pki_crypto: Fix private key generation with password

We need to specify a cipher when we generate a key with a password.
OpenSSH uses aes_128_cbc, so we should use the same.

Thanks to Julian Lunz for the report.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

src/pki_crypto.c

@@ -662,7 +662,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
             } else {
                 rc = PEM_write_bio_DSAPrivateKey(mem,
                                                  key->dsa,
-                                                 NULL, /* cipher */
+                                                 EVP_aes_128_cbc(),
                                                  NULL, /* kstr */
                                                  0, /* klen */
                                                  NULL, /* auth_fn */
@@ -687,7 +687,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
             } else {
                 rc = PEM_write_bio_RSAPrivateKey(mem,
                                                  key->rsa,
-                                                 NULL, /* cipher */
+                                                 EVP_aes_128_cbc(),
                                                  NULL, /* kstr */
                                                  0, /* klen */
                                                  NULL, /* auth_fn */
@@ -712,7 +712,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
             } else {
                 rc = PEM_write_bio_ECPrivateKey(mem,
                                                 key->ecdsa,
-                                                NULL, /* cipher */
+                                                EVP_aes_128_cbc(),
                                                 NULL, /* kstr */
                                                 0, /* klen */
                                                 NULL, /* auth_fn */

tests/unittests/torture_pki_dsa.c

@@ -81,7 +81,7 @@ static void torture_pki_dsa_write_privkey(void **state)
     unlink(LIBSSH_DSA_TESTKEY);
 
     rc = ssh_pki_export_privkey_file(origkey,
-                                     "",
+                                     NULL,
                                      NULL,
                                      NULL,
                                      LIBSSH_DSA_TESTKEY);

tests/unittests/torture_pki_ecdsa.c

@@ -354,7 +354,7 @@ static void torture_pki_ecdsa_write_privkey(void **state)
     unlink(LIBSSH_ECDSA_TESTKEY);
 
     rc = ssh_pki_export_privkey_file(origkey,
-                                     "",
+                                     NULL,
                                      NULL,
                                      NULL,
                                      LIBSSH_ECDSA_TESTKEY);

tests/unittests/torture_pki_rsa.c

@@ -434,7 +434,7 @@ static void torture_pki_rsa_write_privkey(void **state)
     unlink(LIBSSH_RSA_TESTKEY);
 
     rc = ssh_pki_export_privkey_file(origkey,
-                                     "",
+                                     NULL,
                                      NULL,
                                      NULL,
                                      LIBSSH_RSA_TESTKEY);