pki_crypto: Fix private key generation with password

We need to specify a cipher when we generate a key with a password. OpenSSH uses aes_128_cbc, so we should use the same. Thanks to Julian Lunz for the report. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2026-02-11 18:50:28 +09:00 · 2018-01-09 20:20:53 +01:00
parent b0af812710
commit 67b8f3d6df
4 changed files with 6 additions and 6 deletions
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -662,7 +662,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
            } else {
                rc = PEM_write_bio_DSAPrivateKey(mem,
                                                 key->dsa,
-                                                 NULL, /* cipher */
+                                                 EVP_aes_128_cbc(),
                                                 NULL, /* kstr */
                                                 0, /* klen */
                                                 NULL, /* auth_fn */
@@ -687,7 +687,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
            } else {
                rc = PEM_write_bio_RSAPrivateKey(mem,
                                                 key->rsa,
-                                                 NULL, /* cipher */
+                                                 EVP_aes_128_cbc(),
                                                 NULL, /* kstr */
                                                 0, /* klen */
                                                 NULL, /* auth_fn */
@@ -712,7 +712,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
            } else {
                rc = PEM_write_bio_ECPrivateKey(mem,
                                                key->ecdsa,
-                                                NULL, /* cipher */
+                                                EVP_aes_128_cbc(),
                                                NULL, /* kstr */
                                                0, /* klen */
                                                NULL, /* auth_fn */
--- a/tests/unittests/torture_pki_dsa.c
+++ b/tests/unittests/torture_pki_dsa.c
@@ -81,7 +81,7 @@ static void torture_pki_dsa_write_privkey(void **state)
    unlink(LIBSSH_DSA_TESTKEY);
    rc = ssh_pki_export_privkey_file(origkey,
-                                     "",
+                                     NULL,
                                     NULL,
                                     NULL,
                                     LIBSSH_DSA_TESTKEY);
--- a/tests/unittests/torture_pki_ecdsa.c
+++ b/tests/unittests/torture_pki_ecdsa.c
@@ -354,7 +354,7 @@ static void torture_pki_ecdsa_write_privkey(void **state)
    unlink(LIBSSH_ECDSA_TESTKEY);
    rc = ssh_pki_export_privkey_file(origkey,
-                                     "",
+                                     NULL,
                                     NULL,
                                     NULL,
                                     LIBSSH_ECDSA_TESTKEY);
--- a/tests/unittests/torture_pki_rsa.c
+++ b/tests/unittests/torture_pki_rsa.c
@@ -434,7 +434,7 @@ static void torture_pki_rsa_write_privkey(void **state)
    unlink(LIBSSH_RSA_TESTKEY);
    rc = ssh_pki_export_privkey_file(origkey,
-                                     "",
+                                     NULL,
                                     NULL,
                                     NULL,
                                     LIBSSH_RSA_TESTKEY);