version 1.115, 2021/02/02 22:36:46 |
version 1.116, 2021/04/03 06:18:41 |
|
|
{ "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", NULL, |
{ "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", NULL, |
KEY_ECDSA_CERT, NID_secp384r1, 1, 0 }, |
KEY_ECDSA_CERT, NID_secp384r1, 1, 0 }, |
{ "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", NULL, |
{ "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", NULL, |
KEY_ECDSA_CERT, NID_secp521r1, 1, 0 }, |
KEY_ECDSA_CERT, NID_secp521r1, 1, 0 }, |
{ "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-SK-CERT", NULL, |
{ "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-SK-CERT", NULL, |
KEY_ECDSA_SK_CERT, NID_X9_62_prime256v1, 1, 0 }, |
KEY_ECDSA_SK_CERT, NID_X9_62_prime256v1, 1, 0 }, |
#endif /* WITH_OPENSSL */ |
#endif /* WITH_OPENSSL */ |
|
|
if (sshkey_is_shielded(k) && (r = sshkey_unshield_private(k)) != 0) |
if (sshkey_is_shielded(k) && (r = sshkey_unshield_private(k)) != 0) |
goto out; |
goto out; |
if ((r = sshkey_private_serialize_opt(k, prvbuf, |
if ((r = sshkey_private_serialize_opt(k, prvbuf, |
SSHKEY_SERIALIZE_SHIELD)) != 0) |
SSHKEY_SERIALIZE_SHIELD)) != 0) |
goto out; |
goto out; |
/* pad to cipher blocksize */ |
/* pad to cipher blocksize */ |
i = 0; |
i = 0; |
|
|
if ((expect_sk_application != NULL && (k->sk_application == NULL || |
if ((expect_sk_application != NULL && (k->sk_application == NULL || |
strcmp(expect_sk_application, k->sk_application) != 0)) || |
strcmp(expect_sk_application, k->sk_application) != 0)) || |
(expect_ed25519_pk != NULL && (k->ed25519_pk == NULL || |
(expect_ed25519_pk != NULL && (k->ed25519_pk == NULL || |
memcmp(expect_ed25519_pk, k->ed25519_pk, ED25519_PK_SZ) != 0))) { |
memcmp(expect_ed25519_pk, k->ed25519_pk, ED25519_PK_SZ) != 0))) { |
r = SSH_ERR_KEY_CERT_MISMATCH; |
r = SSH_ERR_KEY_CERT_MISMATCH; |
goto out; |
goto out; |
} |
} |
|
|
|
|
/* append private key and comment*/ |
/* append private key and comment*/ |
if ((r = sshkey_private_serialize_opt(prv, encrypted, |
if ((r = sshkey_private_serialize_opt(prv, encrypted, |
SSHKEY_SERIALIZE_FULL)) != 0 || |
SSHKEY_SERIALIZE_FULL)) != 0 || |
(r = sshbuf_put_cstring(encrypted, comment)) != 0) |
(r = sshbuf_put_cstring(encrypted, comment)) != 0) |
goto out; |
goto out; |
|
|
|
|
clear_libcrypto_errors(); |
clear_libcrypto_errors(); |
if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, |
if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, |
(char *)passphrase)) == NULL) { |
(char *)passphrase)) == NULL) { |
/* |
/* |
* libcrypto may return various ASN.1 errors when attempting |
* libcrypto may return various ASN.1 errors when attempting |
* to parse a key with an incorrect passphrase. |
* to parse a key with an incorrect passphrase. |
* Treat all format errors as "incorrect passphrase" if a |
* Treat all format errors as "incorrect passphrase" if a |
* passphrase was supplied. |
* passphrase was supplied. |
*/ |
*/ |
if (passphrase != NULL && *passphrase != '\0') |
if (passphrase != NULL && *passphrase != '\0') |
r = SSH_ERR_KEY_WRONG_PASSPHRASE; |
r = SSH_ERR_KEY_WRONG_PASSPHRASE; |
else |
else |