| version 1.115, 2021/02/02 22:36:46 |
version 1.116, 2021/04/03 06:18:41 |
|
|
| { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", NULL, |
{ "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", NULL, |
| KEY_ECDSA_CERT, NID_secp384r1, 1, 0 }, |
KEY_ECDSA_CERT, NID_secp384r1, 1, 0 }, |
| { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", NULL, |
{ "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", NULL, |
| KEY_ECDSA_CERT, NID_secp521r1, 1, 0 }, |
KEY_ECDSA_CERT, NID_secp521r1, 1, 0 }, |
| { "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-SK-CERT", NULL, |
{ "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-SK-CERT", NULL, |
| KEY_ECDSA_SK_CERT, NID_X9_62_prime256v1, 1, 0 }, |
KEY_ECDSA_SK_CERT, NID_X9_62_prime256v1, 1, 0 }, |
| #endif /* WITH_OPENSSL */ |
#endif /* WITH_OPENSSL */ |
|
|
| if (sshkey_is_shielded(k) && (r = sshkey_unshield_private(k)) != 0) |
if (sshkey_is_shielded(k) && (r = sshkey_unshield_private(k)) != 0) |
| goto out; |
goto out; |
| if ((r = sshkey_private_serialize_opt(k, prvbuf, |
if ((r = sshkey_private_serialize_opt(k, prvbuf, |
| SSHKEY_SERIALIZE_SHIELD)) != 0) |
SSHKEY_SERIALIZE_SHIELD)) != 0) |
| goto out; |
goto out; |
| /* pad to cipher blocksize */ |
/* pad to cipher blocksize */ |
| i = 0; |
i = 0; |
|
|
| if ((expect_sk_application != NULL && (k->sk_application == NULL || |
if ((expect_sk_application != NULL && (k->sk_application == NULL || |
| strcmp(expect_sk_application, k->sk_application) != 0)) || |
strcmp(expect_sk_application, k->sk_application) != 0)) || |
| (expect_ed25519_pk != NULL && (k->ed25519_pk == NULL || |
(expect_ed25519_pk != NULL && (k->ed25519_pk == NULL || |
| memcmp(expect_ed25519_pk, k->ed25519_pk, ED25519_PK_SZ) != 0))) { |
memcmp(expect_ed25519_pk, k->ed25519_pk, ED25519_PK_SZ) != 0))) { |
| r = SSH_ERR_KEY_CERT_MISMATCH; |
r = SSH_ERR_KEY_CERT_MISMATCH; |
| goto out; |
goto out; |
| } |
} |
|
|
| |
|
| /* append private key and comment*/ |
/* append private key and comment*/ |
| if ((r = sshkey_private_serialize_opt(prv, encrypted, |
if ((r = sshkey_private_serialize_opt(prv, encrypted, |
| SSHKEY_SERIALIZE_FULL)) != 0 || |
SSHKEY_SERIALIZE_FULL)) != 0 || |
| (r = sshbuf_put_cstring(encrypted, comment)) != 0) |
(r = sshbuf_put_cstring(encrypted, comment)) != 0) |
| goto out; |
goto out; |
| |
|
|
|
| clear_libcrypto_errors(); |
clear_libcrypto_errors(); |
| if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, |
if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, |
| (char *)passphrase)) == NULL) { |
(char *)passphrase)) == NULL) { |
| /* |
/* |
| * libcrypto may return various ASN.1 errors when attempting |
* libcrypto may return various ASN.1 errors when attempting |
| * to parse a key with an incorrect passphrase. |
* to parse a key with an incorrect passphrase. |
| * Treat all format errors as "incorrect passphrase" if a |
* Treat all format errors as "incorrect passphrase" if a |
| * passphrase was supplied. |
* passphrase was supplied. |
| */ |
*/ |
| if (passphrase != NULL && *passphrase != '\0') |
if (passphrase != NULL && *passphrase != '\0') |
| r = SSH_ERR_KEY_WRONG_PASSPHRASE; |
r = SSH_ERR_KEY_WRONG_PASSPHRASE; |
| else |
else |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshkey.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh