version 1.19, 2015/05/21 04:55:51 |
version 1.20, 2015/07/03 03:43:18 |
|
|
KEY_ECDSA_CERT, NID_secp384r1, 1 }, |
KEY_ECDSA_CERT, NID_secp384r1, 1 }, |
{ "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", |
{ "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", |
KEY_ECDSA_CERT, NID_secp521r1, 1 }, |
KEY_ECDSA_CERT, NID_secp521r1, 1 }, |
{ "ssh-rsa-cert-v00@openssh.com", "RSA-CERT-V00", |
|
KEY_RSA_CERT_V00, 0, 1 }, |
|
{ "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00", |
|
KEY_DSA_CERT_V00, 0, 1 }, |
|
#endif /* WITH_OPENSSL */ |
#endif /* WITH_OPENSSL */ |
{ NULL, NULL, -1, -1, 0 } |
{ NULL, NULL, -1, -1, 0 } |
}; |
}; |
|
|
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
case KEY_RSA1: |
case KEY_RSA1: |
case KEY_RSA: |
case KEY_RSA: |
case KEY_RSA_CERT_V00: |
|
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
return BN_num_bits(k->rsa->n); |
return BN_num_bits(k->rsa->n); |
case KEY_DSA: |
case KEY_DSA: |
case KEY_DSA_CERT_V00: |
|
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
return BN_num_bits(k->dsa->p); |
return BN_num_bits(k->dsa->p); |
case KEY_ECDSA: |
case KEY_ECDSA: |
|
|
return 0; |
return 0; |
} |
} |
|
|
int |
|
sshkey_cert_is_legacy(const struct sshkey *k) |
|
{ |
|
switch (k->type) { |
|
case KEY_DSA_CERT_V00: |
|
case KEY_RSA_CERT_V00: |
|
return 1; |
|
default: |
|
return 0; |
|
} |
|
} |
|
|
|
static int |
static int |
sshkey_type_is_valid_ca(int type) |
sshkey_type_is_valid_ca(int type) |
{ |
{ |
|
|
sshkey_type_plain(int type) |
sshkey_type_plain(int type) |
{ |
{ |
switch (type) { |
switch (type) { |
case KEY_RSA_CERT_V00: |
|
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
return KEY_RSA; |
return KEY_RSA; |
case KEY_DSA_CERT_V00: |
|
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
return KEY_DSA; |
return KEY_DSA; |
case KEY_ECDSA_CERT: |
case KEY_ECDSA_CERT: |
|
|
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
case KEY_RSA1: |
case KEY_RSA1: |
case KEY_RSA: |
case KEY_RSA: |
case KEY_RSA_CERT_V00: |
|
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
if ((rsa = RSA_new()) == NULL || |
if ((rsa = RSA_new()) == NULL || |
(rsa->n = BN_new()) == NULL || |
(rsa->n = BN_new()) == NULL || |
|
|
k->rsa = rsa; |
k->rsa = rsa; |
break; |
break; |
case KEY_DSA: |
case KEY_DSA: |
case KEY_DSA_CERT_V00: |
|
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
if ((dsa = DSA_new()) == NULL || |
if ((dsa = DSA_new()) == NULL || |
(dsa->p = BN_new()) == NULL || |
(dsa->p = BN_new()) == NULL || |
|
|
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
case KEY_RSA1: |
case KEY_RSA1: |
case KEY_RSA: |
case KEY_RSA: |
case KEY_RSA_CERT_V00: |
|
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
#define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL) |
#define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL) |
if (bn_maybe_alloc_failed(k->rsa->d) || |
if (bn_maybe_alloc_failed(k->rsa->d) || |
|
|
return SSH_ERR_ALLOC_FAIL; |
return SSH_ERR_ALLOC_FAIL; |
break; |
break; |
case KEY_DSA: |
case KEY_DSA: |
case KEY_DSA_CERT_V00: |
|
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
if (bn_maybe_alloc_failed(k->dsa->priv_key)) |
if (bn_maybe_alloc_failed(k->dsa->priv_key)) |
return SSH_ERR_ALLOC_FAIL; |
return SSH_ERR_ALLOC_FAIL; |
|
|
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
case KEY_RSA1: |
case KEY_RSA1: |
case KEY_RSA: |
case KEY_RSA: |
case KEY_RSA_CERT_V00: |
|
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
