aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2019-02-04 23:02:15 +0100
committerAndreas Schneider <asn@cryptomilk.org>2019-02-07 13:53:03 +0100
commite69fb89e98b769ef76525ec10bca4fd81dd17431 (patch)
treeaa52a70553efa9093fbd517d7bd06dab282adc83
parentf9beb3c690ab737d22f79af4d5036ec5e8d43420 (diff)
downloadlibssh-e69fb89e98b769ef76525ec10bca4fd81dd17431.tar.gz
libssh-e69fb89e98b769ef76525ec10bca4fd81dd17431.tar.xz
libssh-e69fb89e98b769ef76525ec10bca4fd81dd17431.zip
pki_container_openssh: Add padding to be compatible with OpenSSH
OpenSSH has a block size of 8 so we need to always add padding. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 128015bb1795898ef83460f0387eacc9b10ed798)
-rw-r--r--src/pki_container_openssh.c24
1 files changed, 14 insertions, 10 deletions
diff --git a/src/pki_container_openssh.c b/src/pki_container_openssh.c
index a287d71d..3ef54f83 100644
--- a/src/pki_container_openssh.c
+++ b/src/pki_container_openssh.c
@@ -409,7 +409,7 @@ static int pki_openssh_export_privkey_blob(const ssh_key privkey,
return SSH_ERROR;
}
if (privkey->ed25519_privkey == NULL ||
- privkey->ed25519_pubkey == NULL){
+ privkey->ed25519_pubkey == NULL) {
return SSH_ERROR;
}
rc = ssh_buffer_pack(buffer,
@@ -442,7 +442,6 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer,
char passphrase_buffer[128];
int rc;
int i;
- uint8_t padding = 1;
int cmp;
cmp = strcmp(ciphername, "none");
@@ -469,14 +468,6 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer,
SSH_LOG(SSH_LOG_WARN, "Unsupported KDF %s", kdfname);
return SSH_ERROR;
}
- while (ssh_buffer_get_len(privkey_buffer) % cipher.blocksize != 0) {
- rc = ssh_buffer_add_u8(privkey_buffer, padding);
- if (rc < 0) {
- return SSH_ERROR;
- }
- padding++;
- }
-
/* We need material for key (keysize bits / 8) and IV (blocksize) */
key_material_len = cipher.keysize/8 + cipher.blocksize;
if (key_material_len > sizeof(key_material)){
@@ -553,6 +544,7 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
int to_encrypt=0;
unsigned char *b64;
uint32_t str_len, len;
+ uint8_t padding = 1;
int ok;
int rc;
@@ -603,6 +595,18 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
goto error;
}
+ /* Add padding regardless encryption because it is expected
+ * by OpenSSH tools.
+ * XXX Using 16 B as we use only AES cipher below anyway.
+ */
+ while (ssh_buffer_get_len(privkey_buffer) % 16 != 0) {
+ rc = ssh_buffer_add_u8(privkey_buffer, padding);
+ if (rc < 0) {
+ goto error;
+ }
+ padding++;
+ }
+
if (to_encrypt){
ssh_buffer kdf_buf;