsa_n(k1), NULL);
	ASSERT_PTR_NE(rsa_e(k1), NULL);
	ASSERT_PTR_EQ(rsa_p(k1), NULL);

	ASSERT_PTR_NE(k1, NULL);
	ASSERT_PTR_NE(kd, k1);
	ASSERT_INT_EQ(k1->type, KEY_DSA);
	dsa = EVP_PKEY_get0_DSA(k1->pkey);
	ASSERT_PTR_NE(dsa, NULL);
	ASSERT_PTR_NE(dsa_g(k1), NULL);
	ASSERT_PTR_EQ(dsa_priv_key(k1), NULL);
	TEST_DONE();

	ASSERT_PTR_NE(k1, NULL);
	ASSERT_PTR_NE(ke, k1);
	ASSERT_INT_EQ(k1->type, KEY_ECDSA);
	ecdsa = EVP_PKEY_get0_EC_KEY(k1->pkey);
	ASSERT_PTR_NE(ecdsa, NULL);
	ASSERT_INT_EQ(k1->ecdsa_nid, ke->ecdsa_nid);
	ASSERT_PTR_EQ(EC_KEY_get0_private_key(ecdsa), NULL);
	ecdsa = EVP_PKEY_get0_EC_KEY(ke->pkey);
	ASSERT_PTR_NE(EC_KEY_get0_public_key(ecdsa), NULL);
	TEST_DONE();

	TEST_START("equal KEY_ECDSA/demoted KEY_ECDSA");




{
	DSA_SIG *sig = NULL;
	const BIGNUM *sig_r, *sig_s;
	u_char sigblob[SIGBLOB_LEN];
	size_t rlen, slen;
	int len;
	struct sshbuf *b = NULL;
	u_char *sigb = NULL;
	const u_char *psig = NULL;
	int ret = SSH_ERR_INVALID_ARGUMENT;

	if (lenp != NULL)

	if (sigp != NULL)
		*sigp = NULL;

	if (key == NULL || EVP_PKEY_get0_DSA(key->pkey) == NULL ||
	    sshkey_type_plain(key->type) != KEY_DSA)
		return SSH_ERR_INVALID_ARGUMENT;
	if (dlen == 0)
		return SSH_ERR_INTERNAL_ERROR;

	ret = sshkey_calculate_signature(key->pkey, SSH_DIGEST_SHA1, &sigb, &len,
	    data, datalen);
	if (ret < 0) {
		goto out;
	}

	psig = sigb;
	if ((sig = d2i_DSA_SIG(NULL, &psig, len)) == NULL) {
		ret = SSH_ERR_LIBCRYPTO_ERROR;
		goto out;
	}
	free(sigb);
	sigb = NULL;

	DSA_SIG_get0(sig, &sig_r, &sig_s);
	rlen = BN_num_bytes(sig_r);

		*lenp = len;
	ret = 0;
 out:
	free(sigb);
	DSA_SIG_free(sig);
	sshbuf_free(b);
	return ret;

{
	DSA_SIG *sig = NULL;
	BIGNUM *sig_r = NULL, *sig_s = NULL;
	u_char *sigblob = NULL;
	size_t len, slen;
	int ret = SSH_ERR_INTERNAL_ERROR;
	struct sshbuf *b = NULL;
	char *ktype = NULL;
	u_char *sigb = NULL, *psig = NULL;

	if (key == NULL || EVP_PKEY_get0_DSA(key->pkey) == NULL ||
	    sshkey_type_plain(key->type) != KEY_DSA ||
	    signature == NULL || signaturelen == 0)
		return SSH_ERR_INVALID_ARGUMENT;
	if (dlen == 0)
		return SSH_ERR_INTERNAL_ERROR;

	/* fetch signature */
	if ((b = sshbuf_from(signature, signaturelen)) == NULL)

	}
	sig_r = sig_s = NULL; /* transferred */

	if ((slen = i2d_DSA_SIG(sig, NULL)) == 0) {
		ret = SSH_ERR_LIBCRYPTO_ERROR;
	    digest, sizeof(digest))) != 0)
		goto out;
	}
	if ((sigb = malloc(slen)) == NULL) {
		ret = SSH_ERR_ALLOC_FAIL;
		ret = 0;
		break;
	case 0:
		ret = SSH_ERR_SIGNATURE_INVALID;
		goto out;
	}
	psig = sigb;
	if ((slen = i2d_DSA_SIG(sig, &psig)) == 0) {
		ret = SSH_ERR_LIBCRYPTO_ERROR;
		goto out;
	}

	ret = sshkey_verify_signature(key->pkey, SSH_DIGEST_SHA1, data, datalen,
	    sigb, slen);

 out:
	explicit_bzero(digest, sizeof(digest));
	DSA_SIG_free(sig);
	BN_clear_free(sig_r);
	BN_clear_free(sig_s);

Lines 51-60 ssh_ecdsa_sign(const struct sshkey key, u_char sigp, size_t lenp, Link Here

(-)a/ssh-ecdsa.c (-30 / +34 lines)
51	const u_char *data, size_t datalen, u_int compat)	51	const u_char *data, size_t datalen, u_int compat)
52	{	52	{
53	ECDSA_SIG *sig = NULL;	53	ECDSA_SIG *sig = NULL;
		54	unsigned char *sigb = NULL;
		55	const unsigned char *psig;
54	const BIGNUM sig_r, sig_s;	56	const BIGNUM sig_r, sig_s;
55	int hash_alg;	57	int hash_alg;
56	u_char digest[SSH_DIGEST_MAX_LENGTH];	58	int len;
57	size_t len, dlen;
58	struct sshbuf b = NULL, bb = NULL;	59	struct sshbuf b = NULL, bb = NULL;
59	int ret = SSH_ERR_INTERNAL_ERROR;	60	int ret = SSH_ERR_INTERNAL_ERROR;
60		61
Lines 63-84 ssh_ecdsa_sign(const struct sshkey key, u_char sigp, size_t lenp, Link Here
63	if (sigp != NULL)	64	if (sigp != NULL)
64	*sigp = NULL;	65	*sigp = NULL;
65		66
66	if (key == NULL \|\| key->ecdsa == NULL \|\|	67	if (key == NULL \|\| EVP_PKEY_get0_EC_KEY(key->pkey) == NULL \|\|
67	sshkey_type_plain(key->type) != KEY_ECDSA)	68	sshkey_type_plain(key->type) != KEY_ECDSA)
68	return SSH_ERR_INVALID_ARGUMENT;	69	return SSH_ERR_INVALID_ARGUMENT;
69		70
70	if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 \|\|	71	if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1)
71	(dlen = ssh_digest_bytes(hash_alg)) == 0)
72	return SSH_ERR_INTERNAL_ERROR;	72	return SSH_ERR_INTERNAL_ERROR;
73	if ((ret = ssh_digest_memory(hash_alg, data, datalen,	73
74	digest, sizeof(digest))) != 0)	74	ret = sshkey_calculate_signature(key->pkey, hash_alg, &sigb, &len, data,
		75	datalen);
		76	if (ret < 0) {
75	goto out;	77	goto out;
		78	}
76		79
77	if ((sig = ECDSA_do_sign(digest, dlen, key->ecdsa)) == NULL) {	80	psig = sigb;
		81	if ((sig = d2i_ECDSA_SIG(NULL, &psig, len)) == NULL) {
78	ret = SSH_ERR_LIBCRYPTO_ERROR;	82	ret = SSH_ERR_LIBCRYPTO_ERROR;
79	goto out;	83	goto out;
80	}	84	}
81
82	if ((bb = sshbuf_new()) == NULL \|\| (b = sshbuf_new()) == NULL) {	85	if ((bb = sshbuf_new()) == NULL \|\| (b = sshbuf_new()) == NULL) {
83	ret = SSH_ERR_ALLOC_FAIL;	86	ret = SSH_ERR_ALLOC_FAIL;
84	goto out;	87	goto out;
Lines 102-110 ssh_ecdsa_sign(const struct sshkey key, u_char sigp, size_t lenp, Link Here
102	*lenp = len;	105	*lenp = len;
103	ret = 0;	106	ret = 0;
104	out:	107	out:
105	explicit_bzero(digest, sizeof(digest));
106	sshbuf_free(b);	108	sshbuf_free(b);
107	sshbuf_free(bb);	109	sshbuf_free(bb);
		110	free(sigb);
108	ECDSA_SIG_free(sig);	111	ECDSA_SIG_free(sig);
109	return ret;	112	return ret;
110	}	113	}
Lines 117-136 ssh_ecdsa_verify(const struct sshkey *key, Link Here
117	{	120	{
118	ECDSA_SIG *sig = NULL;	121	ECDSA_SIG *sig = NULL;
119	BIGNUM sig_r = NULL, sig_s = NULL;	122	BIGNUM sig_r = NULL, sig_s = NULL;
120	int hash_alg;	123	int hash_alg, len;
121	u_char digest[SSH_DIGEST_MAX_LENGTH];
122	size_t dlen;
123	int ret = SSH_ERR_INTERNAL_ERROR;	124	int ret = SSH_ERR_INTERNAL_ERROR;
124	struct sshbuf b = NULL, sigbuf = NULL;	125	struct sshbuf b = NULL, sigbuf = NULL;
125	char *ktype = NULL;	126	char *ktype = NULL;
		127	unsigned char sigb = NULL, psig = NULL;
126		128
127	if (key == NULL \|\| key->ecdsa == NULL \|\|	129	if (key == NULL \|\| EVP_PKEY_get0_EC_KEY(key->pkey) == NULL \|\|
128	sshkey_type_plain(key->type) != KEY_ECDSA \|\|	130	sshkey_type_plain(key->type) != KEY_ECDSA \|\|
129	signature == NULL \|\| signaturelen == 0)	131	signature == NULL \|\| signaturelen == 0)
130	return SSH_ERR_INVALID_ARGUMENT;	132	return SSH_ERR_INVALID_ARGUMENT;
131		133
132	if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 \|\|	134	if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1)
133	(dlen = ssh_digest_bytes(hash_alg)) == 0)
134	return SSH_ERR_INTERNAL_ERROR;	135	return SSH_ERR_INTERNAL_ERROR;
135		136
136	/* fetch signature */	137	/* fetch signature */
Lines 166-199 ssh_ecdsa_verify(const struct sshkey *key, Link Here
166	}	167	}
167	sig_r = sig_s = NULL; /* transferred */	168	sig_r = sig_s = NULL; /* transferred */
168		169
169	if (sshbuf_len(sigbuf) != 0) {	170	/* Figure out the length */
170	ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;	171	if ((len = i2d_ECDSA_SIG(sig, NULL)) == 0) {
		172	ret = SSH_ERR_LIBCRYPTO_ERROR;
171	goto out;	173	goto out;
172	}	174	}
173	if ((ret = ssh_digest_memory(hash_alg, data, datalen,	175	if ((sigb = malloc(len)) == NULL) {
174	digest, sizeof(digest))) != 0)	176	ret = SSH_ERR_ALLOC_FAIL;
175	goto out;
176
177	switch (ECDSA_do_verify(digest, dlen, sig, key->ecdsa)) {
178	case 1:
179	ret = 0;
180	break;
181	case 0:
182	ret = SSH_ERR_SIGNATURE_INVALID;
183	goto out;	177	goto out;
184	default:	178	}
		179	psig = sigb;
		180	if ((len = i2d_ECDSA_SIG(sig, &psig)) == 0) {
185	ret = SSH_ERR_LIBCRYPTO_ERROR;	181	ret = SSH_ERR_LIBCRYPTO_ERROR;
186	goto out;	182	goto out;
187	}	183	}
188		184
		185	if (sshbuf_len(sigbuf) != 0) {
		186	ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
		187	goto out;
		188	}
		189
		190	ret = sshkey_verify_signature(key->pkey, hash_alg, data, datalen,
		191	sigb, len);
		192
189	out:	193	out:
190	explicit_bzero(digest, sizeof(digest));
191	sshbuf_free(sigbuf);	194	sshbuf_free(sigbuf);
192	sshbuf_free(b);	195	sshbuf_free(b);
193	ECDSA_SIG_free(sig);	196	ECDSA_SIG_free(sig);
194	BN_clear_free(sig_r);	197	BN_clear_free(sig_r);
195	BN_clear_free(sig_s);	198	BN_clear_free(sig_s);
196	free(ktype);	199	free(ktype);
		200	free(sigb);
197	return ret;	201	return ret;
198	}	202	}
199		203




{
	switch (sshkey_type_plain(k->type)) {
	case KEY_RSA:
		if (!PEM_write_RSA_PUBKEY(stdout, EVP_PKEY_get0_RSA(k->pkey)))
			fatal("PEM_write_RSA_PUBKEY failed");
		break;
	case KEY_DSA:
		if (!PEM_write_DSA_PUBKEY(stdout, EVP_PKEY_get0_DSA(k->pkey)))
			fatal("PEM_write_DSA_PUBKEY failed");
		break;
#ifdef OPENSSL_HAS_ECC
	case KEY_ECDSA:
		if (!PEM_write_EC_PUBKEY(stdout, EVP_PKEY_get0_EC_KEY(k->pkey)))
			fatal("PEM_write_EC_PUBKEY failed");
		break;
#endif

{
	switch (sshkey_type_plain(k->type)) {
	case KEY_RSA:
		if (!PEM_write_RSAPublicKey(stdout, EVP_PKEY_get1_RSA(k->pkey)))
			fatal("PEM_write_RSAPublicKey failed");
		break;
	default:

	BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL;
	BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL;
	BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL;
	RSA *rsa;
	DSA *dsa;

	if ((b = sshbuf_from(blob, blen)) == NULL)
		fatal("%s: sshbuf_from failed", __func__);
	if ((r = sshbuf_get_u32(b, &magic)) != 0)

		buffer_get_bignum_bits(b, dsa_q);
		buffer_get_bignum_bits(b, dsa_pub_key);
		buffer_get_bignum_bits(b, dsa_priv_key);
		dsa = EVP_PKEY_get0_DSA(key->pkey);
		if (!DSA_set0_pqg(dsa, dsa_p, dsa_q, dsa_g))
			fatal("%s: DSA_set0_pqg failed", __func__);
		dsa_p = dsa_q = dsa_g = NULL; /* transferred */
		if (!DSA_set0_key(dsa, dsa_pub_key, dsa_priv_key))
			fatal("%s: DSA_set0_key failed", __func__);
		dsa_pub_key = dsa_priv_key = NULL; /* transferred */
		break;

		buffer_get_bignum_bits(b, rsa_iqmp);
		buffer_get_bignum_bits(b, rsa_q);
		buffer_get_bignum_bits(b, rsa_p);
		rsa = EVP_PKEY_get0_RSA(key->pkey);
		if (!RSA_set0_key(rsa, rsa_n, rsa_e, rsa_d))
			fatal("%s: RSA_set0_key failed", __func__);
		rsa_n = rsa_e = rsa_d = NULL; /* transferred */
		if (!RSA_set0_factors(rsa, rsa_p, rsa_q))
			fatal("%s: RSA_set0_factors failed", __func__);
		rsa_p = rsa_q = NULL; /* transferred */
		if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0)

		if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
			fatal("sshkey_new failed");
		(*k)->type = KEY_RSA;
		EVP_PKEY_free((*k)->pkey);
		(*k)->pkey = pubkey;
		pubkey = NULL;
		break;
	case EVP_PKEY_DSA:
		if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
			fatal("sshkey_new failed");
		(*k)->type = KEY_DSA;
		EVP_PKEY_free((*k)->pkey);
		(*k)->pkey = pubkey;
		pubkey = NULL;
		break;
#ifdef OPENSSL_HAS_ECC
	case EVP_PKEY_EC:
		if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
			fatal("sshkey_new failed");
		(*k)->type = KEY_ECDSA;
		EVP_PKEY_free((*k)->pkey);
		(*k)->pkey = pubkey;
		pubkey = NULL;
		(*k)->ecdsa_nid = sshkey_ecdsa_key_to_nid(*k);
		break;
#endif
	default:

		if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
			fatal("sshkey_new failed");
		(*k)->type = KEY_RSA;
		(*k)->pkey = EVP_PKEY_new();
		EVP_PKEY_set1_RSA((*k)->pkey, rsa);
		fclose(fp);
		return;
	}

	struct sshkey *k = NULL;
	int r, private = 0, ok = 0;
	struct stat st;
	RSA *rsa;
	DSA *dsa;
	EC_KEY *ecdsa;

	if (!have_identity)
		ask_filename(pw, "Enter file in which the key is");

