Date: Thursday, March 22, 2018 @ 20:38:30
Author: bisson
Revision: 319836
update for 7.7
Modified:
openssh/trunk/openssl-1.1.0.patch
---------------------+
openssl-1.1.0.patch | 238 +++++++++++++++++++++++++-------------------------
1 file changed, 120 insertions(+), 118 deletions(-)
Modified: openssl-1.1.0.patch
===================================================================
--- openssl-1.1.0.patch 2018-03-22 20:36:17 UTC (rev 319835)
+++ openssl-1.1.0.patch 2018-03-22 20:38:30 UTC (rev 319836)
@@ -1,6 +1,6 @@
diff -Naur old/auth-pam.c new/auth-pam.c
---- old/auth-pam.c 2017-10-03 21:49:05.363829772 -1000
-+++ new/auth-pam.c 2017-10-03 21:55:50.869718862 -1000
+--- old/auth-pam.c 2018-02-22 20:00:52.000000000 -1000
++++ new/auth-pam.c 2018-03-22 09:28:01.384146852 -1000
@@ -128,6 +128,10 @@
typedef pthread_t sp_pthread_t;
#else
@@ -13,8 +13,8 @@
struct pam_ctxt {
diff -Naur old/cipher.c new/cipher.c
---- old/cipher.c 2017-10-03 21:49:05.367162904 -1000
-+++ new/cipher.c 2017-10-03 21:55:50.869718862 -1000
+--- old/cipher.c 2018-02-22 20:00:52.000000000 -1000
++++ new/cipher.c 2018-03-22 09:28:01.385146886 -1000
@@ -297,7 +297,10 @@
goto out;
}
@@ -27,7 +27,7 @@
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
-@@ -486,7 +489,7 @@
+@@ -483,7 +486,7 @@
len, iv))
return SSH_ERR_LIBCRYPTO_ERROR;
} else
@@ -36,7 +36,7 @@
#endif
return 0;
}
-@@ -520,14 +523,19 @@
+@@ -517,14 +520,19 @@
EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv))
return SSH_ERR_LIBCRYPTO_ERROR;
} else
@@ -60,8 +60,8 @@
int
diff -Naur old/cipher.h new/cipher.h
---- old/cipher.h 2017-10-03 21:49:05.367162904 -1000
-+++ new/cipher.h 2017-10-03 21:55:50.869718862 -1000
+--- old/cipher.h 2018-02-22 20:00:52.000000000 -1000
++++ new/cipher.h 2018-03-22 09:28:01.385146886 -1000
@@ -46,7 +46,18 @@
#define CIPHER_DECRYPT 0
@@ -82,9 +82,9 @@
const struct sshcipher *cipher_by_name(const char *);
const char *cipher_warning_message(const struct sshcipher_ctx *);
diff -Naur old/configure new/configure
---- old/configure 2017-10-03 21:49:05.410493626 -1000
-+++ new/configure 2017-10-03 22:01:49.159050540 -1000
-@@ -12688,7 +12688,6 @@
+--- old/configure 2018-02-23 03:30:10.000000000 -1000
++++ new/configure 2018-03-22 09:28:01.391147093 -1000
+@@ -12847,7 +12847,6 @@
100*) ;; # 1.0.x
200*) ;; # LibreSSL
*)
@@ -93,9 +93,9 @@
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result:
$ssl_library_ver" >&5
diff -Naur old/dh.c new/dh.c
---- old/dh.c 2017-10-03 21:49:05.370496037 -1000
-+++ new/dh.c 2017-10-03 21:55:50.869718862 -1000
-@@ -212,14 +212,15 @@
+--- old/dh.c 2018-02-22 20:00:52.000000000 -1000
++++ new/dh.c 2018-03-22 09:28:01.392147128 -1000
+@@ -211,14 +211,15 @@
/* diffie-hellman-groupN-sha1 */
int
@@ -113,7 +113,7 @@
logit("invalid public DH value: negative");
return 0;
}
-@@ -232,7 +233,8 @@
+@@ -231,7 +232,8 @@
error("%s: BN_new failed", __func__);
return 0;
}
@@ -123,7 +123,7 @@
BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */
BN_clear_free(tmp);
logit("invalid public DH value: >= p-1");
-@@ -243,14 +245,14 @@
+@@ -242,14 +244,14 @@
for (i = 0; i <= n; i++)
if (BN_is_bit_set(dh_pub, i))
bits_set++;
@@ -140,7 +140,7 @@
return 0;
}
return 1;
-@@ -260,9 +262,13 @@
+@@ -259,9 +261,13 @@
dh_gen_key(DH *dh, int need)
{
int pbits;
@@ -156,7 +156,7 @@
need > INT_MAX / 2 || 2 * need > pbits)
return SSH_ERR_INVALID_ARGUMENT;
if (need < 256)
-@@ -271,10 +277,13 @@
+@@ -270,10 +276,13 @@
* Pollard Rho, Big step/Little Step attacks are O(sqrt(n)),
* so double requested need here.
