Use EVP_PKEY as a key type in key structs

Merge multiple key variables into one variable. Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2026-02-04 20:30:38 +09:00 · 2022-06-23 15:44:41 +00:00
parent 7792d38157
commit a9dddd89aa
7 changed files with 134 additions and 22 deletions
--- a/include/libssh/crypto.h
+++ b/include/libssh/crypto.h
@@ -111,7 +111,15 @@ struct ssh_crypto_struct {
 #endif /* WITH_GEX */
 #ifdef HAVE_ECDH
 #ifdef HAVE_OPENSSL_ECC
+/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
+ * https://github.com/openssl/openssl/pull/16624
+ * #if OPENSSL_VERSION_NUMBER < 0x30000000L
+ */
+#if 1
    EC_KEY *ecdh_privkey;
+#else
+    EVP_PKEY *ecdh_privkey;
+#endif /* OPENSSL_VERSION_NUMBER */
 #elif defined HAVE_GCRYPT_ECC
    gcry_sexp_t ecdh_privkey;
 #elif defined HAVE_LIBMBEDCRYPTO
--- a/include/libssh/keys.h
+++ b/include/libssh/keys.h
@@ -32,8 +32,12 @@ struct ssh_public_key_struct {
    gcry_sexp_t dsa_pub;
    gcry_sexp_t rsa_pub;
 #elif defined(HAVE_LIBCRYPTO)
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
    DSA *dsa_pub;
    RSA *rsa_pub;
+#else /* OPENSSL_VERSION_NUMBER */
+    EVP_PKEY *key_pub;
+#endif
 #elif defined(HAVE_LIBMBEDCRYPTO)
    mbedtls_pk_context *rsa_pub;
    void *dsa_pub;
@@ -46,8 +50,12 @@ struct ssh_private_key_struct {
    gcry_sexp_t dsa_priv;
    gcry_sexp_t rsa_priv;
 #elif defined(HAVE_LIBCRYPTO)
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
    DSA *dsa_priv;
    RSA *rsa_priv;
+#else
+    EVP_PKEY *key_priv;
+#endif /* OPENSSL_VERSION_NUMBER */
 #elif defined(HAVE_LIBMBEDCRYPTO)
    mbedtls_pk_context *rsa_priv;
    void *dsa_priv;
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -65,14 +65,20 @@ struct ssh_key_struct {
    mbedtls_ecdsa_context *ecdsa;
    void *dsa;
 #elif defined(HAVE_LIBCRYPTO)
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
    DSA *dsa;
    RSA *rsa;
-    EVP_PKEY *key; /* Saving the OpenSSL context here to save time while converting*/
+#endif /* OPENSSL_VERSION_NUMBER */
+/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
+ * https://github.com/openssl/openssl/pull/16624
+ * Move into the #if above
+ */
 # if defined(HAVE_OPENSSL_ECC)
    EC_KEY *ecdsa;
 # else
    void *ecdsa;
 # endif /* HAVE_OPENSSL_EC_H */
+    EVP_PKEY *key; /* Saving the OpenSSL context here to save time while converting*/
 #endif /* HAVE_LIBGCRYPT */
 #ifdef HAVE_OPENSSL_ED25519
    uint8_t *ed25519_pubkey;