	} else {
		switch (k->type) {
		case KEY_DSA:
			dsa = EVP_PKEY_get0_DSA(k->pkey);
			ok = PEM_write_DSAPrivateKey(stdout, dsa, NULL,
			    NULL, 0, NULL, NULL);
			break;
#ifdef OPENSSL_HAS_ECC
		case KEY_ECDSA:
			ecdsa = EVP_PKEY_get0_EC_KEY(k->pkey);
			ok = PEM_write_ECPrivateKey(stdout, ecdsa, NULL,
			    NULL, 0, NULL, NULL);
			break;
#endif
		case KEY_RSA:
			rsa = EVP_PKEY_get0_RSA(k->pkey);
			ok = PEM_write_RSAPrivateKey(stdout, rsa, NULL,
			    NULL, 0, NULL, NULL);
			break;
		default:




		error("%s: sshkey_new failed", __func__);
		goto fail;
	}
	key->pkey = EVP_PKEY_new();
	if (key->pkey == NULL) {
		error("%s: EVP_PKEY_new failed", __func__);
		goto fail;
	}

	key->type = KEY_RSA;
	EVP_PKEY_set1_RSA(key->pkey, rsa);
	key->rsa = rsa;
	if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) {
		error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));
		goto fail;

	const u_char *cp;
	u_char *blob = NULL, *signature = NULL;
	size_t blen, slen = 0;
	int r;

	nid = sshkey_ecdsa_key_to_nid(ec);
	if (nid < 0) {
		error("%s: couldn't get curve nid", __func__);
		goto fail;
	}

	key = sshkey_new(KEY_UNSPEC);
	if (key == NULL) {
		error("%s: sshkey_new failed", __func__);
		goto fail;
	}

	key->ecdsa_nid = nid;
	key->type = KEY_ECDSA;
	EVP_PKEY_set1_EC_KEY(key->pkey, ec);
	EC_KEY_up_ref(ec);

	key->ecdsa_nid = sshkey_ecdsa_key_to_nid(key);
	if (key->ecdsa_nid < 0) {
		error("%s: couldn't get curve nid", __func__);
		goto fail;
	}

	if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) {
		error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));
		goto fail;

static void
wrap_key(struct sshkey *k)
{
	if (k->type == KEY_RSA) {
		RSA *rsa = EVP_PKEY_get0_RSA(k->pkey);
		RSA_set_method(rsa, helper_rsa);
#ifdef HAVE_EC_KEY_METHOD_NEW
	} else if (k->type == KEY_ECDSA) {
		EC_KEY *ecdsa = EVP_PKEY_get0_EC_KEY(k->pkey);
		EC_KEY_set_method(ecdsa, helper_ecdsa);
#endif /* HAVE_EC_KEY_METHOD_NEW */
	} else
		fatal("%s: unknown key type", __func__);
}





#include "ssh-pkcs11.h"
#include "ssherr.h"

#ifdef WITH_OPENSSL
#include <openssl/rsa.h>
#endif

#ifdef ENABLE_PKCS11

/* borrows code from sftp-server and ssh-agent */


			pkcs11_refresh_key(found);
			if (key->type == KEY_RSA) {
				RSA *rsa = EVP_PKEY_get0_RSA(found->pkey);
				slen = RSA_size(rsa);
				signature = xmalloc(slen);
				ret = RSA_private_encrypt(dlen, data, signature,
				    rsa, RSA_PKCS1_PADDING);
				if (ret != -1) {
					slen = ret;
					ok = 0;
				}
			} else if (key->type == KEY_ECDSA) {
				EC_KEY *ecdsa = EVP_PKEY_get0_EC_KEY(found->pkey);
				xslen = ECDSA_size(ecdsa);
				signature = xmalloc(xslen);
				/* "The parameter type is ignored." */
				ret = ECDSA_sign(-1, data, dlen, signature,
				    &xslen, ecdsa);
				if (ret != 0)
					ok = 0;
				else





int pkcs11_refresh_key(struct sshkey *key)
{
	struct pkcs11_key	*k11 = NULL;
	RSA *rsa;
	EC_KEY *ecdsa;

	switch (key->type) {
	case KEY_RSA:
		if ((rsa = EVP_PKEY_get0_RSA(key->pkey)) == NULL ||
		    (k11 = RSA_get_ex_data(rsa, rsa_idx)) == NULL) {
			error("RSA_get_ex_data failed for rsa %p", rsa);
			return (-1);
		}
		break;
	case KEY_ECDSA:
		if ((ecdsa = EVP_PKEY_get0_EC_KEY(key->pkey)) == NULL ||
		    (k11 = EC_KEY_get_ex_data(ecdsa, ec_key_idx)) == NULL) {
			error("EC_KEY_get_ex_data failed for ecdsa %p", ecdsa);
			return (-1);
		}
		break;
	}
	if (!k11 || !k11->provider || !k11->provider->valid) {
		error("no pkcs11 (valid) provider for key");
		return (-1);
	}


	struct sshkey		*key = NULL;
	const unsigned char	*attrp = NULL;
	int			 i;
	int			 nid;

	memset(&key_attr, 0, sizeof(key_attr));
	key_attr[0].type = CKA_ID;

		goto fail;
	}

	nid = sshkey_ecdsa_key_to_nid(ec);
	if (nid < 0) {
		error("couldn't get curve nid");
		goto fail;
	}

	if (pkcs11_ecdsa_wrap(p, slotidx, &key_attr[0], ec))
		goto fail;


		error("sshkey_new failed");
		goto fail;
	}

	key->ecdsa = ec;
	key->ecdsa_nid = nid;
	key->type = KEY_ECDSA;
	key->flags |= SSHKEY_FLAG_EXT;
	EVP_PKEY_set1_EC_KEY(key->pkey, ec);
	ec = NULL;	/* now owned by key */

	key->ecdsa_nid = sshkey_ecdsa_key_to_nid(key);
	if (key->ecdsa_nid < 0) {
		error("couldn't get curve nid");
		goto fail;
	}


fail:
	for (i = 0; i < 3; i++)
		free(key_attr[i].pValue);

		goto fail;
	}

	key->pkey = EVP_PKEY_new();
	if (key == NULL) {
		error("EVP_PKEY_new failed");
		goto fail;
	}
	EVP_PKEY_set1_RSA(key->pkey, rsa);
	key->type = KEY_RSA;
	key->flags |= SSHKEY_FLAG_EXT;
	rsa = NULL;	/* now owned by key */

	EC_KEY			*ec = NULL;
	struct sshkey		*key = NULL;
	int			 i;
#ifdef HAVE_EC_KEY_METHOD_NEW
	int			 nid;
#endif
	const u_char		 *cp;

	memset(&cert_attr, 0, sizeof(cert_attr));

			error("sshkey_new failed");
			goto fail;
		}
		if (key == NULL) {
			error("EVP_PKEY_new failed");
			goto fail;
		}
		EVP_PKEY_set1_RSA(key->pkey, rsa);
		key->type = KEY_RSA;
		key->flags |= SSHKEY_FLAG_EXT;
		rsa = NULL;	/* now owned by key */

			goto fail;
		}

		nid = sshkey_ecdsa_key_to_nid(ec);
		if (nid < 0) {
			error("couldn't get curve nid");
			goto fail;
		}

		if (pkcs11_ecdsa_wrap(p, slotidx, &cert_attr[0], ec))
			goto fail;


			error("sshkey_new failed");
			goto fail;
		}

		key->ecdsa = ec;
		key->ecdsa_nid = nid;
		key->type = KEY_ECDSA;
		key->flags |= SSHKEY_FLAG_EXT;
		EVP_PKEY_set1_EC_KEY(key->pkey, ec);
		ec = NULL;	/* now owned by key */

		key->ecdsa_nid = sshkey_ecdsa_key_to_nid(key);
		if (key->ecdsa_nid < 0) {
			error("couldn't get curve nid");
			goto fail;
		}

#endif /* HAVE_EC_KEY_METHOD_NEW */
	} else
		error("unknown certificate key type");





#include "openbsd-compat/openssl-compat.h"

static int openssh_RSA_verify(int, const u_char *, size_t, u_char *, size_t, EVP_PKEY *);

static const char *
rsa_hash_alg_ident(int hash_alg)

	return -1;
}

static int
rsa_hash_alg_nid(int type)
{
	switch (type) {
	case SSH_DIGEST_SHA1:
		return NID_sha1;
	case SSH_DIGEST_SHA256:
		return NID_sha256;
	case SSH_DIGEST_SHA512:
		return NID_sha512;
	default:
		return -1;
	}
}

int
ssh_rsa_complete_crt_parameters(struct sshkey *key, const BIGNUM *iqmp)
{

	BIGNUM *aux = NULL, *d_consttime = NULL;
	BIGNUM *rsa_dmq1 = NULL, *rsa_dmp1 = NULL, *rsa_iqmp = NULL;
	BN_CTX *ctx = NULL;
	RSA *rsa;
	int r;

	rsa = EVP_PKEY_get0_RSA(key->pkey);
	if (key == NULL || rsa == NULL ||
	    sshkey_type_plain(key->type) != KEY_RSA)
		return SSH_ERR_INVALID_ARGUMENT;

	RSA_get0_key(rsa, NULL, NULL, &rsa_d);
	RSA_get0_factors(rsa, &rsa_p, &rsa_q);

	if ((ctx = BN_CTX_new()) == NULL)
		return SSH_ERR_ALLOC_FAIL;

		r = SSH_ERR_LIBCRYPTO_ERROR;
		goto out;
	}
	if (!RSA_set0_crt_params(rsa, rsa_dmp1, rsa_dmq1, rsa_iqmp)) {
		r = SSH_ERR_LIBCRYPTO_ERROR;
		goto out;
	}

ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
    const u_char *data, size_t datalen, const char *alg_ident)
{
	const RSA *rsa;
	u_char *sig = NULL;
	int len, slen = 0;
	int hash_alg, ret = SSH_ERR_INTERNAL_ERROR;
	int nid, hash_alg, ret = SSH_ERR_INTERNAL_ERROR;
	struct sshbuf *b = NULL;

	if (lenp != NULL)

		hash_alg = SSH_DIGEST_SHA1;
	else
		hash_alg = rsa_hash_id_from_keyname(alg_ident);

	rsa = EVP_PKEY_get0_RSA(key->pkey);
	if (key == NULL || rsa == NULL || hash_alg == -1 ||
	    sshkey_type_plain(key->type) != KEY_RSA)
		return SSH_ERR_INVALID_ARGUMENT;
	slen = RSA_size(rsa);
	if (RSA_bits(rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE)
		return SSH_ERR_KEY_LENGTH;
	slen = RSA_size(key->rsa);
	if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
		return SSH_ERR_INVALID_ARGUMENT;

	ret = sshkey_calculate_signature(key->pkey, hash_alg, &sig, &len, data,
	    datalen);
	if (ret < 0) {
		return SSH_ERR_INTERNAL_ERROR;
	if ((ret = ssh_digest_memory(hash_alg, data, datalen,
	    digest, sizeof(digest))) != 0)
		goto out;

	if ((sig = malloc(slen)) == NULL) {
		ret = SSH_ERR_ALLOC_FAIL;
		goto out;
	}

	if (RSA_sign(nid, digest, dlen, sig, &len, key->rsa) != 1) {
		ret = SSH_ERR_LIBCRYPTO_ERROR;
		goto out;
	}
	if (len < slen) {
		size_t diff = slen - len;
		memmove(sig + diff, sig, len);

		ret = SSH_ERR_INTERNAL_ERROR;
		goto out;
	}

	/* encode signature */
	if ((b = sshbuf_new()) == NULL) {
		ret = SSH_ERR_ALLOC_FAIL;

		*lenp = len;
	ret = 0;
 out:
	explicit_bzero(digest, sizeof(digest));
	freezero(sig, slen);
	sshbuf_free(b);
	return ret;

    const u_char *sig, size_t siglen, const u_char *data, size_t datalen,
    const char *alg)
{
	const RSA *rsa;
	char *sigtype = NULL;
	int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR;
	size_t len = 0, diff, modlen;
	struct sshbuf *b = NULL;
	u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL;

	rsa = EVP_PKEY_get0_RSA(key->pkey);
	if (key == NULL || rsa == NULL ||
	    sshkey_type_plain(key->type) != KEY_RSA ||
	    sig == NULL || siglen == 0)
		return SSH_ERR_INVALID_ARGUMENT;
	if (RSA_bits(rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE)
	if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
		return SSH_ERR_KEY_LENGTH;

	if ((b = sshbuf_from(sig, siglen)) == NULL)

		goto out;
	}
	/* RSA_verify expects a signature of RSA_size */
	modlen = RSA_size(rsa);
	if (len > modlen) {
		ret = SSH_ERR_KEY_BITS_MISMATCH;
		goto out;

		explicit_bzero(sigblob, diff);
		len = modlen;
	}
	if ((dlen = ssh_digest_bytes(hash_alg)) == 0) {
		ret = SSH_ERR_INTERNAL_ERROR;
		goto out;
	}
	if ((ret = ssh_digest_memory(hash_alg, data, datalen,
	    digest, sizeof(digest))) != 0)
		goto out;

	ret = openssh_RSA_verify(hash_alg, data, datalen, sigblob, len,
	    key->pkey);
 out:
	freezero(sigblob, len);
	free(sigtype);

	return ret;
}

/*
 * See:
 * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/
 * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn
 */

/*
 * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
 *	oiw(14) secsig(3) algorithms(2) 26 }
 */
static const u_char id_sha1[] = {
	0x30, 0x21, /* type Sequence, length 0x21 (33) */
	0x30, 0x09, /* type Sequence, length 0x09 */
	0x06, 0x05, /* type OID, length 0x05 */
	0x2b, 0x0e, 0x03, 0x02, 0x1a, /* id-sha1 OID */
	0x05, 0x00, /* NULL */
	0x04, 0x14  /* Octet string, length 0x14 (20), followed by sha1 hash */
};

/*
 * See http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
 * id-sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840)
 *      organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2)
 *      id-sha256(1) }
 */
static const u_char id_sha256[] = {
	0x30, 0x31, /* type Sequence, length 0x31 (49) */
	0x30, 0x0d, /* type Sequence, length 0x0d (13) */
	0x06, 0x09, /* type OID, length 0x09 */
	0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, /* id-sha256 */
	0x05, 0x00, /* NULL */
	0x04, 0x20  /* Octet string, length 0x20 (32), followed by sha256 hash */
};

/*
 * See http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
 * id-sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840)
 *      organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2)
 *      id-sha256(3) }
 */
static const u_char id_sha512[] = {
	0x30, 0x51, /* type Sequence, length 0x51 (81) */
	0x30, 0x0d, /* type Sequence, length 0x0d (13) */
	0x06, 0x09, /* type OID, length 0x09 */
	0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, /* id-sha512 */
	0x05, 0x00, /* NULL */
	0x04, 0x40  /* Octet string, length 0x40 (64), followed by sha512 hash */
};

static int
openssh_RSA_verify(int hash_alg, const u_char *data, size_t datalen,
    u_char *sigbuf, size_t siglen, EVP_PKEY *pkey)
{
	size_t rsasize = 0;
	const RSA *rsa;
	int ret;
		*oidlenp = sizeof(id_sha1);
		break;
	case SSH_DIGEST_SHA256:
		*oidp = id_sha256;
		*oidlenp = sizeof(id_sha256);
		break;
	case SSH_DIGEST_SHA512:
		*oidp = id_sha512;
		*oidlenp = sizeof(id_sha512);
		break;
	default:
		return SSH_ERR_INVALID_ARGUMENT;
	}
	return 0;
}

	rsa = EVP_PKEY_get0_RSA(pkey);
openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen,
    u_char *sigbuf, size_t siglen, RSA *rsa)
{
	size_t rsasize = 0, oidlen = 0, hlen = 0;
	int ret, len, oidmatch, hashmatch;
	const u_char *oid = NULL;
	u_char *decrypted = NULL;

	if ((ret = rsa_hash_alg_oid(hash_alg, &oid, &oidlen)) != 0)
		return ret;
	ret = SSH_ERR_INTERNAL_ERROR;
	hlen = ssh_digest_bytes(hash_alg);
	if (hashlen != hlen) {
		ret = SSH_ERR_INVALID_ARGUMENT;
		goto done;
	}
	rsasize = RSA_size(rsa);
	if (rsasize <= 0 || rsasize > SSHBUF_MAX_BIGNUM ||
	    siglen == 0 || siglen > rsasize) {
		ret = SSH_ERR_INVALID_ARGUMENT;
		goto done;
	}

	ret = sshkey_verify_signature(pkey, hash_alg, data, datalen,
	    sigbuf, siglen);

	if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa,
	    RSA_PKCS1_PADDING)) < 0) {
		ret = SSH_ERR_LIBCRYPTO_ERROR;
		goto done;
	}
	if (len < 0 || (size_t)len != hlen + oidlen) {
		ret = SSH_ERR_INVALID_FORMAT;
		goto done;
	}
	oidmatch = timingsafe_bcmp(decrypted, oid, oidlen) == 0;
	hashmatch = timingsafe_bcmp(decrypted + oidlen, hash, hlen) == 0;
	if (!oidmatch || !hashmatch) {
		ret = SSH_ERR_SIGNATURE_INVALID;
		goto done;
	}
	ret = 0;
done:
	freezero(decrypted, rsasize);
	return ret;
}
#endif /* WITH_OPENSSL */




{
#ifdef WITH_OPENSSL
	const BIGNUM *rsa_n, *dsa_p;
	RSA *rsa = NULL;
	DSA *dsa = NULL;
#endif /* WITH_OPENSSL */

	switch (k->type) {
#ifdef WITH_OPENSSL
	case KEY_RSA:
	case KEY_RSA_CERT:
		rsa = EVP_PKEY_get0_RSA(k->pkey);
		if (rsa == NULL)
			return 0;
		RSA_get0_key(rsa, &rsa_n, NULL, NULL);
		return BN_num_bits(rsa_n);
	case KEY_DSA:
	case KEY_DSA_CERT:
		dsa = EVP_PKEY_get0_DSA(k->pkey);
		if (dsa == NULL)
			return 0;
		DSA_get0_pqg(dsa, &dsa_p, NULL, NULL);
		return BN_num_bits(dsa_p);
	case KEY_ECDSA:
	case KEY_ECDSA_CERT:

}

#ifdef WITH_OPENSSL
int
sshkey_calculate_signature(EVP_PKEY *pkey, int hash_alg, u_char **sigp,
    int *lenp, const u_char *data, size_t datalen)
{
	EVP_MD_CTX *ctx = NULL;
	u_char *sig = NULL;
	int ret, slen, len;

	if (sigp == NULL || lenp == NULL) {
		return SSH_ERR_INVALID_ARGUMENT;
	}

	slen = EVP_PKEY_size(pkey);
	if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
		return SSH_ERR_INVALID_ARGUMENT;

	len = slen;
	if ((sig = malloc(slen)) == NULL) {
		return SSH_ERR_ALLOC_FAIL;
	}

	if ((ctx = EVP_MD_CTX_new()) == NULL) {
		ret = SSH_ERR_ALLOC_FAIL;
		goto error;
	}
	if (EVP_SignInit_ex(ctx, ssh_digest_to_md(hash_alg), NULL) <= 0 ||
	    EVP_SignUpdate(ctx, data, datalen) <= 0 ||
	    EVP_SignFinal(ctx, sig, &len, pkey) <= 0) {
		ret = SSH_ERR_LIBCRYPTO_ERROR;
		goto error;
	}

	*sigp = sig;
	*lenp = len;
	/* Now owned by the caller */
	sig = NULL;
	ret = 0;

error:
	EVP_MD_CTX_free(ctx);
	free(sig);
	return ret;
}

int
sshkey_verify_signature(EVP_PKEY *pkey, int hash_alg, const u_char *data,
    size_t datalen, u_char *sigbuf, int siglen)
{
	EVP_MD_CTX *ctx = NULL;
	int ret;

	if ((ctx = EVP_MD_CTX_new()) == NULL) {
		return SSH_ERR_ALLOC_FAIL;
	}
	if (EVP_VerifyInit_ex(ctx, ssh_digest_to_md(hash_alg), NULL) <= 0 ||
	    EVP_VerifyUpdate(ctx, data, datalen) <= 0) {
		ret = SSH_ERR_LIBCRYPTO_ERROR;
		goto done;
	}
	ret = EVP_VerifyFinal(ctx, sigbuf, siglen, pkey);
	switch (ret) {
	case 1:
		ret = 0;
		break;
	case 0:
		ret = SSH_ERR_SIGNATURE_INVALID;
		break;
	default:
		ret = SSH_ERR_LIBCRYPTO_ERROR;
		break;
	}

done:
	EVP_MD_CTX_free(ctx);
	return ret;
}

/* XXX: these are really begging for a table-driven approach */
int
sshkey_curve_name_to_nid(const char *name)

	if ((k = calloc(1, sizeof(*k))) == NULL)
		return NULL;
	k->type = type;
	k->ecdsa = NULL;
	k->ecdsa_nid = -1;
	k->pkey = NULL;
	k->rsa = NULL;
	k->cert = NULL;
	k->ed25519_sk = NULL;
	k->ed25519_pk = NULL;

#ifdef WITH_OPENSSL
	case KEY_RSA:
	case KEY_RSA_CERT:
		if ((k->pkey = EVP_PKEY_new()) == NULL) {
			free(k);
			return NULL;
		}
		if ((rsa = RSA_new()) == NULL) {
			EVP_PKEY_free(k->pkey);
			free(k);
			return NULL;
		}
		if (EVP_PKEY_set1_RSA(k->pkey, rsa) != 1) {
			EVP_PKEY_free(k->pkey);
			free(k);
			RSA_free(rsa);
			return NULL;
		}
		break;
	case KEY_DSA:
	case KEY_DSA_CERT:
		if ((k->pkey = EVP_PKEY_new()) == NULL) {
			free(k);
			return NULL;
		}
		if ((dsa = DSA_new()) == NULL) {
			EVP_PKEY_free(k->pkey);
			free(k);
			return NULL;
		}
		if (EVP_PKEY_set1_DSA(k->pkey, dsa) != 1) {
			EVP_PKEY_free(k->pkey);
			DSA_free(dsa);
			free(k);
			return NULL;
		}
		k->dsa = dsa;
		break;
	case KEY_ECDSA:
	case KEY_ECDSA_CERT:
		if ((k->pkey = EVP_PKEY_new()) == NULL) {
			free(k);
			return NULL;
		}
		/* Cannot do anything until we know the group */
		break;
#endif /* WITH_OPENSSL */

#ifdef WITH_OPENSSL
	case KEY_RSA:
	case KEY_RSA_CERT:
		RSA_free(k->rsa);
		k->rsa = NULL;
		break;
	case KEY_DSA:
	case KEY_DSA_CERT:
		DSA_free(k->dsa);
		k->dsa = NULL;
		break;
# ifdef OPENSSL_HAS_ECC
	case KEY_ECDSA:
	case KEY_ECDSA_CERT:
		EC_KEY_free(k->ecdsa);
		k->ecdsa = NULL;
		break;
# endif /* OPENSSL_HAS_ECC */
		EVP_PKEY_free(k->pkey);
		k->pkey = NULL;
		break;
#endif /* WITH_OPENSSL */
	case KEY_ED25519:
	case KEY_ED25519_CERT:

sshkey_equal_public(const struct sshkey *a, const struct sshkey *b)
{
#if defined(WITH_OPENSSL)
	const RSA *rsa_a, *rsa_b;
	const DSA *dsa_a, *dsa_b;
	const EC_KEY *ecdsa_a, *ecdsa_b;
	const BIGNUM *rsa_e_a, *rsa_n_a;
	const BIGNUM *rsa_e_b, *rsa_n_b;
	const BIGNUM *dsa_p_a, *dsa_q_a, *dsa_g_a, *dsa_pub_key_a;

#ifdef WITH_OPENSSL
	case KEY_RSA_CERT:
	case KEY_RSA:
		rsa_a = EVP_PKEY_get0_RSA(a->pkey);
		rsa_b = EVP_PKEY_get0_RSA(b->pkey);
		if (rsa_a == NULL || rsa_b == NULL)
			return 0;
		RSA_get0_key(rsa_a, &rsa_n_a, &rsa_e_a, NULL);
		RSA_get0_key(rsa_b, &rsa_n_b, &rsa_e_b, NULL);
		return BN_cmp(rsa_e_a, rsa_e_b) == 0 &&
		    BN_cmp(rsa_n_a, rsa_n_b) == 0;
	case KEY_DSA_CERT:
	case KEY_DSA:
		dsa_a = EVP_PKEY_get0_DSA(a->pkey);
		dsa_b = EVP_PKEY_get0_DSA(b->pkey);
		if (dsa_a == NULL || dsa_b == NULL)
			return 0;
		DSA_get0_pqg(dsa_a, &dsa_p_a, &dsa_q_a, &dsa_g_a);
		DSA_get0_pqg(dsa_b, &dsa_p_b, &dsa_q_b, &dsa_g_b);
		DSA_get0_key(dsa_a, &dsa_pub_key_a, NULL);
		DSA_get0_key(dsa_b, &dsa_pub_key_b, NULL);
		return BN_cmp(dsa_p_a, dsa_p_b) == 0 &&
		    BN_cmp(dsa_q_a, dsa_q_b) == 0 &&
		    BN_cmp(dsa_g_a, dsa_g_b) == 0 &&

# ifdef OPENSSL_HAS_ECC
	case KEY_ECDSA_CERT:
	case KEY_ECDSA:
		ecdsa_a = EVP_PKEY_get0_EC_KEY(a->pkey);
		ecdsa_b = EVP_PKEY_get0_EC_KEY(b->pkey);
		if (ecdsa_a == NULL || ecdsa_b == NULL ||
		    EC_KEY_get0_public_key(ecdsa_a) == NULL ||
		    EC_KEY_get0_public_key(ecdsa_b) == NULL)
			return 0;
		if ((bnctx = BN_CTX_new()) == NULL)
			return 0;
		if (EC_GROUP_cmp(EC_KEY_get0_group(ecdsa_a),
		    EC_KEY_get0_group(ecdsa_b), bnctx) != 0 ||
		    EC_POINT_cmp(EC_KEY_get0_group(ecdsa_a),
		    EC_KEY_get0_public_key(ecdsa_a),
		    EC_KEY_get0_public_key(ecdsa_b), bnctx) != 0) {
			BN_CTX_free(bnctx);
			return 0;
		}

	int type, ret = SSH_ERR_INTERNAL_ERROR;
	const char *typename;
#ifdef WITH_OPENSSL
	const RSA *rsa;
	const DSA *dsa;
	const EC_KEY *ecdsa;
	const BIGNUM *rsa_n, *rsa_e, *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key;
#endif /* WITH_OPENSSL */


		break;
#ifdef WITH_OPENSSL
	case KEY_DSA:
		dsa = EVP_PKEY_get0_DSA(key->pkey);
		if (dsa == NULL)
			return SSH_ERR_INVALID_ARGUMENT;
		DSA_get0_pqg(dsa, &dsa_p, &dsa_q, &dsa_g);
		DSA_get0_key(dsa, &dsa_pub_key, NULL);
		if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||
		    (ret = sshbuf_put_bignum2(b, dsa_p)) != 0 ||
		    (ret = sshbuf_put_bignum2(b, dsa_q)) != 0 ||

		break;
# ifdef OPENSSL_HAS_ECC
	case KEY_ECDSA:
		ecdsa = EVP_PKEY_get0_EC_KEY(key->pkey);
		if (ecdsa == NULL)
			return SSH_ERR_INVALID_ARGUMENT;
		if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||
		    (ret = sshbuf_put_cstring(b,
		    sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 ||
		    (ret = sshbuf_put_eckey(b, ecdsa)) != 0)
			return ret;
		break;
# endif
	case KEY_RSA:
		rsa = EVP_PKEY_get0_RSA(key->pkey);
		if (rsa == NULL)
			return SSH_ERR_INVALID_ARGUMENT;
		RSA_get0_key(rsa, &rsa_n, &rsa_e, NULL);
		if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||
		    (ret = sshbuf_put_bignum2(b, rsa_e)) != 0 ||
		    (ret = sshbuf_put_bignum2(b, rsa_n)) != 0)

	switch (sshkey_type_plain(ret->type)) {
#ifdef WITH_OPENSSL
	case KEY_RSA:
		EVP_PKEY_free(ret->pkey);
		ret->pkey = k->pkey;
		k->pkey = NULL;
#ifdef DEBUG_PK
		RSA_print_fp(stderr, EVP_PKEY_get0_RSA(ret->pkey), 8);
#endif
		break;
	case KEY_DSA:
		EVP_PKEY_free(ret->pkey);
		ret->pkey = k->pkey;
		k->pkey = NULL;
#ifdef DEBUG_PK
		DSA_print_fp(stderr, EVP_PKEY_get0_DSA(ret->pkey), 8);
#endif
		break;
# ifdef OPENSSL_HAS_ECC
	case KEY_ECDSA:
		EVP_PKEY_free(ret->pkey);
		ret->pkey = k->pkey;
		ret->ecdsa_nid = k->ecdsa_nid;
		k->pkey = NULL;
		k->ecdsa_nid = -1;
#ifdef DEBUG_PK
		sshkey_dump_ec_key(EVP_PKEY_get0_EC_KEY(ret->pkey));
#endif
		break;
# endif /* OPENSSL_HAS_ECC */


#ifdef WITH_OPENSSL
static int
rsa_generate_private_key(u_int bits, EVP_PKEY **pkeyp)
{
	RSA *private = NULL;
	BIGNUM *f4 = NULL;
	int ret = SSH_ERR_INTERNAL_ERROR;

	if (pkeyp == NULL)
		return SSH_ERR_INVALID_ARGUMENT;
	if (bits < SSH_RSA_MINIMUM_MODULUS_SIZE ||
	    bits > SSHBUF_MAX_BIGNUM * 8)
		return SSH_ERR_KEY_LENGTH;
	*pkeyp = NULL;
	if ((private = RSA_new()) == NULL || (f4 = BN_new()) == NULL) {
		ret = SSH_ERR_ALLOC_FAIL;
		goto out;

		ret = SSH_ERR_LIBCRYPTO_ERROR;
		goto out;
	}
	*pkeyp = EVP_PKEY_new();
	if (*pkeyp == NULL) {
		ret = SSH_ERR_ALLOC_FAIL;
		goto out;
	}
	if (EVP_PKEY_set1_RSA(*pkeyp, private) != 1) {
		ret = SSH_ERR_LIBCRYPTO_ERROR;
		goto out;
	}
	private = NULL;
	ret = 0;
 out:

}

static int
dsa_generate_private_key(u_int bits, EVP_PKEY **pkeyp)
{
	DSA *private;
	int ret = SSH_ERR_INTERNAL_ERROR;

	if (pkeyp == NULL)
		return SSH_ERR_INVALID_ARGUMENT;
	if (bits != 1024)
		return SSH_ERR_KEY_LENGTH;

		ret = SSH_ERR_ALLOC_FAIL;
		goto out;
	}
	*pkeyp = NULL;
	if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL,
	    NULL, NULL) || !DSA_generate_key(private)) {
		ret = SSH_ERR_LIBCRYPTO_ERROR;
		goto out;
	}
	*pkeyp = EVP_PKEY_new();
	if (*pkeyp == NULL) {
		ret = SSH_ERR_ALLOC_FAIL;
		goto out;
	}
	if (EVP_PKEY_set1_DSA(*pkeyp, private) != 1) {
		ret = SSH_ERR_LIBCRYPTO_ERROR;
		goto out;
	}
	private = NULL;
	ret = 0;
 out:


# ifdef OPENSSL_HAS_ECC
int
sshkey_ecdsa_key_to_nid(struct sshkey *key)
{
	EC_KEY *k;
	EC_GROUP *eg;
	int nids[] = {
		NID_X9_62_prime256v1,

	int nid;
	u_int i;
	BN_CTX *bnctx;
	const EC_GROUP *g;

	if ((k = EVP_PKEY_get0_EC_KEY(key->pkey)) == NULL ||
	    (g = EC_KEY_get0_group(k)) == NULL) {
		return -1;
	}

	/*
	 * The group may be stored in a ASN.1 encoded private key in one of two

}

static int
ecdsa_generate_private_key(u_int bits, int *nid, EVP_PKEY **pkeyp)
{
	EC_KEY *private;
	int ret = SSH_ERR_INTERNAL_ERROR;

	if (nid == NULL || pkeyp == NULL)
		return SSH_ERR_INVALID_ARGUMENT;
	if ((*nid = sshkey_ecdsa_bits_to_nid(bits)) == -1)
		return SSH_ERR_KEY_LENGTH;
	*pkeyp = NULL;
	if ((private = EC_KEY_new_by_curve_name(*nid)) == NULL) {
		ret = SSH_ERR_ALLOC_FAIL;
		goto out;

		goto out;
	}
	EC_KEY_set_asn1_flag(private, OPENSSL_EC_NAMED_CURVE);
	*pkeyp = EVP_PKEY_new();
	if (*pkeyp == NULL) {
		ret = SSH_ERR_ALLOC_FAIL;
		goto out;
	}
	if (EVP_PKEY_set1_EC_KEY(*pkeyp, private) != 1) {
		ret = SSH_ERR_LIBCRYPTO_ERROR;
		goto out;
	}
	private = NULL;
	ret = 0;
 out:

#endif /* WITH_XMSS */
#ifdef WITH_OPENSSL
	case KEY_DSA:
		ret = dsa_generate_private_key(bits, &k->pkey);
		break;
# ifdef OPENSSL_HAS_ECC
	case KEY_ECDSA:
		ret = ecdsa_generate_private_key(bits, &k->ecdsa_nid,
		    &k->pkey);
		break;
# endif /* OPENSSL_HAS_ECC */
	case KEY_RSA:
		ret = rsa_generate_private_key(bits, &k->pkey);
		break;
#endif /* WITH_OPENSSL */
	default:

	struct sshkey *n = NULL;
	int r = SSH_ERR_INTERNAL_ERROR;
#ifdef WITH_OPENSSL
	RSA *rsa;
	DSA *dsa;
	EC_KEY *ecdsa;
	const EC_POINT *ec_point;
	const BIGNUM *rsa_n, *rsa_e;
	BIGNUM *rsa_n_dup = NULL, *rsa_e_dup = NULL;
	const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key;

			goto out;
		}

		dsa = EVP_PKEY_get0_DSA(k->pkey);
		if (dsa == NULL) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		DSA_get0_pqg(dsa, &dsa_p, &dsa_q, &dsa_g);
		DSA_get0_key(dsa, &dsa_pub_key, NULL);
		if ((dsa_p_dup = BN_dup(dsa_p)) == NULL ||
		    (dsa_q_dup = BN_dup(dsa_q)) == NULL ||
		    (dsa_g_dup = BN_dup(dsa_g)) == NULL ||

			r = SSH_ERR_ALLOC_FAIL;
			goto out;
		}
		dsa = EVP_PKEY_get0_DSA(n->pkey);
		if (!dsa || !DSA_set0_pqg(dsa, dsa_p_dup, dsa_q_dup, dsa_g_dup)) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		dsa_p_dup = dsa_q_dup = dsa_g_dup = NULL; /* transferred */
		if (!DSA_set0_key(dsa, dsa_pub_key_dup, NULL)) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}

			goto out;
		}
		n->ecdsa_nid = k->ecdsa_nid;
		ecdsa = EVP_PKEY_get0_EC_KEY(k->pkey);
		if (ecdsa == NULL) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		ec_point = EC_KEY_get0_public_key(ecdsa);
		ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
		if (ecdsa == NULL) {
			r = SSH_ERR_ALLOC_FAIL;
			goto out;
		}
		if (EC_KEY_set_public_key(ecdsa, ec_point) != 1) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		if (EVP_PKEY_set1_EC_KEY(n->pkey, ecdsa) != 1) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}

			r = SSH_ERR_ALLOC_FAIL;
			goto out;
		}
		rsa = EVP_PKEY_get0_RSA(k->pkey);
		if (rsa == NULL) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		RSA_get0_key(rsa, &rsa_n, &rsa_e, NULL);
		if ((rsa_n_dup = BN_dup(rsa_n)) == NULL ||
		    (rsa_e_dup = BN_dup(rsa_e)) == NULL) {
			r = SSH_ERR_ALLOC_FAIL;
			goto out;
		}
		rsa = EVP_PKEY_get0_RSA(n->pkey);
		if (!rsa || !RSA_set0_key(rsa, rsa_n_dup, rsa_e_dup, NULL)) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}