*/
@@ -174,7 +174,7 @@
return SSH_ERR_LIBCRYPTO_ERROR;
}
return 0;
-@@ -283,16 +292,27 @@
+@@ -282,16 +291,27 @@
DH *
dh_new_group_asc(const char *gen, const char *modulus)
{
@@ -209,7 +209,7 @@
}
/*
-@@ -307,8 +327,8 @@
+@@ -306,8 +326,8 @@
if ((dh = DH_new()) == NULL)
return NULL;
@@ -221,8 +221,8 @@
return (dh);
}
diff -Naur old/dh.h new/dh.h
---- old/dh.h 2017-10-03 21:49:05.370496037 -1000
-+++ new/dh.h 2017-10-03 21:55:50.869718862 -1000
+--- old/dh.h 2018-02-22 20:00:52.000000000 -1000
++++ new/dh.h 2018-03-22 09:28:01.399147369 -1000
@@ -42,7 +42,7 @@
DH *dh_new_group_fallback(int);
@@ -233,8 +233,8 @@
u_int dh_estimate(int);
diff -Naur old/digest-openssl.c new/digest-openssl.c
---- old/digest-openssl.c 2017-10-03 21:49:05.370496037 -1000
-+++ new/digest-openssl.c 2017-10-03 21:55:50.869718862 -1000
+--- old/digest-openssl.c 2018-02-22 20:00:52.000000000 -1000
++++ new/digest-openssl.c 2018-03-22 09:28:01.399147369 -1000
@@ -43,7 +43,7 @@
struct ssh_digest_ctx {
@@ -307,8 +307,8 @@
free(ctx);
}
diff -Naur old/kexdhc.c new/kexdhc.c
---- old/kexdhc.c 2017-10-03 21:49:05.373829169 -1000
-+++ new/kexdhc.c 2017-10-03 21:55:50.869718862 -1000
+--- old/kexdhc.c 2018-02-22 20:00:52.000000000 -1000
++++ new/kexdhc.c 2018-03-22 09:28:01.399147369 -1000
@@ -81,11 +81,16 @@
goto out;
}
@@ -354,10 +354,10 @@
+ }
if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,
- ssh->compat)) != 0)
+ kex->hostkey_alg, ssh->compat)) != 0)
diff -Naur old/kexdhs.c new/kexdhs.c
---- old/kexdhs.c 2017-10-03 21:49:05.373829169 -1000
-+++ new/kexdhs.c 2017-10-03 21:55:50.869718862 -1000
+--- old/kexdhs.c 2018-02-22 20:00:52.000000000 -1000
++++ new/kexdhs.c 2018-03-22 09:28:01.400147404 -1000
@@ -87,6 +87,10 @@
ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_INIT, &input_kex_dh_init);
r = 0;
@@ -415,8 +415,8 @@
if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
r = kex_send_newkeys(ssh);
diff -Naur old/kexgexc.c new/kexgexc.c
---- old/kexgexc.c 2017-10-03 21:49:05.373829169 -1000
-+++ new/kexgexc.c 2017-10-03 21:55:50.869718862 -1000
+--- old/kexgexc.c 2018-02-22 20:00:52.000000000 -1000
++++ new/kexgexc.c 2018-03-22 09:31:08.089451598 -1000
@@ -118,11 +118,17 @@
p = g = NULL; /* belong to kex->dh now */
@@ -439,22 +439,16 @@
debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
#ifdef DEBUG_KEXDH
DHparams_print_fp(stderr, kex->dh);
-@@ -134,10 +140,12 @@
- ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY,
&input_kex_dh_gex_reply);
- r = 0;
+@@ -136,6 +142,8 @@
out:
-- if (p)
-+ if (r != 0) {
- BN_clear_free(p);
-- if (g)
- BN_clear_free(g);
-+ DH_free(kex->dh);
-+ kex->dh = NULL;
-+ }
+ BN_clear_free(p);
+ BN_clear_free(g);
++ DH_free(kex->dh);
++ kex->dh = NULL;
return r;
}