if (k->rsa != NULL) |
if (k->rsa != NULL) |
RSA_free(k->rsa); |
RSA_free(k->rsa); |
k->rsa = NULL; |
k->rsa = NULL; |
break; |
break; |
case KEY_DSA: |
case KEY_DSA: |
case KEY_DSA_CERT_V00: |
|
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
if (k->dsa != NULL) |
if (k->dsa != NULL) |
DSA_free(k->dsa); |
DSA_free(k->dsa); |
|
|
switch (a->type) { |
switch (a->type) { |
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
case KEY_RSA1: |
case KEY_RSA1: |
case KEY_RSA_CERT_V00: |
|
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
case KEY_RSA: |
case KEY_RSA: |
return a->rsa != NULL && b->rsa != NULL && |
return a->rsa != NULL && b->rsa != NULL && |
BN_cmp(a->rsa->e, b->rsa->e) == 0 && |
BN_cmp(a->rsa->e, b->rsa->e) == 0 && |
BN_cmp(a->rsa->n, b->rsa->n) == 0; |
BN_cmp(a->rsa->n, b->rsa->n) == 0; |
case KEY_DSA_CERT_V00: |
|
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
case KEY_DSA: |
case KEY_DSA: |
return a->dsa != NULL && b->dsa != NULL && |
return a->dsa != NULL && b->dsa != NULL && |
|
|
|
|
switch (type) { |
switch (type) { |
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
case KEY_DSA_CERT_V00: |
|
case KEY_RSA_CERT_V00: |
|
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
case KEY_ECDSA_CERT: |
case KEY_ECDSA_CERT: |
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
|
|
case KEY_DSA: |
case KEY_DSA: |
case KEY_ECDSA: |
case KEY_ECDSA: |
case KEY_ED25519: |
case KEY_ED25519: |
case KEY_DSA_CERT_V00: |
|
case KEY_RSA_CERT_V00: |
|
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
case KEY_ECDSA_CERT: |
case KEY_ECDSA_CERT: |
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
|
|
switch (k->type) { |
switch (k->type) { |
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
case KEY_DSA: |
case KEY_DSA: |
case KEY_DSA_CERT_V00: |
|
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
if ((n = sshkey_new(k->type)) == NULL) |
if ((n = sshkey_new(k->type)) == NULL) |
return SSH_ERR_ALLOC_FAIL; |
return SSH_ERR_ALLOC_FAIL; |
|
|
break; |
break; |
case KEY_RSA: |
case KEY_RSA: |
case KEY_RSA1: |
case KEY_RSA1: |
case KEY_RSA_CERT_V00: |
|
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
if ((n = sshkey_new(k->type)) == NULL) |
if ((n = sshkey_new(k->type)) == NULL) |
return SSH_ERR_ALLOC_FAIL; |
return SSH_ERR_ALLOC_FAIL; |
|
|
u_char *sig = NULL; |
u_char *sig = NULL; |
size_t signed_len = 0, slen = 0, kidlen = 0; |
size_t signed_len = 0, slen = 0, kidlen = 0; |
int ret = SSH_ERR_INTERNAL_ERROR; |
int ret = SSH_ERR_INTERNAL_ERROR; |
int v00 = sshkey_cert_is_legacy(key); |
|
|
|
/* Copy the entire key blob for verification and later serialisation */ |
/* Copy the entire key blob for verification and later serialisation */ |
if ((ret = sshbuf_putb(key->cert->certblob, certbuf)) != 0) |
if ((ret = sshbuf_putb(key->cert->certblob, certbuf)) != 0) |
return ret; |
return ret; |
|
|
if ((!v00 && (ret = sshbuf_get_u64(b, &key->cert->serial)) != 0) || |
/* Parse body of certificate up to signature */ |
|
if ((ret = sshbuf_get_u64(b, &key->cert->serial)) != 0 || |
(ret = sshbuf_get_u32(b, &key->cert->type)) != 0 || |
(ret = sshbuf_get_u32(b, &key->cert->type)) != 0 || |
(ret = sshbuf_get_cstring(b, &key->cert->key_id, &kidlen)) != 0 || |
(ret = sshbuf_get_cstring(b, &key->cert->key_id, &kidlen)) != 0 || |
(ret = sshbuf_froms(b, &principals)) != 0 || |
(ret = sshbuf_froms(b, &principals)) != 0 || |
(ret = sshbuf_get_u64(b, &key->cert->valid_after)) != 0 || |