#ifdef WITH_OPENSSL
static int
check_rsa_length(const struct sshkey *key)
{
	const BIGNUM *rsa_n;
	const RSA *rsa;

	rsa = EVP_PKEY_get0_RSA(key->pkey);
	if (rsa == NULL)
		return SSH_ERR_INTERNAL_ERROR;

	RSA_get0_key(rsa, &rsa_n, NULL, NULL);
	if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)

	u_char *pk = NULL;
	struct sshbuf *copy;
#if defined(WITH_OPENSSL)
	RSA *rsa;
	DSA *dsa;
	EC_KEY *ecdsa;
	BIGNUM *rsa_n = NULL, *rsa_e = NULL;
	BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL, *dsa_pub_key = NULL;
# if defined(OPENSSL_HAS_ECC)

			ret = SSH_ERR_INVALID_FORMAT;
			goto out;
		}
		rsa = EVP_PKEY_get0_RSA(key->pkey);
		if (!rsa || !RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
			ret = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		rsa_n = rsa_e = NULL; /* transferred */
		if ((ret = check_rsa_length(key)) != 0)
			goto out;
#ifdef DEBUG_PK
		RSA_print_fp(stderr, rsa, 8);
#endif
		break;
	case KEY_DSA_CERT:

			ret = SSH_ERR_INVALID_FORMAT;
			goto out;
		}
		dsa = EVP_PKEY_get0_DSA(key->pkey);
		if (!dsa || !DSA_set0_pqg(dsa, dsa_p, dsa_q, dsa_g)) {
			ret = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		dsa_p = dsa_q = dsa_g = NULL; /* transferred */
		if (!DSA_set0_key(dsa, dsa_pub_key, NULL)) {
			ret = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		dsa_pub_key = NULL; /* transferred */
#ifdef DEBUG_PK
		DSA_print_fp(stderr, dsa, 8);
#endif
		break;
	case KEY_ECDSA_CERT:

			ret = SSH_ERR_EC_CURVE_MISMATCH;
			goto out;
		}
		if ((ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid))
		if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid))
		    == NULL) {
			ret = SSH_ERR_EC_CURVE_INVALID;
			goto out;
		}
		if ((q = EC_POINT_new(EC_KEY_get0_group(ecdsa))) == NULL) {
			ret = SSH_ERR_ALLOC_FAIL;
			goto out;
		}
		if (sshbuf_get_ec(b, q, EC_KEY_get0_group(ecdsa)) != 0) {
			ret = SSH_ERR_INVALID_FORMAT;
			goto out;
		}
		if (sshkey_ec_validate_public(EC_KEY_get0_group(ecdsa),
		    q) != 0) {
			ret = SSH_ERR_KEY_INVALID_EC_VALUE;
			goto out;
		}
		if (EC_KEY_set_public_key(ecdsa, q) != 1) {
			/* XXX assume it is a allocation error */
			ret = SSH_ERR_ALLOC_FAIL;
			goto out;
		}
		if (EVP_PKEY_set1_EC_KEY(key->pkey, ecdsa) != 1) {
			ret = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		ecdsa = NULL;
#ifdef DEBUG_PK
		sshkey_dump_ec_point(EC_KEY_get0_group(ecdsa), q);
#endif
		break;
# endif /* OPENSSL_HAS_ECC */

	struct sshbuf *cert = NULL;
	char *sigtype = NULL;
#ifdef WITH_OPENSSL
	const RSA *rsa;
	const DSA *dsa;
	const EC_KEY *ecdsa;
	const BIGNUM *rsa_n, *rsa_e, *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key;
#endif /* WITH_OPENSSL */


	switch (k->type) {
#ifdef WITH_OPENSSL
	case KEY_DSA_CERT:
		dsa = EVP_PKEY_get0_DSA(k->pkey);
		if (dsa == NULL) {
			ret = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		DSA_get0_pqg(dsa, &dsa_p, &dsa_q, &dsa_g);
		DSA_get0_key(dsa, &dsa_pub_key, NULL);
		if ((ret = sshbuf_put_bignum2(cert, dsa_p)) != 0 ||
		    (ret = sshbuf_put_bignum2(cert, dsa_q)) != 0 ||
		    (ret = sshbuf_put_bignum2(cert, dsa_g)) != 0 ||

		break;
# ifdef OPENSSL_HAS_ECC
	case KEY_ECDSA_CERT:
		ecdsa = EVP_PKEY_get1_EC_KEY(k->pkey);
		if (ecdsa == NULL) {
			ret = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		if ((ret = sshbuf_put_cstring(cert,
		    sshkey_curve_nid_to_name(k->ecdsa_nid))) != 0 ||
		    (ret = sshbuf_put_ec(cert,
		    EC_KEY_get0_public_key(ecdsa),
		    EC_KEY_get0_group(ecdsa))) != 0)
			goto out;
		break;
# endif /* OPENSSL_HAS_ECC */
	case KEY_RSA_CERT:
		rsa = EVP_PKEY_get0_RSA(k->pkey);
		if (rsa == NULL) {
			ret = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		RSA_get0_key(rsa, &rsa_n, &rsa_e, NULL);
		if ((ret = sshbuf_put_bignum2(cert, rsa_e)) != 0 ||
		    (ret = sshbuf_put_bignum2(cert, rsa_n)) != 0)
			goto out;

{
	int r = SSH_ERR_INTERNAL_ERROR;
#ifdef WITH_OPENSSL
	const RSA *rsa;
	const DSA *dsa;
	const EC_KEY *ecdsa;
	const BIGNUM *rsa_n, *rsa_e, *rsa_d, *rsa_iqmp, *rsa_p, *rsa_q;
	const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key, *dsa_priv_key;
#endif /* WITH_OPENSSL */

	switch (key->type) {
#ifdef WITH_OPENSSL
	case KEY_RSA:
		rsa = EVP_PKEY_get0_RSA(key->pkey);
		if (rsa == NULL) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
		RSA_get0_factors(rsa, &rsa_p, &rsa_q);
		RSA_get0_crt_params(rsa, NULL, NULL, &rsa_iqmp);
		if ((r = sshbuf_put_bignum2(b, rsa_n)) != 0 ||
		    (r = sshbuf_put_bignum2(b, rsa_e)) != 0 ||
		    (r = sshbuf_put_bignum2(b, rsa_d)) != 0 ||

			r = SSH_ERR_INVALID_ARGUMENT;
			goto out;
		}
		rsa = EVP_PKEY_get0_RSA(key->pkey);
		if (rsa == NULL) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		RSA_get0_key(rsa, NULL, NULL, &rsa_d);
		RSA_get0_factors(rsa, &rsa_p, &rsa_q);
		RSA_get0_crt_params(rsa, NULL, NULL, &rsa_iqmp);
		if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
		    (r = sshbuf_put_bignum2(b, rsa_d)) != 0 ||
		    (r = sshbuf_put_bignum2(b, rsa_iqmp)) != 0 ||

			goto out;
		break;
	case KEY_DSA:
		dsa = EVP_PKEY_get0_DSA(key->pkey);
		if (dsa == NULL) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		DSA_get0_pqg(dsa, &dsa_p, &dsa_q, &dsa_g);
		DSA_get0_key(dsa, &dsa_pub_key, &dsa_priv_key);
		if ((r = sshbuf_put_bignum2(b, dsa_p)) != 0 ||
		    (r = sshbuf_put_bignum2(b, dsa_q)) != 0 ||
		    (r = sshbuf_put_bignum2(b, dsa_g)) != 0 ||

			r = SSH_ERR_INVALID_ARGUMENT;
			goto out;
		}
		dsa = EVP_PKEY_get0_DSA(key->pkey);
		if (dsa == NULL) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		DSA_get0_key(dsa, NULL, &dsa_priv_key);
		if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
		    (r = sshbuf_put_bignum2(b, dsa_priv_key)) != 0)
			goto out;
		break;
# ifdef OPENSSL_HAS_ECC
	case KEY_ECDSA:
		ecdsa = EVP_PKEY_get0_EC_KEY(key->pkey);
		if (!ecdsa || (r = sshbuf_put_cstring(b,
		    sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 ||
		    (r = sshbuf_put_eckey(b, ecdsa)) != 0 ||
		    (r = sshbuf_put_bignum2(b,
		    EC_KEY_get0_private_key(ecdsa))) != 0)
			goto out;
		break;
	case KEY_ECDSA_CERT:
		ecdsa = EVP_PKEY_get0_EC_KEY(key->pkey);
		if (!ecdsa || key->cert == NULL ||
		    sshbuf_len(key->cert->certblob) == 0) {
			r = SSH_ERR_INVALID_ARGUMENT;
			goto out;
		}
		if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
		    (r = sshbuf_put_bignum2(b,
		    EC_KEY_get0_private_key(ecdsa))) != 0)
			goto out;
		break;
# endif /* OPENSSL_HAS_ECC */

	u_char *ed25519_pk = NULL, *ed25519_sk = NULL;
	u_char *xmss_pk = NULL, *xmss_sk = NULL;
#ifdef WITH_OPENSSL
	RSA *rsa;
	DSA *dsa;
	EC_KEY *ecdsa;
	BIGNUM *exponent = NULL;
	BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL;
	BIGNUM *rsa_iqmp = NULL, *rsa_p = NULL, *rsa_q = NULL;

		    (r = sshbuf_get_bignum2(buf, &dsa_pub_key)) != 0 ||
		    (r = sshbuf_get_bignum2(buf, &dsa_priv_key)) != 0)
			goto out;
		dsa = EVP_PKEY_get0_DSA(k->pkey);
		if (!dsa || !DSA_set0_pqg(dsa, dsa_p, dsa_q, dsa_g)) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		dsa_p = dsa_q = dsa_g = NULL; /* transferred */
		if (!DSA_set0_key(dsa, dsa_pub_key, dsa_priv_key)) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}

		if ((r = sshkey_froms(buf, &k)) != 0 ||
		    (r = sshbuf_get_bignum2(buf, &dsa_priv_key)) != 0)
			goto out;
		dsa = EVP_PKEY_get0_DSA(k->pkey);
		if (!dsa || !DSA_set0_key(dsa, NULL, dsa_priv_key)) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}

			r = SSH_ERR_EC_CURVE_MISMATCH;
			goto out;
		}
		ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
		if (ecdsa  == NULL) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		if ((r = sshbuf_get_eckey(buf, ecdsa)) != 0 ||
		    (r = sshbuf_get_bignum2(buf, &exponent)))
			goto out;
		if (EC_KEY_set_private_key(ecdsa, exponent) != 1) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(ecdsa),
		    EC_KEY_get0_public_key(ecdsa))) != 0 ||
		    (r = sshkey_ec_validate_private(ecdsa)) != 0)
			goto out;
		if (EVP_PKEY_set1_EC_KEY(k->pkey, ecdsa) != 1) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		break;
	case KEY_ECDSA_CERT:
		if ((r = sshkey_froms(buf, &k)) != 0 ||
		    (r = sshbuf_get_bignum2(buf, &exponent)) != 0)
			goto out;
		ecdsa = EVP_PKEY_get0_EC_KEY(k->pkey);
		if (!ecdsa || EC_KEY_set_private_key(ecdsa, exponent) != 1) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(ecdsa),
		    EC_KEY_get0_public_key(ecdsa))) != 0 ||
		    (r = sshkey_ec_validate_private(ecdsa)) != 0)
			goto out;
		break;
# endif /* OPENSSL_HAS_ECC */

		    (r = sshbuf_get_bignum2(buf, &rsa_p)) != 0 ||
		    (r = sshbuf_get_bignum2(buf, &rsa_q)) != 0)
			goto out;
		rsa = EVP_PKEY_get0_RSA(k->pkey);
		if (!rsa || !RSA_set0_key(rsa, rsa_n, rsa_e, rsa_d)) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		rsa_n = rsa_e = rsa_d = NULL; /* transferred */
		if (!RSA_set0_factors(rsa, rsa_p, rsa_q)) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		rsa_p = rsa_q = NULL; /* transferred */
		if ((r = check_rsa_length(k)) != 0)
			goto out;
		if ((r = ssh_rsa_complete_crt_parameters(k, rsa_iqmp)) != 0)
			goto out;

		    (r = sshbuf_get_bignum2(buf, &rsa_p)) != 0 ||
		    (r = sshbuf_get_bignum2(buf, &rsa_q)) != 0)
			goto out;
		rsa = EVP_PKEY_get0_RSA(k->pkey);
		if (!rsa || !RSA_set0_key(rsa, NULL, NULL, rsa_d)) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		rsa_d = NULL; /* transferred */
		if (!RSA_set0_factors(rsa, rsa_p, rsa_q)) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		rsa_p = rsa_q = NULL; /* transferred */
		if ((r = check_rsa_length(k)) != 0)
			goto out;
		if ((r = ssh_rsa_complete_crt_parameters(k, rsa_iqmp)) != 0)
			goto out;

	switch (k->type) {
	case KEY_RSA:
	case KEY_RSA_CERT:
		rsa = EVP_PKEY_get0_RSA(k->pkey);
		if (!rsa || RSA_blinding_on(rsa, NULL) != 1) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}

	const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL;
	char *bptr;
	BIO *bio = NULL;
	RSA *rsa;
	DSA *dsa;
	EC_KEY *ecdsa;

	if (len > 0 && len <= 4)
		return SSH_ERR_PASSPHRASE_TOO_SHORT;


	switch (key->type) {
	case KEY_DSA:
		dsa = EVP_PKEY_get0_DSA(key->pkey);
		success = PEM_write_bio_DSAPrivateKey(bio, dsa,
		    cipher, passphrase, len, NULL, NULL);
		break;
#ifdef OPENSSL_HAS_ECC
	case KEY_ECDSA:
		ecdsa = EVP_PKEY_get0_EC_KEY(key->pkey);
		success = PEM_write_bio_ECPrivateKey(bio, ecdsa,
		    cipher, passphrase, len, NULL, NULL);
		break;
#endif
	case KEY_RSA:
		rsa = EVP_PKEY_get0_RSA(key->pkey);
		success = PEM_write_bio_RSAPrivateKey(bio, rsa,
		    cipher, passphrase, len, NULL, NULL);
		break;
	default:

	}
	if (EVP_PKEY_base_id(pk) == EVP_PKEY_RSA &&
	    (type == KEY_UNSPEC || type == KEY_RSA)) {
		RSA *rsa;
		if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
			r = SSH_ERR_ALLOC_FAIL;
			goto out;
		}
		rsa = EVP_PKEY_get0_RSA(pk);
		if (rsa == NULL) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		prv->pkey = pk;
		pk = NULL;
		prv->type = KEY_RSA;
#ifdef DEBUG_PK
		RSA_print_fp(stderr, rsa, 8);
#endif
		if (RSA_blinding_on(rsa, NULL) != 1) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		if ((r = check_rsa_length(prv)) != 0)
			goto out;
	} else if (EVP_PKEY_base_id(pk) == EVP_PKEY_DSA &&
	    (type == KEY_UNSPEC || type == KEY_DSA)) {

			r = SSH_ERR_ALLOC_FAIL;
			goto out;
		}
		prv->pkey = pk;
		pk = NULL;
		prv->type = KEY_DSA;
#ifdef DEBUG_PK
		DSA_print_fp(stderr, EVP_PKEY_get0_DSA(pk), 8);
#endif
#ifdef OPENSSL_HAS_ECC
	} else if (EVP_PKEY_base_id(pk) == EVP_PKEY_EC &&
	    (type == KEY_UNSPEC || type == KEY_ECDSA)) {
		EC_KEY *ecdsa;
		if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
			r = SSH_ERR_ALLOC_FAIL;
			goto out;
		}
		ecdsa = EVP_PKEY_get0_EC_KEY(pk);
		if (ecdsa == NULL) {
			r = SSH_ERR_LIBCRYPTO_ERROR;
			goto out;
		}
		prv->type = KEY_ECDSA;
		EVP_PKEY_free(prv->pkey);
		prv->pkey = pk;
		pk = NULL;
		prv->ecdsa_nid = sshkey_ecdsa_key_to_nid(prv);
		if (prv->ecdsa_nid == -1 ||
		    sshkey_curve_nid_to_name(prv->ecdsa_nid) == NULL ||
		    sshkey_ec_validate_public(EC_KEY_get0_group(ecdsa),
		    EC_KEY_get0_public_key(ecdsa)) != 0 ||
		    sshkey_ec_validate_private(ecdsa) != 0) {
			r = SSH_ERR_INVALID_FORMAT;
			goto out;
		}
# ifdef DEBUG_PK
		if (prv != NULL && ecdsa != NULL)
			sshkey_dump_ec_key(ecdsa);
# endif
#endif /* OPENSSL_HAS_ECC */
	} else {




