Bugzilla – Attachment 3286 Details for
Bug 3013
Use the PKCS#8 formatted PEM files instead of insecure "traditional PEM"
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
generate PEM files in new PKCS#8 format
file_3013.txt (text/plain), 1.92 KB, created by
Jakub Jelen
on 2019-05-23 01:37:20 AEST
(
hide
)
Description:
generate PEM files in new PKCS#8 format
Filename:
MIME Type:
Creator:
Jakub Jelen
Created:
2019-05-23 01:37:20 AEST
Size:
1.92 KB
patch
obsolete
>commit 2fe812887139ce32eeca52f9a0c141bdc7c4c8af >Author: Jakub Jelen <jjelen@redhat.com> >Date: Wed May 22 17:25:22 2019 +0200 > > New PEM export format withou MD5 > >diff --git a/sshkey.c b/sshkey.c >index b95ed0b1..1a271512 100644 >--- a/sshkey.c >+++ b/sshkey.c >@@ -3805,26 +3805,28 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob, > const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL; > char *bptr; > BIO *bio = NULL; >+ EVP_PKEY *pkey = NULL; > > if (len > 0 && len <= 4) > return SSH_ERR_PASSPHRASE_TOO_SHORT; > if ((bio = BIO_new(BIO_s_mem())) == NULL) > return SSH_ERR_ALLOC_FAIL; >+ if ((pkey = EVP_PKEY_new()) == NULL) { >+ BIO_free(bio); >+ return SSH_ERR_ALLOC_FAIL; >+ } > > switch (key->type) { > case KEY_DSA: >- success = PEM_write_bio_DSAPrivateKey(bio, key->dsa, >- cipher, passphrase, len, NULL, NULL); >+ success = EVP_PKEY_set1_DSA(pkey, key->dsa); > break; > #ifdef OPENSSL_HAS_ECC > case KEY_ECDSA: >- success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa, >- cipher, passphrase, len, NULL, NULL); >+ success = EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa); > break; > #endif > case KEY_RSA: >- success = PEM_write_bio_RSAPrivateKey(bio, key->rsa, >- cipher, passphrase, len, NULL, NULL); >+ success = EVP_PKEY_set1_RSA(pkey, key->rsa); > break; > default: > success = 0; >@@ -3834,6 +3836,12 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob, > r = SSH_ERR_LIBCRYPTO_ERROR; > goto out; > } >+ success = PEM_write_bio_PrivateKey(bio, pkey, >+ cipher, passphrase, len, NULL, NULL); >+ if (success == 0) { >+ r = SSH_ERR_LIBCRYPTO_ERROR; >+ goto out; >+ } > if ((blen = BIO_get_mem_data(bio, &bptr)) <= 0) { > r = SSH_ERR_INTERNAL_ERROR; > goto out; >@@ -3842,6 +3850,7 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob, > goto out; > r = 0; > out: >+ EVP_PKEY_free(pkey); > BIO_free(bio); > return r; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3286">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 3013
: 3286 |
3295