(ret = sshbuf_get_u64(b, &key->cert->valid_after)) != 0 || |
(ret = sshbuf_get_u64(b, &key->cert->valid_before)) != 0 || |
(ret = sshbuf_get_u64(b, &key->cert->valid_before)) != 0 || |
(ret = sshbuf_froms(b, &crit)) != 0 || |
(ret = sshbuf_froms(b, &crit)) != 0 || |
(!v00 && (ret = sshbuf_froms(b, &exts)) != 0) || |
(ret = sshbuf_froms(b, &exts)) != 0 || |
(v00 && (ret = sshbuf_get_string_direct(b, NULL, NULL)) != 0) || |
|
(ret = sshbuf_get_string_direct(b, NULL, NULL)) != 0 || |
(ret = sshbuf_get_string_direct(b, NULL, NULL)) != 0 || |
(ret = sshbuf_froms(b, &ca)) != 0) { |
(ret = sshbuf_froms(b, &ca)) != 0) { |
/* XXX debug print error for ret */ |
/* XXX debug print error for ret */ |
|
|
goto out; |
goto out; |
} |
} |
oprincipals = key->cert->principals; |
oprincipals = key->cert->principals; |
key->cert->principals = realloc(key->cert->principals, |
key->cert->principals = reallocarray(key->cert->principals, |
(key->cert->nprincipals + 1) * |
key->cert->nprincipals + 1, sizeof(*key->cert->principals)); |
sizeof(*key->cert->principals)); |
|
if (key->cert->principals == NULL) { |
if (key->cert->principals == NULL) { |
free(principal); |
free(principal); |
key->cert->principals = oprincipals; |
key->cert->principals = oprincipals; |
|
|
|
|
/* |
/* |
* Validate critical options and extensions sections format. |
* Validate critical options and extensions sections format. |
* NB. extensions are not present in v00 certs. |
|
*/ |
*/ |
while (sshbuf_len(crit) != 0) { |
while (sshbuf_len(crit) != 0) { |
if ((ret = sshbuf_get_string_direct(crit, NULL, NULL)) != 0 || |
if ((ret = sshbuf_get_string_direct(crit, NULL, NULL)) != 0 || |
|
|
} |
} |
/* FALLTHROUGH */ |
/* FALLTHROUGH */ |
case KEY_RSA: |
case KEY_RSA: |
case KEY_RSA_CERT_V00: |
|
if ((key = sshkey_new(type)) == NULL) { |
if ((key = sshkey_new(type)) == NULL) { |
ret = SSH_ERR_ALLOC_FAIL; |
ret = SSH_ERR_ALLOC_FAIL; |
goto out; |
goto out; |
|
|
} |
} |
/* FALLTHROUGH */ |
/* FALLTHROUGH */ |
case KEY_DSA: |
case KEY_DSA: |
case KEY_DSA_CERT_V00: |
|
if ((key = sshkey_new(type)) == NULL) { |
if ((key = sshkey_new(type)) == NULL) { |
ret = SSH_ERR_ALLOC_FAIL; |
ret = SSH_ERR_ALLOC_FAIL; |
goto out; |
goto out; |
|
|
return SSH_ERR_INVALID_ARGUMENT; |
return SSH_ERR_INVALID_ARGUMENT; |
switch (key->type) { |
switch (key->type) { |
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
case KEY_DSA_CERT_V00: |
|
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
case KEY_DSA: |
case KEY_DSA: |
return ssh_dss_sign(key, sigp, lenp, data, datalen, compat); |
return ssh_dss_sign(key, sigp, lenp, data, datalen, compat); |
case KEY_ECDSA_CERT: |
case KEY_ECDSA_CERT: |
case KEY_ECDSA: |
case KEY_ECDSA: |
return ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); |
return ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); |
case KEY_RSA_CERT_V00: |
|
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
case KEY_RSA: |
case KEY_RSA: |
return ssh_rsa_sign(key, sigp, lenp, data, datalen, compat); |
return ssh_rsa_sign(key, sigp, lenp, data, datalen, compat); |
|
|
return SSH_ERR_INVALID_ARGUMENT; |
return SSH_ERR_INVALID_ARGUMENT; |
switch (key->type) { |
switch (key->type) { |
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
case KEY_DSA_CERT_V00: |
|
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
case KEY_DSA: |
case KEY_DSA: |
return ssh_dss_verify(key, sig, siglen, data, dlen, compat); |
return ssh_dss_verify(key, sig, siglen, data, dlen, compat); |