#include <sys/types.h>

#ifdef WITH_OPENSSL
#include <openssl/evp.h>
#include <openssl/ec.h>
# ifdef OPENSSL_HAS_ECC
#  include <openssl/ec.h>
#  include <openssl/ecdsa.h>
# else /* OPENSSL_HAS_ECC */
#  define EC_KEY	void
#  define EC_GROUP	void
#  define EC_POINT	void
# endif /* OPENSSL_HAS_ECC */
#else /* WITH_OPENSSL */
# define EVP_PKEY	void
# define RSA		void
# define DSA		void
# define EC_KEY		void
# define EC_GROUP	void
# define EC_POINT	void
#endif /* WITH_OPENSSL */

struct sshkey {
	int	 type;
	int	 flags;
	EVP_PKEY *pkey;
	DSA	*dsa;
	int	 ecdsa_nid;	/* NID of curve */
	EC_KEY	*ecdsa;
	u_char	*ed25519_sk;
	u_char	*ed25519_pk;
	char	*xmss_name;

const char *	 sshkey_curve_nid_to_name(int);
u_int		 sshkey_curve_nid_to_bits(int);
int		 sshkey_ecdsa_bits_to_nid(int);
int		 sshkey_ecdsa_key_to_nid(struct sshkey *);
int		 sshkey_ec_nid_to_hash_alg(int nid);
int		 sshkey_ec_validate_public(const EC_GROUP *, const EC_POINT *);
int		 sshkey_ec_validate_private(const EC_KEY *);

const char	*sshkey_ssh_name_plain(const struct sshkey *);
int		 sshkey_names_valid2(const char *, int);
char		*sshkey_alg_list(int, int, int, char);
int		 sshkey_calculate_signature(EVP_PKEY*, int, u_char **,
    int *, const u_char *, size_t);
int		 sshkey_verify_signature(EVP_PKEY *, int, const u_char *,
    size_t, u_char *, int);

int	 sshkey_from_blob(const u_char *, size_t, struct sshkey **);
int	 sshkey_fromb(struct sshbuf *, struct sshkey **);

Return to bug 3005

Lines 45-50 sshkey_file_tests(void) Link Here

(-)a/regress/unittests/sshkey/test_file.c (-3 / +5 lines)
45	struct sshkey k1, k2;	45	struct sshkey k1, k2;
46	struct sshbuf buf, pw;	46	struct sshbuf buf, pw;
47	BIGNUM a, b, *c;	47	BIGNUM a, b, *c;
		48	EC_KEY *ecdsa;
48	char *cp;	49	char *cp;
49		50
50	TEST_START("load passphrase");	51	TEST_START("load passphrase");
Lines 264-274 sshkey_file_tests(void) Link Here
264	sshbuf_free(buf);	265	sshbuf_free(buf);
265	a = load_bignum("ecdsa_1.param.priv");	266	a = load_bignum("ecdsa_1.param.priv");
266	b = load_bignum("ecdsa_1.param.pub");	267	b = load_bignum("ecdsa_1.param.pub");
267	c = EC_POINT_point2bn(EC_KEY_get0_group(k1->ecdsa),	268	ecdsa = EVP_PKEY_get0_EC_KEY(k1->pkey);
268	EC_KEY_get0_public_key(k1->ecdsa), POINT_CONVERSION_UNCOMPRESSED,	269	c = EC_POINT_point2bn(EC_KEY_get0_group(ecdsa),
		270	EC_KEY_get0_public_key(ecdsa), POINT_CONVERSION_UNCOMPRESSED,
269	NULL, NULL);	271	NULL, NULL);
270	ASSERT_PTR_NE(c, NULL);	272	ASSERT_PTR_NE(c, NULL);
271	ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(k1->ecdsa), a);	273	ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(ecdsa), a);
272	ASSERT_BIGNUM_EQ(b, c);	274	ASSERT_BIGNUM_EQ(b, c);
273	BN_free(a);	275	BN_free(a);
274	BN_free(b);	276	BN_free(b);

Lines 328-343 do_convert_to_pkcs8(struct sshkey *k) Link Here

(-)a/ssh-keygen.c (-16 / +34 lines)
328	{	328	{
329	switch (sshkey_type_plain(k->type)) {	329	switch (sshkey_type_plain(k->type)) {
330	case KEY_RSA:	330	case KEY_RSA:
331	if (!PEM_write_RSA_PUBKEY(stdout, k->rsa))	331	if (!PEM_write_RSA_PUBKEY(stdout, EVP_PKEY_get0_RSA(k->pkey)))
332	fatal("PEM_write_RSA_PUBKEY failed");	332	fatal("PEM_write_RSA_PUBKEY failed");
333	break;	333	break;
334	case KEY_DSA:	334	case KEY_DSA:
335	if (!PEM_write_DSA_PUBKEY(stdout, k->dsa))	335	if (!PEM_write_DSA_PUBKEY(stdout, EVP_PKEY_get0_DSA(k->pkey)))
336	fatal("PEM_write_DSA_PUBKEY failed");	336	fatal("PEM_write_DSA_PUBKEY failed");
337	break;	337	break;
338	#ifdef OPENSSL_HAS_ECC	338	#ifdef OPENSSL_HAS_ECC
339	case KEY_ECDSA:	339	case KEY_ECDSA:
340	if (!PEM_write_EC_PUBKEY(stdout, k->ecdsa))	340	if (!PEM_write_EC_PUBKEY(stdout, EVP_PKEY_get0_EC_KEY(k->pkey)))
341	fatal("PEM_write_EC_PUBKEY failed");	341	fatal("PEM_write_EC_PUBKEY failed");
342	break;	342	break;
343	#endif	343	#endif
Lines 352-358 do_convert_to_pem(struct sshkey *k) Link Here
352	{	352	{
353	switch (sshkey_type_plain(k->type)) {	353	switch (sshkey_type_plain(k->type)) {
354	case KEY_RSA:	354	case KEY_RSA:
355	if (!PEM_write_RSAPublicKey(stdout, k->rsa))	355	if (!PEM_write_RSAPublicKey(stdout, EVP_PKEY_get1_RSA(k->pkey)))
356	fatal("PEM_write_RSAPublicKey failed");	356	fatal("PEM_write_RSAPublicKey failed");
357	break;	357	break;
358	default:	358	default:
Lines 427-432 do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) Link Here
427	BIGNUM dsa_pub_key = NULL, dsa_priv_key = NULL;	427	BIGNUM dsa_pub_key = NULL, dsa_priv_key = NULL;
428	BIGNUM rsa_n = NULL, rsa_e = NULL, *rsa_d = NULL;	428	BIGNUM rsa_n = NULL, rsa_e = NULL, *rsa_d = NULL;
429	BIGNUM rsa_p = NULL, rsa_q = NULL, *rsa_iqmp = NULL;	429	BIGNUM rsa_p = NULL, rsa_q = NULL, *rsa_iqmp = NULL;
		430	RSA *rsa;
		431	DSA *dsa;
		432
430	if ((b = sshbuf_from(blob, blen)) == NULL)	433	if ((b = sshbuf_from(blob, blen)) == NULL)
431	fatal("%s: sshbuf_from failed", __func__);	434	fatal("%s: sshbuf_from failed", __func__);
432	if ((r = sshbuf_get_u32(b, &magic)) != 0)	435	if ((r = sshbuf_get_u32(b, &magic)) != 0)
Lines 481-490 do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) Link Here
481	buffer_get_bignum_bits(b, dsa_q);	484	buffer_get_bignum_bits(b, dsa_q);
482	buffer_get_bignum_bits(b, dsa_pub_key);	485	buffer_get_bignum_bits(b, dsa_pub_key);
483	buffer_get_bignum_bits(b, dsa_priv_key);	486	buffer_get_bignum_bits(b, dsa_priv_key);
484	if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g))	487	dsa = EVP_PKEY_get0_DSA(key->pkey);
		488	if (!DSA_set0_pqg(dsa, dsa_p, dsa_q, dsa_g))
485	fatal("%s: DSA_set0_pqg failed", __func__);	489	fatal("%s: DSA_set0_pqg failed", __func__);
486	dsa_p = dsa_q = dsa_g = NULL; /* transferred */	490	dsa_p = dsa_q = dsa_g = NULL; /* transferred */
487	if (!DSA_set0_key(key->dsa, dsa_pub_key, dsa_priv_key))	491	if (!DSA_set0_key(dsa, dsa_pub_key, dsa_priv_key))
488	fatal("%s: DSA_set0_key failed", __func__);	492	fatal("%s: DSA_set0_key failed", __func__);
489	dsa_pub_key = dsa_priv_key = NULL; /* transferred */	493	dsa_pub_key = dsa_priv_key = NULL; /* transferred */
490	break;	494	break;
Lines 522-531 do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) Link Here
522	buffer_get_bignum_bits(b, rsa_iqmp);	526	buffer_get_bignum_bits(b, rsa_iqmp);
523	buffer_get_bignum_bits(b, rsa_q);	527	buffer_get_bignum_bits(b, rsa_q);
524	buffer_get_bignum_bits(b, rsa_p);	528	buffer_get_bignum_bits(b, rsa_p);
525	if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, rsa_d))	529	rsa = EVP_PKEY_get0_RSA(key->pkey);
		530	if (!RSA_set0_key(rsa, rsa_n, rsa_e, rsa_d))
526	fatal("%s: RSA_set0_key failed", __func__);	531	fatal("%s: RSA_set0_key failed", __func__);
527	rsa_n = rsa_e = rsa_d = NULL; /* transferred */	532	rsa_n = rsa_e = rsa_d = NULL; /* transferred */
528	if (!RSA_set0_factors(key->rsa, rsa_p, rsa_q))	533	if (!RSA_set0_factors(rsa, rsa_p, rsa_q))
529	fatal("%s: RSA_set0_factors failed", __func__);	534	fatal("%s: RSA_set0_factors failed", __func__);
530	rsa_p = rsa_q = NULL; /* transferred */	535	rsa_p = rsa_q = NULL; /* transferred */
531	if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0)	536	if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0)
Lines 643-663 do_convert_from_pkcs8(struct sshkey *k, int private) Link Here
643	if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)	648	if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
644	fatal("sshkey_new failed");	649	fatal("sshkey_new failed");
645	(*k)->type = KEY_RSA;	650	(*k)->type = KEY_RSA;
646	(*k)->rsa = EVP_PKEY_get1_RSA(pubkey);	651	EVP_PKEY_free((*k)->pkey);
		652	(*k)->pkey = pubkey;
		653	pubkey = NULL;
647	break;	654	break;
648	case EVP_PKEY_DSA:	655	case EVP_PKEY_DSA:
649	if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)	656	if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
650	fatal("sshkey_new failed");	657	fatal("sshkey_new failed");
651	(*k)->type = KEY_DSA;	658	(*k)->type = KEY_DSA;
652	(*k)->dsa = EVP_PKEY_get1_DSA(pubkey);	659	EVP_PKEY_free((*k)->pkey);
		660	(*k)->pkey = pubkey;
		661	pubkey = NULL;
653	break;	662	break;
654	#ifdef OPENSSL_HAS_ECC	663	#ifdef OPENSSL_HAS_ECC
655	case EVP_PKEY_EC:	664	case EVP_PKEY_EC:
656	if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)	665	if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
657	fatal("sshkey_new failed");	666	fatal("sshkey_new failed");
658	(*k)->type = KEY_ECDSA;	667	(*k)->type = KEY_ECDSA;
659	(*k)->ecdsa = EVP_PKEY_get1_EC_KEY(pubkey);	668	EVP_PKEY_free((*k)->pkey);
660	(k)->ecdsa_nid = sshkey_ecdsa_key_to_nid((k)->ecdsa);	669	(*k)->pkey = pubkey;
		670	pubkey = NULL;
		671	(k)->ecdsa_nid = sshkey_ecdsa_key_to_nid(k);
661	break;	672	break;
662	#endif	673	#endif
663	default:	674	default:
Lines 680-686 do_convert_from_pem(struct sshkey *k, int private) Link Here
680	if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)	691	if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
681	fatal("sshkey_new failed");	692	fatal("sshkey_new failed");
682	(*k)->type = KEY_RSA;	693	(*k)->type = KEY_RSA;
683	(*k)->rsa = rsa;	694	(*k)->pkey = EVP_PKEY_new();
		695	EVP_PKEY_set1_RSA((*k)->pkey, rsa);
684	fclose(fp);	696	fclose(fp);
685	return;	697	return;
686	}	698	}
Lines 693-698 do_convert_from(struct passwd *pw) Link Here
693	struct sshkey *k = NULL;	705	struct sshkey *k = NULL;
694	int r, private = 0, ok = 0;	706	int r, private = 0, ok = 0;
695	struct stat st;	707	struct stat st;
		708	RSA *rsa;
		709	DSA *dsa;
		710	EC_KEY *ecdsa;
696		711
697	if (!have_identity)	712	if (!have_identity)
698	ask_filename(pw, "Enter file in which the key is");	713	ask_filename(pw, "Enter file in which the key is");
Lines 721-737 do_convert_from(struct passwd *pw) Link Here
721	} else {	736	} else {
722	switch (k->type) {	737	switch (k->type) {
723	case KEY_DSA:	738	case KEY_DSA:
724	ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL,	739	dsa = EVP_PKEY_get0_DSA(k->pkey);
		740	ok = PEM_write_DSAPrivateKey(stdout, dsa, NULL,
725	NULL, 0, NULL, NULL);	741	NULL, 0, NULL, NULL);
726	break;	742	break;
727	#ifdef OPENSSL_HAS_ECC	743	#ifdef OPENSSL_HAS_ECC
728	case KEY_ECDSA:	744	case KEY_ECDSA:
729	ok = PEM_write_ECPrivateKey(stdout, k->ecdsa, NULL,	745	ecdsa = EVP_PKEY_get0_EC_KEY(k->pkey);
		746	ok = PEM_write_ECPrivateKey(stdout, ecdsa, NULL,
730	NULL, 0, NULL, NULL);	747	NULL, 0, NULL, NULL);
731	break;	748	break;
732	#endif	749	#endif
733	case KEY_RSA:	750	case KEY_RSA:
734	ok = PEM_write_RSAPrivateKey(stdout, k->rsa, NULL,	751	rsa = EVP_PKEY_get0_RSA(k->pkey);
		752	ok = PEM_write_RSAPrivateKey(stdout, rsa, NULL,
735	NULL, 0, NULL, NULL);	753	NULL, 0, NULL, NULL);
736	break;	754	break;
737	default:	755	default:

Lines 399-422 static int pkcs11_reload_key(struct sshkey key, struct pkcs11_key k11) Link Here

(-)a/ssh-pkcs11.c (-32 / +38 lines)
399		399
400	int pkcs11_refresh_key(struct sshkey *key)	400	int pkcs11_refresh_key(struct sshkey *key)
401	{	401	{
402	struct pkcs11_key *k11;	402	struct pkcs11_key *k11 = NULL;
		403	RSA *rsa;
		404	EC_KEY *ecdsa;
403		405
404	switch (key->type) {	406	switch (key->type) {
405	case KEY_RSA:	407	case KEY_RSA:
406	if ((k11 = RSA_get_ex_data(key->rsa, rsa_idx)) == NULL) {	408	if ((rsa = EVP_PKEY_get0_RSA(key->pkey)) == NULL \|\|
407	error("RSA_get_ex_data failed for rsa %p", key->rsa);	409	(k11 = RSA_get_ex_data(rsa, rsa_idx)) == NULL) {
		410	error("RSA_get_ex_data failed for rsa %p", rsa);
408	return (-1);	411	return (-1);
409	}	412	}
410	break;	413	break;
411	case KEY_ECDSA:	414	case KEY_ECDSA:
412	if ((k11 = EC_KEY_get_ex_data(key->ecdsa, ec_key_idx)) == NULL) {	415	if ((ecdsa = EVP_PKEY_get0_EC_KEY(key->pkey)) == NULL \|\|
413	error("EC_KEY_get_ex_data failed for ecdsa %p", key->ecdsa);	416	(k11 = EC_KEY_get_ex_data(ecdsa, ec_key_idx)) == NULL) {
		417	error("EC_KEY_get_ex_data failed for ecdsa %p", ecdsa);
414	return (-1);	418	return (-1);
415	}	419	}
416	break;	420	break;
417	}	421	}
418	if (!k11->provider \|\| !k11->provider->valid) {	422	if (!k11 \|\| !k11->provider \|\| !k11->provider->valid) {
419	error("no pkcs11 (valid) provider for rsa %p", key->rsa);	423	error("no pkcs11 (valid) provider for key");
420	return (-1);	424	return (-1);
421	}	425	}
422		426
Lines 817-823 pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, Link Here
817	struct sshkey *key = NULL;	821	struct sshkey *key = NULL;
818	const unsigned char *attrp = NULL;	822	const unsigned char *attrp = NULL;
819	int i;	823	int i;
820	int nid;
821		824
822	memset(&key_attr, 0, sizeof(key_attr));	825	memset(&key_attr, 0, sizeof(key_attr));
823	key_attr[0].type = CKA_ID;	826	key_attr[0].type = CKA_ID;
Lines 892-903 pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, Link Here
892	goto fail;	895	goto fail;
893	}	896	}
894		897
895	nid = sshkey_ecdsa_key_to_nid(ec);
896	if (nid < 0) {
897	error("couldn't get curve nid");
898	goto fail;
899	}
900
901	if (pkcs11_ecdsa_wrap(p, slotidx, &key_attr[0], ec))	898	if (pkcs11_ecdsa_wrap(p, slotidx, &key_attr[0], ec))
902	goto fail;	899	goto fail;
903		900
Lines 906-918 pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, Link Here
906	error("sshkey_new failed");	903	error("sshkey_new failed");
907	goto fail;	904	goto fail;
908	}	905	}
909
910	key->ecdsa = ec;
911	key->ecdsa_nid = nid;
912	key->type = KEY_ECDSA;	906	key->type = KEY_ECDSA;
913	key->flags \|= SSHKEY_FLAG_EXT;	907	key->flags \|= SSHKEY_FLAG_EXT;
		908	EVP_PKEY_set1_EC_KEY(key->pkey, ec);
914	ec = NULL; /* now owned by key */	909	ec = NULL; /* now owned by key */
915		910
		911	key->ecdsa_nid = sshkey_ecdsa_key_to_nid(key);
		912	if (key->ecdsa_nid < 0) {
		913	error("couldn't get curve nid");
		914	goto fail;
		915	}
		916
		917
916	fail:	918	fail:
917	for (i = 0; i < 3; i++)	919	for (i = 0; i < 3; i++)
918	free(key_attr[i].pValue);	920	free(key_attr[i].pValue);
Lines 1003-1009 pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, Link Here
1003	goto fail;	1005	goto fail;
1004	}	1006	}
1005		1007
1006	key->rsa = rsa;	1008	key->pkey = EVP_PKEY_new();
		1009	if (key == NULL) {
		1010	error("EVP_PKEY_new failed");
		1011	goto fail;
		1012	}
		1013	EVP_PKEY_set1_RSA(key->pkey, rsa);
1007	key->type = KEY_RSA;	1014	key->type = KEY_RSA;
1008	key->flags \|= SSHKEY_FLAG_EXT;	1015	key->flags \|= SSHKEY_FLAG_EXT;
1009	rsa = NULL; /* now owned by key */	1016	rsa = NULL; /* now owned by key */
Lines 1030-1038 pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, Link Here
1030	EC_KEY *ec = NULL;	1037	EC_KEY *ec = NULL;
1031	struct sshkey *key = NULL;	1038	struct sshkey *key = NULL;
1032	int i;	1039	int i;
1033	#ifdef HAVE_EC_KEY_METHOD_NEW
1034	int nid;
1035	#endif
1036	const u_char *cp;	1040	const u_char *cp;
1037		1041
1038	memset(&cert_attr, 0, sizeof(cert_attr));	1042	memset(&cert_attr, 0, sizeof(cert_attr));
Lines 1109-1116 pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, Link Here
1109	error("sshkey_new failed");	1113	error("sshkey_new failed");
1110	goto fail;	1114	goto fail;
1111	}	1115	}
1112		1116	if (key == NULL) {
1113	key->rsa = rsa;	1117	error("EVP_PKEY_new failed");
		1118	goto fail;
		1119	}
		1120	EVP_PKEY_set1_RSA(key->pkey, rsa);
1114	key->type = KEY_RSA;	1121	key->type = KEY_RSA;
1115	key->flags \|= SSHKEY_FLAG_EXT;	1122	key->flags \|= SSHKEY_FLAG_EXT;
1116	rsa = NULL; /* now owned by key */	1123	rsa = NULL; /* now owned by key */
Lines 1125-1136 pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, Link Here
1125	goto fail;	1132	goto fail;
1126	}	1133	}
1127		1134
1128	nid = sshkey_ecdsa_key_to_nid(ec);
1129	if (nid < 0) {
1130	error("couldn't get curve nid");
1131	goto fail;
1132	}
1133
1134	if (pkcs11_ecdsa_wrap(p, slotidx, &cert_attr[0], ec))	1135	if (pkcs11_ecdsa_wrap(p, slotidx, &cert_attr[0], ec))
1135	goto fail;	1136	goto fail;
1136		1137
Lines 1139-1150 pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, Link Here
1139	error("sshkey_new failed");	1140	error("sshkey_new failed");
1140	goto fail;	1141	goto fail;
1141	}	1142	}
1142
1143	key->ecdsa = ec;
1144	key->ecdsa_nid = nid;
1145	key->type = KEY_ECDSA;	1143	key->type = KEY_ECDSA;
1146	key->flags \|= SSHKEY_FLAG_EXT;	1144	key->flags \|= SSHKEY_FLAG_EXT;
		1145	EVP_PKEY_set1_EC_KEY(key->pkey, ec);
1147	ec = NULL; /* now owned by key */	1146	ec = NULL; /* now owned by key */
		1147
		1148	key->ecdsa_nid = sshkey_ecdsa_key_to_nid(key);
		1149	if (key->ecdsa_nid < 0) {
		1150	error("couldn't get curve nid");
		1151	goto fail;
		1152	}
		1153
1148	#endif /* HAVE_EC_KEY_METHOD_NEW */	1154	#endif /* HAVE_EC_KEY_METHOD_NEW */
1149	} else	1155	} else
1150	error("unknown certificate key type");	1156	error("unknown certificate key type");

Lines 63-68 const struct ssh_digest digests[] = { Link Here

(-)a/digest-openssl.c (+16 lines)
63	{ -1, NULL, 0, NULL },	63	{ -1, NULL, 0, NULL },
64	};	64	};
65		65
		66	const EVP_MD *
		67	ssh_digest_to_md(int digest_type)
		68	{
		69	switch (digest_type) {
		70	case SSH_DIGEST_SHA1:
		71	return EVP_sha1();
		72	case SSH_DIGEST_SHA256:
		73	return EVP_sha256();
		74	case SSH_DIGEST_SHA384:
		75	return EVP_sha384();
		76	case SSH_DIGEST_SHA512:
		77	return EVP_sha512();
		78	}
		79	return NULL;
		80	}
		81
66	static const struct ssh_digest *	82	static const struct ssh_digest *
67	ssh_digest_by_alg(int alg)	83	ssh_digest_by_alg(int alg)
68	{	84	{

Lines 88-97 const BIGNUM * Link Here

(-)a/regress/unittests/sshkey/common.c (-14 / +28 lines)
88	rsa_n(struct sshkey *k)	88	rsa_n(struct sshkey *k)
89	{	89	{
90	const BIGNUM *n = NULL;	90	const BIGNUM *n = NULL;
		91	const RSA *rsa = NULL;
91		92
92	ASSERT_PTR_NE(k, NULL);	93	ASSERT_PTR_NE(k, NULL);
93	ASSERT_PTR_NE(k->rsa, NULL);	94	rsa = EVP_PKEY_get0_RSA(k->pkey);
94	RSA_get0_key(k->rsa, &n, NULL, NULL);	95	ASSERT_PTR_NE(rsa, NULL);
		96	RSA_get0_key(rsa, &n, NULL, NULL);
95	return n;	97	return n;
96	}	98	}
97		99
Lines 99-108 const BIGNUM * Link Here
99	rsa_e(struct sshkey *k)	101	rsa_e(struct sshkey *k)
100	{	102	{
101	const BIGNUM *e = NULL;	103	const BIGNUM *e = NULL;
		104	const RSA *rsa = NULL;
102		105
103	ASSERT_PTR_NE(k, NULL);	106	ASSERT_PTR_NE(k, NULL);
104	ASSERT_PTR_NE(k->rsa, NULL);	107	rsa = EVP_PKEY_get0_RSA(k->pkey);
105	RSA_get0_key(k->rsa, NULL, &e, NULL);	108	ASSERT_PTR_NE(rsa, NULL);
		109	RSA_get0_key(rsa, NULL, &e, NULL);
106	return e;	110	return e;
107	}	111	}
108		112
Lines 110-119 const BIGNUM * Link Here
110	rsa_p(struct sshkey *k)	114	rsa_p(struct sshkey *k)
111	{	115	{
112	const BIGNUM *p = NULL;	116	const BIGNUM *p = NULL;
		117	const RSA *rsa = NULL;
113		118
114	ASSERT_PTR_NE(k, NULL);	119	ASSERT_PTR_NE(k, NULL);
115	ASSERT_PTR_NE(k->rsa, NULL);	120	rsa = EVP_PKEY_get0_RSA(k->pkey);
116	RSA_get0_factors(k->rsa, &p, NULL);	121	ASSERT_PTR_NE(rsa, NULL);
		122	RSA_get0_factors(rsa, &p, NULL);
117	return p;	123	return p;
118	}	124	}
119		125
Lines 121-130 const BIGNUM * Link Here
121	rsa_q(struct sshkey *k)	127	rsa_q(struct sshkey *k)
122	{	128	{
123	const BIGNUM *q = NULL;	129	const BIGNUM *q = NULL;
		130	const RSA *rsa = NULL;
124		131
125	ASSERT_PTR_NE(k, NULL);	132	ASSERT_PTR_NE(k, NULL);
126	ASSERT_PTR_NE(k->rsa, NULL);	133	rsa = EVP_PKEY_get0_RSA(k->pkey);
127	RSA_get0_factors(k->rsa, NULL, &q);	134	ASSERT_PTR_NE(rsa, NULL);
		135	RSA_get0_factors(rsa, NULL, &q);
128	return q;	136	return q;
129	}	137	}
130		138
Lines 132-141 const BIGNUM * Link Here
132	dsa_g(struct sshkey *k)	140	dsa_g(struct sshkey *k)
133	{	141	{
134	const BIGNUM *g = NULL;	142	const BIGNUM *g = NULL;
		143	const DSA *dsa = NULL;
135		144
136	ASSERT_PTR_NE(k, NULL);	145	ASSERT_PTR_NE(k, NULL);
137	ASSERT_PTR_NE(k->dsa, NULL);	146	dsa = EVP_PKEY_get0_DSA(k->pkey);
138	DSA_get0_pqg(k->dsa, NULL, NULL, &g);	147	ASSERT_PTR_NE(dsa, NULL);
		148	DSA_get0_pqg(dsa, NULL, NULL, &g);
139	return g;	149	return g;
140	}	150	}
141		151
Lines 143-152 const BIGNUM * Link Here
143	dsa_pub_key(struct sshkey *k)	153	dsa_pub_key(struct sshkey *k)
144	{	154	{
145	const BIGNUM *pub_key = NULL;	155	const BIGNUM *pub_key = NULL;
		156	const DSA *dsa = NULL;
146		157
147	ASSERT_PTR_NE(k, NULL);	158	ASSERT_PTR_NE(k, NULL);
148	ASSERT_PTR_NE(k->dsa, NULL);	159	dsa = EVP_PKEY_get0_DSA(k->pkey);
149	DSA_get0_key(k->dsa, &pub_key, NULL);	160	ASSERT_PTR_NE(dsa, NULL);
		161	DSA_get0_key(dsa, &pub_key, NULL);
150	return pub_key;	162	return pub_key;
151	}	163	}
152		164
Lines 154-163 const BIGNUM * Link Here
154	dsa_priv_key(struct sshkey *k)	166	dsa_priv_key(struct sshkey *k)
155	{	167	{
156	const BIGNUM *priv_key = NULL;	168	const BIGNUM *priv_key = NULL;
		169	const DSA *dsa = NULL;
157		170
158	ASSERT_PTR_NE(k, NULL);	171	ASSERT_PTR_NE(k, NULL);
159	ASSERT_PTR_NE(k->dsa, NULL);	172	dsa = EVP_PKEY_get0_DSA(k->pkey);
160	DSA_get0_key(k->dsa, NULL, &priv_key);	173	ASSERT_PTR_NE(dsa, NULL);
		174	DSA_get0_key(dsa, NULL, &priv_key);
161	return priv_key;	175	return priv_key;
162	}	176	}
163		177

Lines 180-185 sshkey_tests(void) Link Here

(-)a/regress/unittests/sshkey/test_sshkey.c (-13 / +26 lines)
180	#ifdef OPENSSL_HAS_ECC	180	#ifdef OPENSSL_HAS_ECC
181	struct sshkey *ke;	181	struct sshkey *ke;
182	#endif	182	#endif
		183	const RSA *rsa;
		184	const DSA *dsa;
		185	const EC_KEY *ecdsa;
183	struct sshbuf *b;	186	struct sshbuf *b;
184		187
185	TEST_START("new invalid");	188	TEST_START("new invalid");
Lines 196-209 sshkey_tests(void) Link Here
196	TEST_START("new/free KEY_RSA");	199	TEST_START("new/free KEY_RSA");
197	k1 = sshkey_new(KEY_RSA);	200	k1 = sshkey_new(KEY_RSA);
198	ASSERT_PTR_NE(k1, NULL);	201	ASSERT_PTR_NE(k1, NULL);
199	ASSERT_PTR_NE(k1->rsa, NULL);	202	rsa = EVP_PKEY_get0_RSA(k1->pkey);
		203	ASSERT_PTR_NE(rsa, NULL);
200	sshkey_free(k1);	204	sshkey_free(k1);
201	TEST_DONE();	205	TEST_DONE();
202		206
203	TEST_START("new/free KEY_DSA");	207	TEST_START("new/free KEY_DSA");
204	k1 = sshkey_new(KEY_DSA);	208	k1 = sshkey_new(KEY_DSA);
205	ASSERT_PTR_NE(k1, NULL);	209	ASSERT_PTR_NE(k1, NULL);
206	ASSERT_PTR_NE(k1->dsa, NULL);	210	dsa = EVP_PKEY_get0_DSA(k1->pkey);
		211	ASSERT_PTR_NE(dsa, NULL);
207	sshkey_free(k1);	212	sshkey_free(k1);
208	TEST_DONE();	213	TEST_DONE();
209		214
Lines 211-217 sshkey_tests(void) Link Here
211	TEST_START("new/free KEY_ECDSA");	216	TEST_START("new/free KEY_ECDSA");
212	k1 = sshkey_new(KEY_ECDSA);	217	k1 = sshkey_new(KEY_ECDSA);
213	ASSERT_PTR_NE(k1, NULL);	218	ASSERT_PTR_NE(k1, NULL);
214	ASSERT_PTR_EQ(k1->ecdsa, NULL); /* Can't allocate without NID */	219	ecdsa = EVP_PKEY_get0_EC_KEY(k1->pkey);
		220	ASSERT_PTR_EQ(ecdsa, NULL); /* Can't allocate without NID */
215	sshkey_free(k1);	221	sshkey_free(k1);
216	TEST_DONE();	222	TEST_DONE();
217	#endif	223	#endif
Lines 258-264 sshkey_tests(void) Link Here
258	SSH_ERR_KEY_LENGTH);	264	SSH_ERR_KEY_LENGTH);
259	ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0);	265	ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0);
260	ASSERT_PTR_NE(kr, NULL);	266	ASSERT_PTR_NE(kr, NULL);
261	ASSERT_PTR_NE(kr->rsa, NULL);	267	rsa = EVP_PKEY_get0_RSA(kr->pkey);
		268	ASSERT_PTR_NE(rsa, NULL);
262	ASSERT_PTR_NE(rsa_n(kr), NULL);	269	ASSERT_PTR_NE(rsa_n(kr), NULL);
263	ASSERT_PTR_NE(rsa_e(kr), NULL);	270	ASSERT_PTR_NE(rsa_e(kr), NULL);
264	ASSERT_PTR_NE(rsa_p(kr), NULL);	271	ASSERT_PTR_NE(rsa_p(kr), NULL);
Lines 268-274 sshkey_tests(void) Link Here
268	TEST_START("generate KEY_DSA");	275	TEST_START("generate KEY_DSA");
269	ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0);	276	ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0);
270	ASSERT_PTR_NE(kd, NULL);	277	ASSERT_PTR_NE(kd, NULL);
271	ASSERT_PTR_NE(kd->dsa, NULL);	278	dsa = EVP_PKEY_get0_DSA(kd->pkey);
		279	ASSERT_PTR_NE(dsa, NULL);
272	ASSERT_PTR_NE(dsa_g(kd), NULL);	280	ASSERT_PTR_NE(dsa_g(kd), NULL);
273	ASSERT_PTR_NE(dsa_priv_key(kd), NULL);	281	ASSERT_PTR_NE(dsa_priv_key(kd), NULL);
274	TEST_DONE();	282	TEST_DONE();
Lines 277-285 sshkey_tests(void) Link Here
277	TEST_START("generate KEY_ECDSA");	285	TEST_START("generate KEY_ECDSA");
278	ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &ke), 0);	286	ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &ke), 0);
279	ASSERT_PTR_NE(ke, NULL);	287	ASSERT_PTR_NE(ke, NULL);
280	ASSERT_PTR_NE(ke->ecdsa, NULL);	288	ecdsa = EVP_PKEY_get0_EC_KEY(ke->pkey);
281	ASSERT_PTR_NE(EC_KEY_get0_public_key(ke->ecdsa), NULL);	289	ASSERT_PTR_NE(ecdsa, NULL);
282	ASSERT_PTR_NE(EC_KEY_get0_private_key(ke->ecdsa), NULL);	290	ASSERT_PTR_NE(EC_KEY_get0_public_key(ecdsa), NULL);
		291	ASSERT_PTR_NE(EC_KEY_get0_private_key(ecdsa), NULL);
283	TEST_DONE();	292	TEST_DONE();
284	#endif	293	#endif
285		294
Lines 296-302 sshkey_tests(void) Link Here
296	ASSERT_PTR_NE(k1, NULL);	305	ASSERT_PTR_NE(k1, NULL);
297	ASSERT_PTR_NE(kr, k1);	306	ASSERT_PTR_NE(kr, k1);
298	ASSERT_INT_EQ(k1->type, KEY_RSA);	307	ASSERT_INT_EQ(k1->type, KEY_RSA);
299	ASSERT_PTR_NE(k1->rsa, NULL);	308	rsa = EVP_PKEY_get0_RSA(k1->pkey);
		309	ASSERT_PTR_NE(rsa, NULL);
300	ASSERT_PTR_NE(rsa_n(k1), NULL);	310	ASSERT_PTR_NE(rsa_n(k1), NULL);
301	ASSERT_PTR_NE(rsa_e(k1), NULL);	311	ASSERT_PTR_NE(rsa_e(k1), NULL);
302	ASSERT_PTR_EQ(rsa_p(k1), NULL);	312	ASSERT_PTR_EQ(rsa_p(k1), NULL);
Lines 312-318 sshkey_tests(void) Link Here
312	ASSERT_PTR_NE(k1, NULL);	322	ASSERT_PTR_NE(k1, NULL);
313	ASSERT_PTR_NE(kd, k1);	323	ASSERT_PTR_NE(kd, k1);
314	ASSERT_INT_EQ(k1->type, KEY_DSA);	324	ASSERT_INT_EQ(k1->type, KEY_DSA);
315	ASSERT_PTR_NE(k1->dsa, NULL);	325	dsa = EVP_PKEY_get0_DSA(k1->pkey);
		326	ASSERT_PTR_NE(dsa, NULL);
316	ASSERT_PTR_NE(dsa_g(k1), NULL);	327	ASSERT_PTR_NE(dsa_g(k1), NULL);
317	ASSERT_PTR_EQ(dsa_priv_key(k1), NULL);	328	ASSERT_PTR_EQ(dsa_priv_key(k1), NULL);
318	TEST_DONE();	329	TEST_DONE();
Lines 328-337 sshkey_tests(void) Link Here
328	ASSERT_PTR_NE(k1, NULL);	339	ASSERT_PTR_NE(k1, NULL);
329	ASSERT_PTR_NE(ke, k1);	340	ASSERT_PTR_NE(ke, k1);
330	ASSERT_INT_EQ(k1->type, KEY_ECDSA);	341	ASSERT_INT_EQ(k1->type, KEY_ECDSA);
331	ASSERT_PTR_NE(k1->ecdsa, NULL);	342	ecdsa = EVP_PKEY_get0_EC_KEY(k1->pkey);
		343	ASSERT_PTR_NE(ecdsa, NULL);
332	ASSERT_INT_EQ(k1->ecdsa_nid, ke->ecdsa_nid);	344	ASSERT_INT_EQ(k1->ecdsa_nid, ke->ecdsa_nid);
333	ASSERT_PTR_NE(EC_KEY_get0_public_key(ke->ecdsa), NULL);	345	ASSERT_PTR_EQ(EC_KEY_get0_private_key(ecdsa), NULL);
334	ASSERT_PTR_EQ(EC_KEY_get0_private_key(k1->ecdsa), NULL);	346	ecdsa = EVP_PKEY_get0_EC_KEY(ke->pkey);
		347	ASSERT_PTR_NE(EC_KEY_get0_public_key(ecdsa), NULL);
335	TEST_DONE();	348	TEST_DONE();
336		349
337	TEST_START("equal KEY_ECDSA/demoted KEY_ECDSA");	350	TEST_START("equal KEY_ECDSA/demoted KEY_ECDSA");