-@@ -214,6 +222,10 @@
+@@ -212,6 +220,10 @@
/* calc and verify H */
hashlen = sizeof(hash);
@@ -465,7 +459,7 @@
if ((r = kexgex_hash(
kex->hash_alg,
kex->client_version_string,
-@@ -222,12 +234,14 @@
+@@ -220,12 +232,14 @@
sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
server_host_key_blob, sbloblen,
kex->min, kex->nbits, kex->max,
@@ -482,10 +476,10 @@
+ }
if ((r = sshkey_verify(server_host_key, signature, slen, hash,
- hashlen, ssh->compat)) != 0)
+ hashlen, kex->hostkey_alg, ssh->compat)) != 0)
diff -Naur old/kexgexs.c new/kexgexs.c
---- old/kexgexs.c 2017-10-03 21:49:05.373829169 -1000
-+++ new/kexgexs.c 2017-10-03 21:55:50.869718862 -1000
+--- old/kexgexs.c 2018-02-22 20:00:52.000000000 -1000
++++ new/kexgexs.c 2018-03-22 09:28:01.491150543 -1000
@@ -101,11 +101,16 @@
goto out;
}
@@ -567,9 +561,9 @@
if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
r = kex_send_newkeys(ssh);
diff -Naur old/monitor.c new/monitor.c
---- old/monitor.c 2017-10-03 21:49:05.377162302 -1000
-+++ new/monitor.c 2017-10-03 21:55:50.869718862 -1000
-@@ -586,10 +586,12 @@
+--- old/monitor.c 2018-02-22 20:00:52.000000000 -1000
++++ new/monitor.c 2018-03-22 09:28:01.492150578 -1000
+@@ -590,10 +590,12 @@
buffer_put_char(m, 0);
return (0);
} else {
@@ -585,8 +579,8 @@
DH_free(dh);
}
diff -Naur old/openbsd-compat/openssl-compat.c
new/openbsd-compat/openssl-compat.c
---- old/openbsd-compat/openssl-compat.c 2017-10-03 21:49:05.397161097
-1000
-+++ new/openbsd-compat/openssl-compat.c 2017-10-03 21:55:50.886387486
-1000
+--- old/openbsd-compat/openssl-compat.c 2018-02-22 20:00:52.000000000
-1000
++++ new/openbsd-compat/openssl-compat.c 2018-03-22 09:28:01.492150578
-1000
@@ -75,7 +75,6 @@
/* Enable use of crypto hardware */
ENGINE_load_builtin_engines();
@@ -596,8 +590,8 @@
#endif
diff -Naur old/regress/unittests/sshkey/test_file.c
new/regress/unittests/sshkey/test_file.c
---- old/regress/unittests/sshkey/test_file.c 2017-10-03 21:49:05.387161699
-1000
-+++ new/regress/unittests/sshkey/test_file.c 2017-10-03 21:55:50.883053761
-1000
+--- old/regress/unittests/sshkey/test_file.c 2018-02-22 20:00:52.000000000
-1000
++++ new/regress/unittests/sshkey/test_file.c 2018-03-22 09:28:01.492150578
-1000
@@ -60,9 +60,14 @@
a = load_bignum("rsa_1.param.n");
b = load_bignum("rsa_1.param.p");
@@ -635,8 +629,8 @@
BN_free(b);
BN_free(c);
diff -Naur old/regress/unittests/sshkey/test_sshkey.c
new/regress/unittests/sshkey/test_sshkey.c
---- old/regress/unittests/sshkey/test_sshkey.c 2017-10-03 21:49:05.387161699
-1000
-+++ new/regress/unittests/sshkey/test_sshkey.c 2017-10-03 21:55:50.883053761
-1000
+--- old/regress/unittests/sshkey/test_sshkey.c 2018-02-22 20:00:52.000000000
-1000