case KEY_ECDSA_CERT: |
case KEY_ECDSA_CERT: |
case KEY_ECDSA: |
case KEY_ECDSA: |
return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); |
return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); |
case KEY_RSA_CERT_V00: |
|
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
case KEY_RSA: |
case KEY_RSA: |
return ssh_rsa_verify(key, sig, siglen, data, dlen, compat); |
return ssh_rsa_verify(key, sig, siglen, data, dlen, compat); |
|
|
|
|
switch (k->type) { |
switch (k->type) { |
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
case KEY_RSA_CERT_V00: |
|
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
if ((ret = sshkey_cert_copy(k, pk)) != 0) |
if ((ret = sshkey_cert_copy(k, pk)) != 0) |
goto fail; |
goto fail; |
|
|
goto fail; |
goto fail; |
} |
} |
break; |
break; |
case KEY_DSA_CERT_V00: |
|
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
if ((ret = sshkey_cert_copy(k, pk)) != 0) |
if ((ret = sshkey_cert_copy(k, pk)) != 0) |
goto fail; |
goto fail; |
|
|
|
|
/* Convert a plain key to their _CERT equivalent */ |
/* Convert a plain key to their _CERT equivalent */ |
int |
int |
sshkey_to_certified(struct sshkey *k, int legacy) |
sshkey_to_certified(struct sshkey *k) |
{ |
{ |
int newtype; |
int newtype; |
|
|
switch (k->type) { |
switch (k->type) { |
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
case KEY_RSA: |
case KEY_RSA: |
newtype = legacy ? KEY_RSA_CERT_V00 : KEY_RSA_CERT; |
newtype = KEY_RSA_CERT; |
break; |
break; |
case KEY_DSA: |
case KEY_DSA: |
newtype = legacy ? KEY_DSA_CERT_V00 : KEY_DSA_CERT; |
newtype = KEY_DSA_CERT; |
break; |
break; |
case KEY_ECDSA: |
case KEY_ECDSA: |
if (legacy) |
|
return SSH_ERR_INVALID_ARGUMENT; |
|
newtype = KEY_ECDSA_CERT; |
newtype = KEY_ECDSA_CERT; |
break; |
break; |
#endif /* WITH_OPENSSL */ |
#endif /* WITH_OPENSSL */ |
case KEY_ED25519: |
case KEY_ED25519: |
if (legacy) |
|
return SSH_ERR_INVALID_ARGUMENT; |
|
newtype = KEY_ED25519_CERT; |
newtype = KEY_ED25519_CERT; |
break; |
break; |
default: |
default: |
|
|
|
|
/* -v01 certs put nonce first */ |
/* -v01 certs put nonce first */ |
arc4random_buf(&nonce, sizeof(nonce)); |
arc4random_buf(&nonce, sizeof(nonce)); |
if (!sshkey_cert_is_legacy(k)) { |
if ((ret = sshbuf_put_string(cert, nonce, sizeof(nonce))) != 0) |
if ((ret = sshbuf_put_string(cert, nonce, sizeof(nonce))) != 0) |
goto out; |
goto out; |
|
} |
|
|
|
/* XXX this substantially duplicates to_blob(); refactor */ |
/* XXX this substantially duplicates to_blob(); refactor */ |
switch (k->type) { |
switch (k->type) { |
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
case KEY_DSA_CERT_V00: |
|
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
if ((ret = sshbuf_put_bignum2(cert, k->dsa->p)) != 0 || |
if ((ret = sshbuf_put_bignum2(cert, k->dsa->p)) != 0 || |
(ret = sshbuf_put_bignum2(cert, k->dsa->q)) != 0 || |
(ret = sshbuf_put_bignum2(cert, k->dsa->q)) != 0 || |
|
|
EC_KEY_get0_group(k->ecdsa))) != 0) |
EC_KEY_get0_group(k->ecdsa))) != 0) |
goto out; |
goto out; |
break; |
break; |
case KEY_RSA_CERT_V00: |
|
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
if ((ret = sshbuf_put_bignum2(cert, k->rsa->e)) != 0 || |
if ((ret = sshbuf_put_bignum2(cert, k->rsa->e)) != 0 || |
(ret = sshbuf_put_bignum2(cert, k->rsa->n)) != 0) |
(ret = sshbuf_put_bignum2(cert, k->rsa->n)) != 0) |
|
|
goto out; |
goto out; |
} |
} |
|
|
/* -v01 certs have a serial number next */ |