Lines 54-62 ssh_dss_sign(const struct sshkey key, u_char sigp, size_t lenp, Link Here

(-)a/ssh-dss.c (-26 / +30 lines)
54	{	54	{
55	DSA_SIG *sig = NULL;	55	DSA_SIG *sig = NULL;
56	const BIGNUM sig_r, sig_s;	56	const BIGNUM sig_r, sig_s;
57	u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN];	57	u_char sigblob[SIGBLOB_LEN];
58	size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);	58	size_t rlen, slen;
		59	int len;
59	struct sshbuf *b = NULL;	60	struct sshbuf *b = NULL;
		61	u_char *sigb = NULL;
		62	const u_char *psig = NULL;
60	int ret = SSH_ERR_INVALID_ARGUMENT;	63	int ret = SSH_ERR_INVALID_ARGUMENT;
61		64
62	if (lenp != NULL)	65	if (lenp != NULL)
Lines 64-83 ssh_dss_sign(const struct sshkey key, u_char sigp, size_t lenp, Link Here
64	if (sigp != NULL)	67	if (sigp != NULL)
65	*sigp = NULL;	68	*sigp = NULL;
66		69
67	if (key == NULL \|\| key->dsa == NULL \|\|	70	if (key == NULL \|\| EVP_PKEY_get0_DSA(key->pkey) == NULL \|\|
68	sshkey_type_plain(key->type) != KEY_DSA)	71	sshkey_type_plain(key->type) != KEY_DSA)
69	return SSH_ERR_INVALID_ARGUMENT;	72	return SSH_ERR_INVALID_ARGUMENT;
70	if (dlen == 0)
71	return SSH_ERR_INTERNAL_ERROR;
72		73
73	if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,	74	ret = sshkey_calculate_signature(key->pkey, SSH_DIGEST_SHA1, &sigb, &len,
74	digest, sizeof(digest))) != 0)	75	data, datalen);
		76	if (ret < 0) {
75	goto out;	77	goto out;
		78	}
76		79
77	if ((sig = DSA_do_sign(digest, dlen, key->dsa)) == NULL) {	80	psig = sigb;
		81	if ((sig = d2i_DSA_SIG(NULL, &psig, len)) == NULL) {
78	ret = SSH_ERR_LIBCRYPTO_ERROR;	82	ret = SSH_ERR_LIBCRYPTO_ERROR;
79	goto out;	83	goto out;
80	}	84	}
		85	free(sigb);
		86	sigb = NULL;
81		87
82	DSA_SIG_get0(sig, &sig_r, &sig_s);	88	DSA_SIG_get0(sig, &sig_r, &sig_s);
83	rlen = BN_num_bytes(sig_r);	89	rlen = BN_num_bytes(sig_r);
Lines 110-116 ssh_dss_sign(const struct sshkey key, u_char sigp, size_t lenp, Link Here
110	*lenp = len;	116	*lenp = len;
111	ret = 0;	117	ret = 0;
112	out:	118	out:
113	explicit_bzero(digest, sizeof(digest));	119	free(sigb);
114	DSA_SIG_free(sig);	120	DSA_SIG_free(sig);
115	sshbuf_free(b);	121	sshbuf_free(b);
116	return ret;	122	return ret;
Lines 123-140 ssh_dss_verify(const struct sshkey *key, Link Here
123	{	129	{
124	DSA_SIG *sig = NULL;	130	DSA_SIG *sig = NULL;
125	BIGNUM sig_r = NULL, sig_s = NULL;	131	BIGNUM sig_r = NULL, sig_s = NULL;
126	u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob = NULL;	132	u_char *sigblob = NULL;
127	size_t len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);	133	size_t len, slen;
128	int ret = SSH_ERR_INTERNAL_ERROR;	134	int ret = SSH_ERR_INTERNAL_ERROR;
129	struct sshbuf *b = NULL;	135	struct sshbuf *b = NULL;
130	char *ktype = NULL;	136	char *ktype = NULL;
		137	u_char sigb = NULL, psig = NULL;
131		138
132	if (key == NULL \|\| key->dsa == NULL \|\|	139	if (key == NULL \|\| EVP_PKEY_get0_DSA(key->pkey) == NULL \|\|
133	sshkey_type_plain(key->type) != KEY_DSA \|\|	140	sshkey_type_plain(key->type) != KEY_DSA \|\|
134	signature == NULL \|\| signaturelen == 0)	141	signature == NULL \|\| signaturelen == 0)
135	return SSH_ERR_INVALID_ARGUMENT;	142	return SSH_ERR_INVALID_ARGUMENT;
136	if (dlen == 0)
137	return SSH_ERR_INTERNAL_ERROR;
138		143
139	/* fetch signature */	144	/* fetch signature */
140	if ((b = sshbuf_from(signature, signaturelen)) == NULL)	145	if ((b = sshbuf_from(signature, signaturelen)) == NULL)
Lines 176-200 ssh_dss_verify(const struct sshkey *key, Link Here
176	}	181	}
177	sig_r = sig_s = NULL; /* transferred */	182	sig_r = sig_s = NULL; /* transferred */
178		183
179	/* sha1 the data */	184	if ((slen = i2d_DSA_SIG(sig, NULL)) == 0) {
180	if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,	185	ret = SSH_ERR_LIBCRYPTO_ERROR;
181	digest, sizeof(digest))) != 0)
182	goto out;	186	goto out;
183		187	}
184	switch (DSA_do_verify(digest, dlen, sig, key->dsa)) {	188	if ((sigb = malloc(slen)) == NULL) {
185	case 1:	189	ret = SSH_ERR_ALLOC_FAIL;
186	ret = 0;
187	break;
188	case 0:
189	ret = SSH_ERR_SIGNATURE_INVALID;
190	goto out;	190	goto out;
191	default:	191	}
		192	psig = sigb;
		193	if ((slen = i2d_DSA_SIG(sig, &psig)) == 0) {
192	ret = SSH_ERR_LIBCRYPTO_ERROR;	194	ret = SSH_ERR_LIBCRYPTO_ERROR;
193	goto out;	195	goto out;
194	}	196	}
195		197
		198	ret = sshkey_verify_signature(key->pkey, SSH_DIGEST_SHA1, data, datalen,
		199	sigb, slen);
		200
196	out:	201	out:
197	explicit_bzero(digest, sizeof(digest));
198	DSA_SIG_free(sig);	202	DSA_SIG_free(sig);
199	BN_clear_free(sig_r);	203	BN_clear_free(sig_r);
200	BN_clear_free(sig_s);	204	BN_clear_free(sig_s);

Lines 130-138 rsa_encrypt(int flen, const u_char from, u_char to, RSA *rsa, int padding) Link Here

(-)a/ssh-pkcs11-client.c (-16 / +23 lines)
130	error("%s: sshkey_new failed", __func__);	130	error("%s: sshkey_new failed", __func__);
131	goto fail;	131	goto fail;
132	}	132	}
		133	key->pkey = EVP_PKEY_new();
		134	if (key->pkey == NULL) {
		135	error("%s: EVP_PKEY_new failed", __func__);
		136	goto fail;
		137	}
		138
133	key->type = KEY_RSA;	139	key->type = KEY_RSA;
134	RSA_up_ref(rsa);	140	EVP_PKEY_set1_RSA(key->pkey, rsa);
135	key->rsa = rsa;
136	if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) {	141	if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) {
137	error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));	142	error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));
138	goto fail;	143	goto fail;
Lines 174-197 ecdsa_do_sign(const unsigned char dgst, int dgst_len, const BIGNUM inv, Link Here
174	const u_char *cp;	179	const u_char *cp;
175	u_char blob = NULL, signature = NULL;	180	u_char blob = NULL, signature = NULL;
176	size_t blen, slen = 0;	181	size_t blen, slen = 0;
177	int r, nid;	182	int r;
178
179	nid = sshkey_ecdsa_key_to_nid(ec);
180	if (nid < 0) {
181	error("%s: couldn't get curve nid", __func__);
182	goto fail;
183	}
184		183
185	key = sshkey_new(KEY_UNSPEC);	184	key = sshkey_new(KEY_UNSPEC);
186	if (key == NULL) {	185	if (key == NULL) {
187	error("%s: sshkey_new failed", __func__);	186	error("%s: sshkey_new failed", __func__);
188	goto fail;	187	goto fail;
189	}	188	}
190	key->ecdsa = ec;	189
191	key->ecdsa_nid = nid;
192	key->type = KEY_ECDSA;	190	key->type = KEY_ECDSA;
		191	EVP_PKEY_set1_EC_KEY(key->pkey, ec);
193	EC_KEY_up_ref(ec);	192	EC_KEY_up_ref(ec);
194		193
		194	key->ecdsa_nid = sshkey_ecdsa_key_to_nid(key);
		195	if (key->ecdsa_nid < 0) {
		196	error("%s: couldn't get curve nid", __func__);
		197	goto fail;
		198	}
		199
195	if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) {	200	if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) {
196	error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));	201	error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));
197	goto fail;	202	goto fail;
Lines 231-243 static EC_KEY_METHOD *helper_ecdsa; Link Here
231	static void	236	static void
232	wrap_key(struct sshkey *k)	237	wrap_key(struct sshkey *k)
233	{	238	{
234	if (k->type == KEY_RSA)	239	if (k->type == KEY_RSA) {
235	RSA_set_method(k->rsa, helper_rsa);	240	RSA *rsa = EVP_PKEY_get0_RSA(k->pkey);
		241	RSA_set_method(rsa, helper_rsa);
236	#ifdef HAVE_EC_KEY_METHOD_NEW	242	#ifdef HAVE_EC_KEY_METHOD_NEW
237	else if (k->type == KEY_ECDSA)	243	} else if (k->type == KEY_ECDSA) {
238	EC_KEY_set_method(k->ecdsa, helper_ecdsa);	244	EC_KEY *ecdsa = EVP_PKEY_get0_EC_KEY(k->pkey);
		245	EC_KEY_set_method(ecdsa, helper_ecdsa);
239	#endif /* HAVE_EC_KEY_METHOD_NEW */	246	#endif /* HAVE_EC_KEY_METHOD_NEW */
240	else	247	} else
241	fatal("%s: unknown key type", __func__);	248	fatal("%s: unknown key type", __func__);
242	}	249	}
243		250

Lines 39-44 Link Here

(-)a/ssh-pkcs11-helper.c (-4 / +10 lines)
39	#include "ssh-pkcs11.h"	39	#include "ssh-pkcs11.h"
40	#include "ssherr.h"	40	#include "ssherr.h"
41		41
		42	#ifdef WITH_OPENSSL
		43	#include <openssl/rsa.h>
		44	#endif
		45
42	#ifdef ENABLE_PKCS11	46	#ifdef ENABLE_PKCS11
43		47
44	/* borrows code from sftp-server and ssh-agent */	48	/* borrows code from sftp-server and ssh-agent */
Lines 200-219 process_sign(void) Link Here
200		204
201	pkcs11_refresh_key(found);	205	pkcs11_refresh_key(found);
202	if (key->type == KEY_RSA) {	206	if (key->type == KEY_RSA) {
203	slen = RSA_size(key->rsa);	207	RSA *rsa = EVP_PKEY_get0_RSA(found->pkey);
		208	slen = RSA_size(rsa);
204	signature = xmalloc(slen);	209	signature = xmalloc(slen);
205	ret = RSA_private_encrypt(dlen, data, signature,	210	ret = RSA_private_encrypt(dlen, data, signature,
206	found->rsa, RSA_PKCS1_PADDING);	211	rsa, RSA_PKCS1_PADDING);
207	if (ret != -1) {	212	if (ret != -1) {
208	slen = ret;	213	slen = ret;
209	ok = 0;	214	ok = 0;
210	}	215	}
211	} else if (key->type == KEY_ECDSA) {	216	} else if (key->type == KEY_ECDSA) {
212	xslen = ECDSA_size(key->ecdsa);	217	EC_KEY *ecdsa = EVP_PKEY_get0_EC_KEY(found->pkey);
		218	xslen = ECDSA_size(ecdsa);
213	signature = xmalloc(xslen);	219	signature = xmalloc(xslen);
214	/* "The parameter type is ignored." */	220	/* "The parameter type is ignored." */
215	ret = ECDSA_sign(-1, data, dlen, signature,	221	ret = ECDSA_sign(-1, data, dlen, signature,
216	&xslen, found->ecdsa);	222	&xslen, ecdsa);
217	if (ret != 0)	223	if (ret != 0)
218	ok = 0;	224	ok = 0;
219	else	225	else