++++ new/regress/unittests/sshkey/test_sshkey.c 2018-03-22 09:28:01.493150612
-1000
@@ -197,9 +197,14 @@
k1 = sshkey_new(KEY_RSA);
ASSERT_PTR_NE(k1, NULL);
@@ -775,8 +769,8 @@
TEST_START("equal KEY_DSA/demoted KEY_DSA");
diff -Naur old/ssh-dss.c new/ssh-dss.c
---- old/ssh-dss.c 2017-10-03 21:49:05.403827361 -1000
-+++ new/ssh-dss.c 2017-10-03 21:55:50.869718862 -1000
+--- old/ssh-dss.c 2018-02-22 20:00:52.000000000 -1000
++++ new/ssh-dss.c 2018-03-22 09:28:01.493150612 -1000
@@ -53,6 +53,7 @@
DSA_SIG *sig = NULL;
u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN];
@@ -804,9 +798,9 @@
+ BN_bn2bin(r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
+ BN_bn2bin(s, sigblob + SIGBLOB_LEN - slen);
- if (compat & SSH_BUG_SIGBLOB) {
- if (sigp != NULL) {
-@@ -176,17 +178,26 @@
+ if ((b = sshbuf_new()) == NULL) {
+ ret = SSH_ERR_ALLOC_FAIL;
+@@ -154,17 +156,26 @@
}
/* parse signature */
@@ -838,8 +832,8 @@
/* sha1 the data */
if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
diff -Naur old/ssh-ecdsa.c new/ssh-ecdsa.c
---- old/ssh-ecdsa.c 2017-10-03 21:49:05.403827361 -1000
-+++ new/ssh-ecdsa.c 2017-10-03 21:55:50.869718862 -1000
+--- old/ssh-ecdsa.c 2018-02-22 20:00:52.000000000 -1000
++++ new/ssh-ecdsa.c 2018-03-22 09:28:01.493150612 -1000
@@ -80,9 +80,14 @@
ret = SSH_ERR_ALLOC_FAIL;
goto out;
@@ -857,7 +851,7 @@
if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 ||
(ret = sshbuf_put_stringb(b, bb)) != 0)
goto out;
-@@ -151,11 +156,27 @@
+@@ -150,11 +155,27 @@
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
@@ -888,9 +882,9 @@
ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
goto out;
diff -Naur old/ssh-keygen.c new/ssh-keygen.c
---- old/ssh-keygen.c 2017-10-03 21:49:05.403827361 -1000
-+++ new/ssh-keygen.c 2017-10-03 21:55:50.869718862 -1000
-@@ -496,11 +496,33 @@
+--- old/ssh-keygen.c 2018-02-22 20:00:52.000000000 -1000
++++ new/ssh-keygen.c 2018-03-22 09:28:01.494150647 -1000
+@@ -489,11 +489,33 @@
switch (key->type) {
case KEY_DSA:
@@ -929,7 +923,7 @@
break;
case KEY_RSA:
if ((r = sshbuf_get_u8(b, &e1)) != 0 ||
-@@ -517,16 +539,52 @@
+@@ -510,16 +532,52 @@
e += e3;
debug("e %lx", e);
}
@@ -988,7 +982,7 @@
if ((r = ssh_rsa_generate_additional_parameters(key)) != 0)
fatal("generate RSA parameters failed: %s", ssh_err(r));
break;
-@@ -636,7 +694,7 @@
+@@ -629,7 +687,7 @@
identity_file);
}
fclose(fp);
@@ -997,7 +991,7 @@
case EVP_PKEY_RSA:
if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
fatal("sshkey_new failed");
-@@ -660,7 +718,7 @@
+@@ -653,7 +711,7 @@
#endif
default:
fatal("%s: unsupported pubkey type %d", __func__,
@@ -1007,9 +1001,9 @@
EVP_PKEY_free(pubkey);
return;
diff -Naur old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c