if ((ret = sshbuf_put_u64(cert, k->cert->serial)) != 0 || |
if (!sshkey_cert_is_legacy(k)) { |
(ret = sshbuf_put_u32(cert, k->cert->type)) != 0 || |
if ((ret = sshbuf_put_u64(cert, k->cert->serial)) != 0) |
|
goto out; |
|
} |
|
|
|
if ((ret = sshbuf_put_u32(cert, k->cert->type)) != 0 || |
|
(ret = sshbuf_put_cstring(cert, k->cert->key_id)) != 0) |
(ret = sshbuf_put_cstring(cert, k->cert->key_id)) != 0) |
goto out; |
goto out; |
|
|
|
|
if ((ret = sshbuf_put_stringb(cert, principals)) != 0 || |
if ((ret = sshbuf_put_stringb(cert, principals)) != 0 || |
(ret = sshbuf_put_u64(cert, k->cert->valid_after)) != 0 || |
(ret = sshbuf_put_u64(cert, k->cert->valid_after)) != 0 || |
(ret = sshbuf_put_u64(cert, k->cert->valid_before)) != 0 || |
(ret = sshbuf_put_u64(cert, k->cert->valid_before)) != 0 || |
(ret = sshbuf_put_stringb(cert, k->cert->critical)) != 0) |
(ret = sshbuf_put_stringb(cert, k->cert->critical)) != 0 || |
goto out; |
(ret = sshbuf_put_stringb(cert, k->cert->extensions)) != 0 || |
|
(ret = sshbuf_put_string(cert, NULL, 0)) != 0 || /* Reserved */ |
/* -v01 certs have non-critical options here */ |
|
if (!sshkey_cert_is_legacy(k)) { |
|
if ((ret = sshbuf_put_stringb(cert, k->cert->extensions)) != 0) |
|
goto out; |
|
} |
|
|
|
/* -v00 certs put the nonce at the end */ |
|
if (sshkey_cert_is_legacy(k)) { |
|
if ((ret = sshbuf_put_string(cert, nonce, sizeof(nonce))) != 0) |
|
goto out; |
|
} |
|
|
|
if ((ret = sshbuf_put_string(cert, NULL, 0)) != 0 || /* Reserved */ |
|
(ret = sshbuf_put_string(cert, ca_blob, ca_len)) != 0) |
(ret = sshbuf_put_string(cert, ca_blob, ca_len)) != 0) |
goto out; |
goto out; |
|
|
|
|
(r = sshbuf_put_bignum2(b, key->rsa->q)) != 0) |
(r = sshbuf_put_bignum2(b, key->rsa->q)) != 0) |
goto out; |
goto out; |
break; |
break; |
case KEY_RSA_CERT_V00: |
|
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { |
if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { |
r = SSH_ERR_INVALID_ARGUMENT; |
r = SSH_ERR_INVALID_ARGUMENT; |
|
|
(r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) |
(r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) |
goto out; |
goto out; |
break; |
break; |
case KEY_DSA_CERT_V00: |
|
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { |
if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { |
r = SSH_ERR_INVALID_ARGUMENT; |
r = SSH_ERR_INVALID_ARGUMENT; |
|
|
(r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) |
(r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) |
goto out; |
goto out; |
break; |
break; |
case KEY_DSA_CERT_V00: |
|
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
if ((r = sshkey_froms(buf, &k)) != 0 || |
if ((r = sshkey_froms(buf, &k)) != 0 || |
(r = sshkey_add_private(k)) != 0 || |
(r = sshkey_add_private(k)) != 0 || |
|
|
(r = rsa_generate_additional_parameters(k->rsa)) != 0) |
(r = rsa_generate_additional_parameters(k->rsa)) != 0) |
goto out; |
goto out; |
break; |
break; |
case KEY_RSA_CERT_V00: |
|
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
if ((r = sshkey_froms(buf, &k)) != 0 || |
if ((r = sshkey_froms(buf, &k)) != 0 || |
(r = sshkey_add_private(k)) != 0 || |
(r = sshkey_add_private(k)) != 0 || |
|
|
/* enable blinding */ |
/* enable blinding */ |
switch (k->type) { |
switch (k->type) { |
case KEY_RSA: |
case KEY_RSA: |
case KEY_RSA_CERT_V00: |
|
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
case KEY_RSA1: |
case KEY_RSA1: |
if (RSA_blinding_on(k->rsa, NULL) != 1) { |
if (RSA_blinding_on(k->rsa, NULL) != 1) { |