Bugzilla – Attachment 3433 Details for
Bug 3195
ssh-keygen unable to convert ED25519 public keys
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
support reading PKCS8 Ed25519 keys
bz3195.diff (text/plain), 2.77 KB, created by
Damien Miller
on 2020-07-24 15:51:20 AEST
(
hide
)
Description:
support reading PKCS8 Ed25519 keys
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2020-07-24 15:51:20 AEST
Size:
2.77 KB
patch
obsolete
>diff --git a/configure.ac b/configure.ac >index ff741735..b067dc40 100644 >--- a/configure.ac >+++ b/configure.ac >@@ -2868,6 +2868,8 @@ if test "x$openssl" = "xyes" ; then > EVP_MD_CTX_new \ > EVP_MD_CTX_free \ > EVP_chacha20 \ >+ EVP_PKEY_get_raw_public_key \ >+ EVP_PKEY_get_raw_private_key \ > ]) > > if test "x$openssl_engine" = "xyes" ; then >@@ -2904,6 +2906,27 @@ if test "x$openssl" = "xyes" ; then > ] > ) > >+ # Check for OpenSSL with ED25519 >+ AC_MSG_CHECKING([whether OpenSSL has ED25519 support]) >+ AC_LINK_IFELSE( >+ [AC_LANG_PROGRAM([[ >+ #include <string.h> >+ #include <openssl/evp.h> >+ ]], [[ >+ unsigned char buf[64]; >+ exit(EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, >+ buf, sizeof(buf)) == NULL); >+ ]])], >+ [ >+ AC_MSG_RESULT([no]) >+ ], >+ [ >+ AC_MSG_RESULT([yes]) >+ AC_DEFINE([OPENSSL_HAS_ED25519], [1], >+ [libcrypto has ed25519 support]) >+ ] >+ ) >+ > # Check for OpenSSL with EVP_aes_*ctr > AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) > AC_LINK_IFELSE( >diff --git a/sshkey.c b/sshkey.c >index 10b9e467..be7bf862 100644 >--- a/sshkey.c >+++ b/sshkey.c >@@ -4531,6 +4531,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, > struct sshkey *prv = NULL; > BIO *bio = NULL; > int r; >+ size_t len; > > if (keyp != NULL) > *keyp = NULL; >@@ -4609,6 +4610,38 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, > sshkey_dump_ec_key(prv->ecdsa); > # endif > #endif /* OPENSSL_HAS_ECC */ >+#ifdef OPENSSL_HAS_ED25519 >+ } else if (EVP_PKEY_base_id(pk) == EVP_PKEY_ED25519 && >+ (type == KEY_UNSPEC || type == KEY_ED25519)) { >+ if ((prv = sshkey_new(KEY_UNSPEC)) == NULL || >+ (prv->ed25519_sk = calloc(1, ED25519_SK_SZ)) == NULL || >+ (prv->ed25519_pk = calloc(1, ED25519_PK_SZ)) == NULL) { >+ r = SSH_ERR_ALLOC_FAIL; >+ goto out; >+ } >+ prv->type = KEY_ED25519; >+ len = ED25519_PK_SZ; >+ if (!EVP_PKEY_get_raw_public_key(pk, prv->ed25519_pk, &len)) { >+ r = SSH_ERR_LIBCRYPTO_ERROR; >+ goto out; >+ } >+ if (len != ED25519_PK_SZ) { >+ r = SSH_ERR_INVALID_FORMAT; >+ goto out; >+ } >+ len = ED25519_SK_SZ - ED25519_PK_SZ; >+ if (!EVP_PKEY_get_raw_private_key(pk, prv->ed25519_sk, &len)) { >+ r = SSH_ERR_LIBCRYPTO_ERROR; >+ goto out; >+ } >+ if (len != ED25519_SK_SZ - ED25519_PK_SZ) { >+ r = SSH_ERR_INVALID_FORMAT; >+ goto out; >+ } >+ /* Append the public key to our private */ >+ memcpy(prv->ed25519_sk + (ED25519_SK_SZ - ED25519_PK_SZ), >+ prv->ed25519_pk, ED25519_PK_SZ); >+#endif /* OPENSSL_HAS_ED25519 */ > } else { > r = SSH_ERR_INVALID_FORMAT; > goto out; >@@ -4638,7 +4671,6 @@ sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, > *commentp = NULL; > > switch (type) { >- case KEY_ED25519: > case KEY_XMSS: > /* No fallback for new-format-only keys */ > return sshkey_parse_private2(blob, type, passphrase,
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3433">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3195
: 3433 |
3525