---- old/ssh-pkcs11-client.c 2017-10-03 21:49:05.403827361 -1000
-+++ new/ssh-pkcs11-client.c 2017-10-03 21:55:50.869718862 -1000
-@@ -143,12 +143,13 @@
+--- old/ssh-pkcs11-client.c 2018-02-22 20:00:52.000000000 -1000
++++ new/ssh-pkcs11-client.c 2018-03-22 09:28:01.495150681 -1000
+@@ -144,12 +144,13 @@
static int
wrap_key(RSA *rsa)
{
@@ -1029,8 +1023,8 @@
}
diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c
---- old/ssh-pkcs11.c 2017-10-03 21:49:05.403827361 -1000
-+++ new/ssh-pkcs11.c 2017-10-03 21:55:50.869718862 -1000
+--- old/ssh-pkcs11.c 2018-02-22 20:00:52.000000000 -1000
++++ new/ssh-pkcs11.c 2018-03-22 09:33:03.209227196 -1000
@@ -67,7 +67,7 @@
struct pkcs11_provider *provider;
CK_ULONG slotidx;
@@ -1087,7 +1081,7 @@
}
} else {
cp = attribs[2].pValue;
-@@ -525,17 +536,20 @@
+@@ -525,16 +536,19 @@
== NULL) {
error("d2i_X509 failed");
} else if ((evp = X509_get_pubkey(x509)) == NULL ||
@@ -1101,8 +1095,7 @@
== NULL) {
error("RSAPublicKey_dup");
}
- if (x509)
- X509_free(x509);
+ X509_free(x509);
}
- if (rsa && rsa->n && rsa->e &&
+ {
@@ -1112,7 +1105,7 @@
pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
fatal("sshkey_new failed");
-@@ -555,6 +569,7 @@
+@@ -554,6 +568,7 @@
} else if (rsa) {
RSA_free(rsa);
}
@@ -1121,16 +1114,27 @@
free(attribs[i].pValue);
}
diff -Naur old/ssh-rsa.c new/ssh-rsa.c
---- old/ssh-rsa.c 2017-10-03 21:49:05.403827361 -1000
-+++ new/ssh-rsa.c 2017-10-03 22:06:32.005937158 -1000
-@@ -99,13 +99,27 @@
+--- old/ssh-rsa.c 2018-02-22 20:00:52.000000000 -1000
++++ new/ssh-rsa.c 2018-03-22 10:32:52.129946056 -1000
+@@ -84,7 +84,6 @@
+ {
+ BIGNUM *aux = NULL;
+ BN_CTX *ctx = NULL;
+- BIGNUM d;
+ int r;
+
+ if (key == NULL || key->rsa == NULL ||
+@@ -99,16 +98,27 @@
}
- rsa = key->rsa;
+ BN_set_flags(aux, BN_FLG_CONSTTIME);
-- if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
-- (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
-- (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
-- (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) {
+- BN_init(&d);
+- BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME);
+-
+- if ((BN_sub(aux, key->rsa->q, BN_value_one()) == 0) ||
+- (BN_mod(key->rsa->dmq1, &d, aux, ctx) == 0) ||
+- (BN_sub(aux, key->rsa->p, BN_value_one()) == 0) ||
+- (BN_mod(key->rsa->dmp1, &d, aux, ctx) == 0)) {
+ {
+ const BIGNUM *q, *d, *p;
+ BIGNUM *dmq1=NULL, *dmp1=NULL;
@@ -1139,13 +1143,13 @@
+ r = SSH_ERR_ALLOC_FAIL;
+ goto out;
+ }
-+ RSA_get0_key(rsa, NULL, NULL, &d);
-+ RSA_get0_factors(rsa, &p, &q);
++ RSA_get0_key(key->rsa, NULL, NULL, &d);
++ RSA_get0_factors(key->rsa, &p, &q);
+ if ((BN_sub(aux, q, BN_value_one()) == 0) ||
+ (BN_mod(dmq1, d, aux, ctx) == 0) ||
+ (BN_sub(aux, p, BN_value_one()) == 0) ||
+ (BN_mod(dmp1, d, aux, ctx) == 0) ||
