aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2019-02-04 23:02:15 +0100
committerAndreas Schneider <asn@cryptomilk.org>2019-02-07 10:30:05 +0100
commit128015bb1795898ef83460f0387eacc9b10ed798 (patch)
tree4cc39f404e38c6481bd9d3075ea2dbdbe591fb05
parent5700477f3e69c261608a14b1b2ff6c17104147fd (diff)
downloadlibssh-128015bb1795898ef83460f0387eacc9b10ed798.tar.gz
libssh-128015bb1795898ef83460f0387eacc9b10ed798.tar.xz
libssh-128015bb1795898ef83460f0387eacc9b10ed798.zip
pki_container_openssh: Add padding to be compatible with OpenSSH
OpenSSH has a block size of 8 so we need to always add padding. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--src/pki_container_openssh.c24
1 files changed, 14 insertions, 10 deletions
diff --git a/src/pki_container_openssh.c b/src/pki_container_openssh.c
index 2daba150..9119a8bb 100644
--- a/src/pki_container_openssh.c
+++ b/src/pki_container_openssh.c
@@ -411,7 +411,7 @@ static int pki_openssh_export_privkey_blob(const ssh_key privkey,
return SSH_ERROR;
}
if (privkey->ed25519_privkey == NULL ||
- privkey->ed25519_pubkey == NULL){
+ privkey->ed25519_pubkey == NULL) {
return SSH_ERROR;
}
rc = ssh_buffer_pack(buffer,
@@ -444,7 +444,6 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer,
char passphrase_buffer[128];
int rc;
int i;
- uint8_t padding = 1;
int cmp;
cmp = strcmp(ciphername, "none");
@@ -471,14 +470,6 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer,
SSH_LOG(SSH_LOG_WARN, "Unsupported KDF %s", kdfname);
return SSH_ERROR;
}
- while (ssh_buffer_get_len(privkey_buffer) % cipher.blocksize != 0) {
- rc = ssh_buffer_add_u8(privkey_buffer, padding);
- if (rc < 0) {
- return SSH_ERROR;
- }
- padding++;
- }
-
/* We need material for key (keysize bits / 8) and IV (blocksize) */
key_material_len = cipher.keysize/8 + cipher.blocksize;
if (key_material_len > sizeof(key_material)){
@@ -555,6 +546,7 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
int to_encrypt=0;
unsigned char *b64;
uint32_t str_len, len;
+ uint8_t padding = 1;
int ok;
int rc;
@@ -605,6 +597,18 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
goto error;
}
+ /* Add padding regardless encryption because it is expected
+ * by OpenSSH tools.
+ * XXX Using 16 B as we use only AES cipher below anyway.
+ */
+ while (ssh_buffer_get_len(privkey_buffer) % 16 != 0) {
+ rc = ssh_buffer_add_u8(privkey_buffer, padding);
+ if (rc < 0) {
+ goto error;
+ }
+ padding++;
+ }
+
if (to_encrypt){
ssh_buffer kdf_buf;