lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-30 13:01:23 +03:00
Code Activity

pki: Unbreak key comparison of Ed25519 keys imported from PEM or OpenSSH container

Browse Source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2023-08-16 13:20:46 +02:00
parent 0cfd4d8ec7
commit 04acf9a8ab
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/pki_crypto.c
View File

@@ -1003,6 +1003,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
EC_KEY *ecdsa = NULL; EC_KEY *ecdsa = NULL;
#endif /* OPENSSL_VERSION_NUMBER */ #endif /* OPENSSL_VERSION_NUMBER */
uint8_t *ed25519 = NULL; uint8_t *ed25519 = NULL;
uint8_t *ed25519_pubkey = NULL;
ssh_key key = NULL; ssh_key key = NULL;
enum ssh_keytypes_e type = SSH_KEYTYPE_UNKNOWN; enum ssh_keytypes_e type = SSH_KEYTYPE_UNKNOWN;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
@@ -1092,6 +1093,22 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
ERR_error_string(ERR_get_error(), NULL)); ERR_error_string(ERR_get_error(), NULL));
goto fail; goto fail;
} }
/* length matches the private key length */
ed25519_pubkey = malloc(ED25519_KEY_LEN);
if (ed25519_pubkey == NULL) {
SSH_LOG(SSH_LOG_TRACE, "Out of memory");
goto fail;
}
evp_rc = EVP_PKEY_get_raw_public_key(pkey, (uint8_t *)ed25519_pubkey,
&key_len);
if (evp_rc != 1) {
SSH_LOG(SSH_LOG_TRACE,
"Failed to get ed25519 raw public key: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
type = SSH_KEYTYPE_ED25519; type = SSH_KEYTYPE_ED25519;
} }
@@ -1113,6 +1130,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
key->flags = SSH_KEY_FLAG_PRIVATE | SSH_KEY_FLAG_PUBLIC; key->flags = SSH_KEY_FLAG_PRIVATE | SSH_KEY_FLAG_PUBLIC;
key->key = pkey; key->key = pkey;
key->ed25519_privkey = ed25519; key->ed25519_privkey = ed25519;
key->ed25519_pubkey = ed25519_pubkey;
#ifdef HAVE_OPENSSL_ECC #ifdef HAVE_OPENSSL_ECC
if (is_ecdsa_key_type(key->type)) { if (is_ecdsa_key_type(key->type)) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L #if OPENSSL_VERSION_NUMBER < 0x30000000L
@@ -1128,6 +1146,7 @@ fail:
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
ssh_key_free(key); ssh_key_free(key);
SAFE_FREE(ed25519); SAFE_FREE(ed25519);
SAFE_FREE(ed25519_pubkey);
return NULL; return NULL;
} }