-+ RSA_set0_crt_params(rsa, dmp1, dmq1, NULL) == 0) {
++ RSA_set0_crt_params(key->rsa, dmp1, dmq1, NULL) == 0) {
r = SSH_ERR_LIBCRYPTO_ERROR;
+ BN_clear_free(dmp1);
+ BN_clear_free(dmq1);
@@ -1155,7 +1159,7 @@
r = 0;
out:
BN_clear_free(aux);
-@@ -136,7 +150,7 @@
+@@ -139,7 +149,7 @@
if (key == NULL || key->rsa == NULL || hash_alg == -1 ||
sshkey_type_plain(key->type) != KEY_RSA)
return SSH_ERR_INVALID_ARGUMENT;
@@ -1164,7 +1168,7 @@
return SSH_ERR_KEY_LENGTH;
slen = RSA_size(key->rsa);
if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
-@@ -210,7 +224,7 @@
+@@ -211,7 +221,7 @@
sshkey_type_plain(key->type) != KEY_RSA ||
sig == NULL || siglen == 0)
return SSH_ERR_INVALID_ARGUMENT;
@@ -1174,8 +1178,8 @@
if ((b = sshbuf_from(sig, siglen)) == NULL)
diff -Naur old/sshkey.c new/sshkey.c
---- old/sshkey.c 2017-10-03 21:49:05.407160494 -1000
-+++ new/sshkey.c 2017-10-03 22:16:31.124964276 -1000
+--- old/sshkey.c 2018-02-22 20:00:52.000000000 -1000
++++ new/sshkey.c 2018-03-22 09:47:09.515312078 -1000
@@ -264,10 +264,18 @@
#ifdef WITH_OPENSSL
case KEY_RSA:
@@ -1196,7 +1200,7 @@
case KEY_ECDSA:
case KEY_ECDSA_CERT:
return sshkey_curve_nid_to_bits(k->ecdsa_nid);
-@@ -466,28 +474,55 @@
+@@ -465,26 +473,53 @@
#ifdef WITH_OPENSSL
case KEY_RSA:
case KEY_RSA_CERT:
@@ -1209,8 +1213,7 @@
+ (e = BN_new()) == NULL) {
+ BN_free(n);
+ BN_free(e);
- if (rsa != NULL)
- RSA_free(rsa);
+ RSA_free(rsa);
free(k);
return NULL;
}
@@ -1238,8 +1241,7 @@
+ BN_free(q);
+ BN_free(g);
+ BN_free(pubkey);
- if (dsa != NULL)
- DSA_free(dsa);
+ DSA_free(dsa);
free(k);
return NULL;
}
@@ -1258,7 +1260,7 @@
k->dsa = dsa;
break;
case KEY_ECDSA:
-@@ -523,6 +558,51 @@
+@@ -520,6 +555,51 @@
#ifdef WITH_OPENSSL
case KEY_RSA:
case KEY_RSA_CERT:
@@ -1310,7 +1312,7 @@
#define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL)
if (bn_maybe_alloc_failed(k->rsa->d) ||
bn_maybe_alloc_failed(k->rsa->iqmp) ||
-@@ -531,13 +611,28 @@
+@@ -528,13 +608,28 @@
bn_maybe_alloc_failed(k->rsa->dmq1) ||
bn_maybe_alloc_failed(k->rsa->dmp1))
return SSH_ERR_ALLOC_FAIL;
@@ -1339,7 +1341,7 @@
case KEY_ECDSA:
case KEY_ECDSA_CERT:
/* Cannot do anything until we know the group */
-@@ -655,16 +750,34 @@
+@@ -642,16 +737,34 @@
#ifdef WITH_OPENSSL
case KEY_RSA_CERT:
case KEY_RSA:
@@ -1382,7 +1384,7 @@
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA_CERT:
case KEY_ECDSA:
-@@ -742,12 +855,17 @@
+@@ -729,12 +842,17 @@
case KEY_DSA:
if (key->dsa == NULL)
return SSH_ERR_INVALID_ARGUMENT;
@@ -1404,7 +1406,7 @@
break;
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA:
-@@ -763,10 +881,14 @@
+@@ -750,10 +868,14 @@
case KEY_RSA:
if (key->rsa == NULL)
return SSH_ERR_INVALID_ARGUMENT;
@@ -1421,7 +1423,7 @@
break;
#endif /* WITH_OPENSSL */