Lines 37-43 Link Here

(-)a/ssh-rsa.c (-167 / +38 lines)
37		37
38	#include "openbsd-compat/openssl-compat.h"	38	#include "openbsd-compat/openssl-compat.h"
39		39
40	static int openssh_RSA_verify(int, u_char , size_t, u_char , size_t, RSA *);	40	static int openssh_RSA_verify(int, const u_char , size_t, u_char , size_t, EVP_PKEY *);
41		41
42	static const char *	42	static const char *
43	rsa_hash_alg_ident(int hash_alg)	43	rsa_hash_alg_ident(int hash_alg)
Lines 90-110 rsa_hash_id_from_keyname(const char *alg) Link Here
90	return -1;	90	return -1;
91	}	91	}
92		92
93	static int
94	rsa_hash_alg_nid(int type)
95	{
96	switch (type) {
97	case SSH_DIGEST_SHA1:
98	return NID_sha1;
99	case SSH_DIGEST_SHA256:
100	return NID_sha256;
101	case SSH_DIGEST_SHA512:
102	return NID_sha512;
103	default:
104	return -1;
105	}
106	}
107
108	int	93	int
109	ssh_rsa_complete_crt_parameters(struct sshkey key, const BIGNUM iqmp)	94	ssh_rsa_complete_crt_parameters(struct sshkey key, const BIGNUM iqmp)
110	{	95	{
Lines 112-125 ssh_rsa_complete_crt_parameters(struct sshkey key, const BIGNUM iqmp) Link Here
112	BIGNUM aux = NULL, d_consttime = NULL;	97	BIGNUM aux = NULL, d_consttime = NULL;
113	BIGNUM rsa_dmq1 = NULL, rsa_dmp1 = NULL, *rsa_iqmp = NULL;	98	BIGNUM rsa_dmq1 = NULL, rsa_dmp1 = NULL, *rsa_iqmp = NULL;
114	BN_CTX *ctx = NULL;	99	BN_CTX *ctx = NULL;
		100	RSA *rsa;
115	int r;	101	int r;
116		102
117	if (key == NULL \|\| key->rsa == NULL \|\|	103	rsa = EVP_PKEY_get0_RSA(key->pkey);
		104	if (key == NULL \|\| rsa == NULL \|\|
118	sshkey_type_plain(key->type) != KEY_RSA)	105	sshkey_type_plain(key->type) != KEY_RSA)
119	return SSH_ERR_INVALID_ARGUMENT;	106	return SSH_ERR_INVALID_ARGUMENT;
120		107
121	RSA_get0_key(key->rsa, NULL, NULL, &rsa_d);	108	RSA_get0_key(rsa, NULL, NULL, &rsa_d);
122	RSA_get0_factors(key->rsa, &rsa_p, &rsa_q);	109	RSA_get0_factors(rsa, &rsa_p, &rsa_q);
123		110
124	if ((ctx = BN_CTX_new()) == NULL)	111	if ((ctx = BN_CTX_new()) == NULL)
125	return SSH_ERR_ALLOC_FAIL;	112	return SSH_ERR_ALLOC_FAIL;
Lines 142-148 ssh_rsa_complete_crt_parameters(struct sshkey key, const BIGNUM iqmp) Link Here
142	r = SSH_ERR_LIBCRYPTO_ERROR;	129	r = SSH_ERR_LIBCRYPTO_ERROR;
143	goto out;	130	goto out;
144	}	131	}
145	if (!RSA_set0_crt_params(key->rsa, rsa_dmp1, rsa_dmq1, rsa_iqmp)) {	132	if (!RSA_set0_crt_params(rsa, rsa_dmp1, rsa_dmq1, rsa_iqmp)) {
146	r = SSH_ERR_LIBCRYPTO_ERROR;	133	r = SSH_ERR_LIBCRYPTO_ERROR;
147	goto out;	134	goto out;
148	}	135	}
Lines 164-174 int Link Here
164	ssh_rsa_sign(const struct sshkey key, u_char sigp, size_t lenp,	151	ssh_rsa_sign(const struct sshkey key, u_char sigp, size_t lenp,
165	const u_char data, size_t datalen, const char alg_ident)	152	const u_char data, size_t datalen, const char alg_ident)
166	{	153	{
167	const BIGNUM *rsa_n;	154	const RSA *rsa;
168	u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL;	155	u_char *sig = NULL;
169	size_t slen = 0;	156	int len, slen = 0;
170	u_int dlen, len;	157	int hash_alg, ret = SSH_ERR_INTERNAL_ERROR;
171	int nid, hash_alg, ret = SSH_ERR_INTERNAL_ERROR;
172	struct sshbuf *b = NULL;	158	struct sshbuf *b = NULL;
173		159
174	if (lenp != NULL)	160	if (lenp != NULL)
Lines 180-212 ssh_rsa_sign(const struct sshkey key, u_char sigp, size_t lenp, Link Here
180	hash_alg = SSH_DIGEST_SHA1;	166	hash_alg = SSH_DIGEST_SHA1;
181	else	167	else
182	hash_alg = rsa_hash_id_from_keyname(alg_ident);	168	hash_alg = rsa_hash_id_from_keyname(alg_ident);
183	if (key == NULL \|\| key->rsa == NULL \|\| hash_alg == -1 \|\|	169
		170	rsa = EVP_PKEY_get0_RSA(key->pkey);
		171	if (key == NULL \|\| rsa == NULL \|\| hash_alg == -1 \|\|
184	sshkey_type_plain(key->type) != KEY_RSA)	172	sshkey_type_plain(key->type) != KEY_RSA)
185	return SSH_ERR_INVALID_ARGUMENT;	173	return SSH_ERR_INVALID_ARGUMENT;
186	RSA_get0_key(key->rsa, &rsa_n, NULL, NULL);	174	slen = RSA_size(rsa);
187	if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)	175	if (RSA_bits(rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE)
188	return SSH_ERR_KEY_LENGTH;	176	return SSH_ERR_KEY_LENGTH;
189	slen = RSA_size(key->rsa);
190	if (slen <= 0 \|\| slen > SSHBUF_MAX_BIGNUM)
191	return SSH_ERR_INVALID_ARGUMENT;
192		177
193	/* hash the data */	178	ret = sshkey_calculate_signature(key->pkey, hash_alg, &sig, &len, data,
194	nid = rsa_hash_alg_nid(hash_alg);	179	datalen);
195	if ((dlen = ssh_digest_bytes(hash_alg)) == 0)	180	if (ret < 0) {
196	return SSH_ERR_INTERNAL_ERROR;
197	if ((ret = ssh_digest_memory(hash_alg, data, datalen,
198	digest, sizeof(digest))) != 0)
199	goto out;
200
201	if ((sig = malloc(slen)) == NULL) {
202	ret = SSH_ERR_ALLOC_FAIL;
203	goto out;	181	goto out;
204	}	182	}
205		183
206	if (RSA_sign(nid, digest, dlen, sig, &len, key->rsa) != 1) {
207	ret = SSH_ERR_LIBCRYPTO_ERROR;
208	goto out;
209	}
210	if (len < slen) {	184	if (len < slen) {
211	size_t diff = slen - len;	185	size_t diff = slen - len;
212	memmove(sig + diff, sig, len);	186	memmove(sig + diff, sig, len);
Lines 215-220 ssh_rsa_sign(const struct sshkey key, u_char sigp, size_t lenp, Link Here
215	ret = SSH_ERR_INTERNAL_ERROR;	189	ret = SSH_ERR_INTERNAL_ERROR;
216	goto out;	190	goto out;
217	}	191	}
		192
218	/* encode signature */	193	/* encode signature */
219	if ((b = sshbuf_new()) == NULL) {	194	if ((b = sshbuf_new()) == NULL) {
220	ret = SSH_ERR_ALLOC_FAIL;	195	ret = SSH_ERR_ALLOC_FAIL;
Lines 235-241 ssh_rsa_sign(const struct sshkey key, u_char sigp, size_t lenp, Link Here
235	*lenp = len;	210	*lenp = len;
236	ret = 0;	211	ret = 0;
237	out:	212	out:
238	explicit_bzero(digest, sizeof(digest));
239	freezero(sig, slen);	213	freezero(sig, slen);
240	sshbuf_free(b);	214	sshbuf_free(b);
241	return ret;	215	return ret;
Lines 246-264 ssh_rsa_verify(const struct sshkey *key, Link Here
246	const u_char sig, size_t siglen, const u_char data, size_t datalen,	220	const u_char sig, size_t siglen, const u_char data, size_t datalen,
247	const char *alg)	221	const char *alg)
248	{	222	{
249	const BIGNUM *rsa_n;	223	const RSA *rsa;
250	char *sigtype = NULL;	224	char *sigtype = NULL;
251	int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR;	225	int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR;
252	size_t len = 0, diff, modlen, dlen;	226	size_t len = 0, diff, modlen;
253	struct sshbuf *b = NULL;	227	struct sshbuf *b = NULL;
254	u_char digest[SSH_DIGEST_MAX_LENGTH], osigblob, sigblob = NULL;	228	u_char digest[SSH_DIGEST_MAX_LENGTH], osigblob, sigblob = NULL;
255		229
256	if (key == NULL \|\| key->rsa == NULL \|\|	230	rsa = EVP_PKEY_get0_RSA(key->pkey);
		231	if (key == NULL \|\| rsa == NULL \|\|
257	sshkey_type_plain(key->type) != KEY_RSA \|\|	232	sshkey_type_plain(key->type) != KEY_RSA \|\|
258	sig == NULL \|\| siglen == 0)	233	sig == NULL \|\| siglen == 0)
259	return SSH_ERR_INVALID_ARGUMENT;	234	return SSH_ERR_INVALID_ARGUMENT;
260	RSA_get0_key(key->rsa, &rsa_n, NULL, NULL);	235	if (RSA_bits(rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE)
261	if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
262	return SSH_ERR_KEY_LENGTH;	236	return SSH_ERR_KEY_LENGTH;
263		237
264	if ((b = sshbuf_from(sig, siglen)) == NULL)	238	if ((b = sshbuf_from(sig, siglen)) == NULL)
Lines 294-300 ssh_rsa_verify(const struct sshkey *key, Link Here
294	goto out;	268	goto out;
295	}	269	}
296	/* RSA_verify expects a signature of RSA_size */	270	/* RSA_verify expects a signature of RSA_size */
297	modlen = RSA_size(key->rsa);	271	modlen = RSA_size(rsa);
298	if (len > modlen) {	272	if (len > modlen) {
299	ret = SSH_ERR_KEY_BITS_MISMATCH;	273	ret = SSH_ERR_KEY_BITS_MISMATCH;
300	goto out;	274	goto out;
Lines 310-325 ssh_rsa_verify(const struct sshkey *key, Link Here
310	explicit_bzero(sigblob, diff);	284	explicit_bzero(sigblob, diff);
311	len = modlen;	285	len = modlen;
312	}	286	}
313	if ((dlen = ssh_digest_bytes(hash_alg)) == 0) {
314	ret = SSH_ERR_INTERNAL_ERROR;
315	goto out;
316	}
317	if ((ret = ssh_digest_memory(hash_alg, data, datalen,
318	digest, sizeof(digest))) != 0)
319	goto out;
320		287
321	ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len,	288	ret = openssh_RSA_verify(hash_alg, data, datalen, sigblob, len,
322	key->rsa);	289	key->pkey);
323	out:	290	out:
324	freezero(sigblob, len);	291	freezero(sigblob, len);
325	free(sigtype);	292	free(sigtype);
Lines 328-449 ssh_rsa_verify(const struct sshkey *key, Link Here
328	return ret;	295	return ret;
329	}	296	}
330		297
331	/*
332	* See:
333	* http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/
334	* ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn
335	*/
336
337	/*
338	* id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
339	* oiw(14) secsig(3) algorithms(2) 26 }
340	*/
341	static const u_char id_sha1[] = {
342	0x30, 0x21, /* type Sequence, length 0x21 (33) */
343	0x30, 0x09, /* type Sequence, length 0x09 */
344	0x06, 0x05, /* type OID, length 0x05 */
345	0x2b, 0x0e, 0x03, 0x02, 0x1a, /* id-sha1 OID */
346	0x05, 0x00, /* NULL */
347	0x04, 0x14 /* Octet string, length 0x14 (20), followed by sha1 hash */
348	};
349
350	/*
351	* See http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
352	* id-sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840)
353	* organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2)
354	* id-sha256(1) }
355	*/
356	static const u_char id_sha256[] = {
357	0x30, 0x31, /* type Sequence, length 0x31 (49) */
358	0x30, 0x0d, /* type Sequence, length 0x0d (13) */
359	0x06, 0x09, /* type OID, length 0x09 */
360	0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, /* id-sha256 */
361	0x05, 0x00, /* NULL */
362	0x04, 0x20 /* Octet string, length 0x20 (32), followed by sha256 hash */
363	};
364
365	/*
366	* See http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
367	* id-sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840)
368	* organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2)
369	* id-sha256(3) }
370	*/
371	static const u_char id_sha512[] = {
372	0x30, 0x51, /* type Sequence, length 0x51 (81) */
373	0x30, 0x0d, /* type Sequence, length 0x0d (13) */
374	0x06, 0x09, /* type OID, length 0x09 */
375	0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, /* id-sha512 */
376	0x05, 0x00, /* NULL */
377	0x04, 0x40 /* Octet string, length 0x40 (64), followed by sha512 hash */
378	};
379
380	static int	298	static int
381	rsa_hash_alg_oid(int hash_alg, const u_char *oidp, size_t oidlenp)	299	openssh_RSA_verify(int hash_alg, const u_char *data, size_t datalen,
		300	u_char sigbuf, size_t siglen, EVP_PKEY pkey)
382	{	301	{
383	switch (hash_alg) {	302	size_t rsasize = 0;
384	case SSH_DIGEST_SHA1:	303	const RSA *rsa;
385	*oidp = id_sha1;	304	int ret;
386	*oidlenp = sizeof(id_sha1);
387	break;
388	case SSH_DIGEST_SHA256:
389	*oidp = id_sha256;
390	*oidlenp = sizeof(id_sha256);
391	break;
392	case SSH_DIGEST_SHA512:
393	*oidp = id_sha512;
394	*oidlenp = sizeof(id_sha512);
395	break;
396	default:
397	return SSH_ERR_INVALID_ARGUMENT;
398	}
399	return 0;
400	}
401		305
402	static int	306	rsa = EVP_PKEY_get0_RSA(pkey);
403	openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen,
404	u_char sigbuf, size_t siglen, RSA rsa)
405	{
406	size_t rsasize = 0, oidlen = 0, hlen = 0;
407	int ret, len, oidmatch, hashmatch;
408	const u_char *oid = NULL;
409	u_char *decrypted = NULL;
410
411	if ((ret = rsa_hash_alg_oid(hash_alg, &oid, &oidlen)) != 0)
412	return ret;
413	ret = SSH_ERR_INTERNAL_ERROR;
414	hlen = ssh_digest_bytes(hash_alg);
415	if (hashlen != hlen) {
416	ret = SSH_ERR_INVALID_ARGUMENT;
417	goto done;
418	}
419	rsasize = RSA_size(rsa);	307	rsasize = RSA_size(rsa);
420	if (rsasize <= 0 \|\| rsasize > SSHBUF_MAX_BIGNUM \|\|	308	if (rsasize <= 0 \|\| rsasize > SSHBUF_MAX_BIGNUM \|\|
421	siglen == 0 \|\| siglen > rsasize) {	309	siglen == 0 \|\| siglen > rsasize) {
422	ret = SSH_ERR_INVALID_ARGUMENT;	310	ret = SSH_ERR_INVALID_ARGUMENT;
423	goto done;	311	goto done;
424	}	312	}
425	if ((decrypted = malloc(rsasize)) == NULL) {	313
426	ret = SSH_ERR_ALLOC_FAIL;	314	ret = sshkey_verify_signature(pkey, hash_alg, data, datalen,
427	goto done;	315	sigbuf, siglen);
428	}	316
429	if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa,
430	RSA_PKCS1_PADDING)) < 0) {
431	ret = SSH_ERR_LIBCRYPTO_ERROR;
432	goto done;
433	}
434	if (len < 0 \|\| (size_t)len != hlen + oidlen) {
435	ret = SSH_ERR_INVALID_FORMAT;
436	goto done;
437	}
438	oidmatch = timingsafe_bcmp(decrypted, oid, oidlen) == 0;
439	hashmatch = timingsafe_bcmp(decrypted + oidlen, hash, hlen) == 0;
440	if (!oidmatch \|\| !hashmatch) {
441	ret = SSH_ERR_SIGNATURE_INVALID;
442	goto done;
443	}
444	ret = 0;
445	done:	317	done:
446	freezero(decrypted, rsasize);
447	return ret;	318	return ret;
448	}	319	}
449	#endif /* WITH_OPENSSL */	320	#endif /* WITH_OPENSSL */

Lines 29-49 Link Here

(-)a/sshkey.h (-18 / +9 lines)
29	#include <sys/types.h>	29	#include <sys/types.h>
30		30
31	#ifdef WITH_OPENSSL	31	#ifdef WITH_OPENSSL
32	#include <openssl/rsa.h>	32	#include <openssl/evp.h>
33	#include <openssl/dsa.h>	33	#include <openssl/ec.h>
34	# ifdef OPENSSL_HAS_ECC
35	# include <openssl/ec.h>
36	# include <openssl/ecdsa.h>
37	# else /* OPENSSL_HAS_ECC */
38	# define EC_KEY void
39	# define EC_GROUP void
40	# define EC_POINT void
41	# endif /* OPENSSL_HAS_ECC */
42	#else /* WITH_OPENSSL */	34	#else /* WITH_OPENSSL */
43	# define BIGNUM void	35	# define EVP_PKEY void
44	# define RSA void
45	# define DSA void
46	# define EC_KEY void
47	# define EC_GROUP void	36	# define EC_GROUP void
48	# define EC_POINT void	37	# define EC_POINT void
49	#endif /* WITH_OPENSSL */	38	#endif /* WITH_OPENSSL */
Lines 111-120 struct sshkey_cert { Link Here
111	struct sshkey {	100	struct sshkey {
112	int type;	101	int type;
113	int flags;	102	int flags;
114	RSA *rsa;	103	EVP_PKEY *pkey;
115	DSA *dsa;
116	int ecdsa_nid; /* NID of curve */	104	int ecdsa_nid; /* NID of curve */
117	EC_KEY *ecdsa;
118	u_char *ed25519_sk;	105	u_char *ed25519_sk;
119	u_char *ed25519_pk;	106	u_char *ed25519_pk;
120	char *xmss_name;	107	char *xmss_name;
Lines 171-177 int sshkey_curve_name_to_nid(const char *); Link Here
171	const char * sshkey_curve_nid_to_name(int);	158	const char * sshkey_curve_nid_to_name(int);
172	u_int sshkey_curve_nid_to_bits(int);	159	u_int sshkey_curve_nid_to_bits(int);
173	int sshkey_ecdsa_bits_to_nid(int);	160	int sshkey_ecdsa_bits_to_nid(int);
174	int sshkey_ecdsa_key_to_nid(EC_KEY *);	161	int sshkey_ecdsa_key_to_nid(struct sshkey *);
175	int sshkey_ec_nid_to_hash_alg(int nid);	162	int sshkey_ec_nid_to_hash_alg(int nid);
176	int sshkey_ec_validate_public(const EC_GROUP , const EC_POINT );	163	int sshkey_ec_validate_public(const EC_GROUP , const EC_POINT );
177	int sshkey_ec_validate_private(const EC_KEY *);	164	int sshkey_ec_validate_private(const EC_KEY *);
Lines 179-184 const char sshkey_ssh_name(const struct sshkey ); Link Here
179	const char sshkey_ssh_name_plain(const struct sshkey );	166	const char sshkey_ssh_name_plain(const struct sshkey );
180	int sshkey_names_valid2(const char *, int);	167	int sshkey_names_valid2(const char *, int);
181	char *sshkey_alg_list(int, int, int, char);	168	char *sshkey_alg_list(int, int, int, char);
		169	int sshkey_calculate_signature(EVP_PKEY, int, u_char *,
		170	int , const u_char , size_t);
		171	int sshkey_verify_signature(EVP_PKEY , int, const u_char ,
		172	size_t, u_char *, int);
182		173
183	int sshkey_from_blob(const u_char , size_t, struct sshkey *);	174	int sshkey_from_blob(const u_char , size_t, struct sshkey *);
184	int sshkey_fromb(struct sshbuf , struct sshkey *);	175	int sshkey_fromb(struct sshbuf , struct sshkey *);