case KEY_ED25519:
-@@ -1643,13 +1765,32 @@
+@@ -1622,13 +1744,32 @@
case KEY_DSA_CERT:
if ((n = sshkey_new(k->type)) == NULL)
return SSH_ERR_ALLOC_FAIL;
@@ -1458,7 +1460,7 @@
break;
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA:
-@@ -1673,11 +1814,23 @@
+@@ -1652,11 +1793,23 @@
case KEY_RSA_CERT:
if ((n = sshkey_new(k->type)) == NULL)
return SSH_ERR_ALLOC_FAIL;
@@ -1484,7 +1486,7 @@
break;
#endif /* WITH_OPENSSL */
case KEY_ED25519:
-@@ -1875,12 +2028,27 @@
+@@ -1854,12 +2007,27 @@
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
@@ -1515,7 +1517,7 @@
ret = SSH_ERR_KEY_LENGTH;
goto out;
}
-@@ -1900,13 +2068,36 @@
+@@ -1879,13 +2047,36 @@
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
@@ -1556,7 +1558,7 @@
#ifdef DEBUG_PK
DSA_print_fp(stderr, key->dsa, 8);
#endif
-@@ -2140,26 +2331,63 @@
+@@ -2143,26 +2334,63 @@
goto fail;
/* FALLTHROUGH */
case KEY_RSA:
@@ -1628,7 +1630,7 @@
break;
case KEY_ECDSA_CERT:
if ((ret = sshkey_cert_copy(k, pk)) != 0)
-@@ -2281,11 +2509,17 @@
+@@ -2284,11 +2512,17 @@
switch (k->type) {
#ifdef WITH_OPENSSL
case KEY_DSA_CERT:
@@ -1650,7 +1652,7 @@
break;
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA_CERT:
-@@ -2298,9 +2532,15 @@
+@@ -2301,9 +2535,15 @@
break;
# endif /* OPENSSL_HAS_ECC */
case KEY_RSA_CERT:
@@ -1668,7 +1670,7 @@
break;
#endif /* WITH_OPENSSL */
case KEY_ED25519_CERT:
-@@ -2474,42 +2714,67 @@
+@@ -2477,42 +2717,67 @@
switch (key->type) {
#ifdef WITH_OPENSSL
case KEY_RSA:
@@ -1752,7 +1754,7 @@
break;
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA:
-@@ -2585,18 +2850,61 @@
+@@ -2588,18 +2853,61 @@
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
@@ -1821,7 +1823,7 @@
break;
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA:
-@@ -2655,29 +2963,104 @@
+@@ -2658,29 +2966,104 @@
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
@@ -1940,7 +1942,7 @@
r = SSH_ERR_KEY_LENGTH;
goto out;
}
-@@ -3395,7 +3778,6 @@
+@@ -3390,7 +3773,6 @@
switch (pem_reason) {
case EVP_R_BAD_DECRYPT:
return SSH_ERR_KEY_WRONG_PASSPHRASE;
@@ -1948,7 +1950,7 @@
case EVP_R_DECODE_ERROR:
#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR
case EVP_R_PRIVATE_KEY_DECODE_ERROR:
-@@ -3460,7 +3842,7 @@
+@@ -3455,7 +3837,7 @@
r = convert_libcrypto_error();
goto out;
}
@@ -1957,7 +1959,7 @@
(type == KEY_UNSPEC || type == KEY_RSA)) {
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
-@@ -3475,11 +3857,11 @@
+@@ -3470,11 +3852,11 @@
r = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
@@ -1971,7 +1973,7 @@
(type == KEY_UNSPEC || type == KEY_DSA)) {
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
-@@ -3491,7 +3873,7 @@
+@@ -3486,7 +3868,7 @@
DSA_print_fp(stderr, prv->dsa, 8);
#endif
#ifdef OPENSSL_HAS_ECC
