Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
openssh-askpass-gnome.29884
openssh-bsc1139398-rowhammer-hardening.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssh-bsc1139398-rowhammer-hardening.patch of Package openssh-askpass-gnome.29884
diff --git a/authfd.c b/authfd.c index ecdd869..5d6a50e 100644 --- a/authfd.c +++ b/authfd.c @@ -421,7 +421,7 @@ encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign) * This call is intended only for use by ssh-add(1) and like applications. */ int -ssh_add_identity_constrained(int sock, const struct sshkey *key, +ssh_add_identity_constrained(int sock, struct sshkey *key, const char *comment, u_int life, u_int confirm, u_int maxsign) { struct sshbuf *msg; diff --git a/authfd.h b/authfd.h index a032fd5..bf452f8 100644 --- a/authfd.h +++ b/authfd.h @@ -29,7 +29,7 @@ void ssh_close_authentication_socket(int sock); int ssh_lock_agent(int sock, int lock, const char *password); int ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp); void ssh_free_identitylist(struct ssh_identitylist *idl); -int ssh_add_identity_constrained(int sock, const struct sshkey *key, +int ssh_add_identity_constrained(int sock, struct sshkey *key, const char *comment, u_int life, u_int confirm, u_int maxsign); int ssh_remove_identity(int sock, struct sshkey *key); int ssh_update_card(int sock, int add, const char *reader_id, diff --git a/krl.c b/krl.c index 8e2d5d5..6d0ced5 100644 --- a/krl.c +++ b/krl.c @@ -732,7 +732,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) int ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, - const struct sshkey **sign_keys, u_int nsign_keys) + struct sshkey **sign_keys, u_int nsign_keys) { int r = SSH_ERR_INTERNAL_ERROR; struct revoked_certs *rc; diff --git a/krl.h b/krl.h index 815a1df..32ede24 100644 --- a/krl.h +++ b/krl.h @@ -56,7 +56,7 @@ int ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const u_char *p, size_t len); int ssh_krl_revoke_key_sha256(struct ssh_krl *krl, const u_char *p, size_t len); int ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key); int ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, - const struct sshkey **sign_keys, u_int nsign_keys); + struct sshkey **sign_keys, u_int nsign_keys); int ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, const struct sshkey **sign_ca_keys, size_t nsign_ca_keys); int ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key); diff --git a/ssh-agent.c b/ssh-agent.c index d8a8260..63f5a2f 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -416,7 +416,10 @@ process_add_identity(SocketEntry *e) error("%s: decode private key: %s", __func__, ssh_err(r)); goto err; } - + if ((r = sshkey_shield_private(k)) != 0) { + error("%s: shield private key: %s", __func__, ssh_err(r)); + goto err; + } while (sshbuf_len(e->request)) { if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) { error("%s: buffer error: %s", __func__, ssh_err(r)); diff --git a/ssh-keygen.c b/ssh-keygen.c index 0f7062e..ca8a309 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1693,7 +1693,7 @@ load_pkcs11_key(char *path) /* Signer for sshkey_certify_custom that uses the agent */ static int -agent_signer(const struct sshkey *key, u_char **sigp, size_t *lenp, +agent_signer(struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, const char *alg, u_int compat, void *ctx) { diff --git a/sshconnect.c b/sshconnect.c index 0568c55..1394b1d 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1557,7 +1557,7 @@ ssh_local_cmd(const char *args) } void -maybe_add_key_to_agent(char *authfile, const struct sshkey *private, +maybe_add_key_to_agent(char *authfile, struct sshkey *private, char *comment, char *passphrase) { int auth_sock = -1, r; diff --git a/sshconnect.h b/sshconnect.h index 890d857..8d6f096 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -56,4 +56,4 @@ void ssh_userauth2(const char *, const char *, char *, Sensitive *); void ssh_put_password(char *); int ssh_local_cmd(const char *); -void maybe_add_key_to_agent(char *, const struct sshkey *, char *, char *); +void maybe_add_key_to_agent(char *, struct sshkey *, char *, char *); diff --git a/sshd.c b/sshd.c index aa21041..aaab0bf 100644 --- a/sshd.c +++ b/sshd.c @@ -1561,7 +1561,7 @@ set_process_rdomain(struct ssh *ssh, const char *name) static void accumulate_host_timing_secret(struct sshbuf *server_cfg, - const struct sshkey *key) + struct sshkey *key) { static struct ssh_digest_ctx *ctx; u_char *hash; @@ -1916,6 +1916,10 @@ main(int ac, char **av) &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) error("Error loading host key \"%s\": %s", options.host_key_files[i], ssh_err(r)); + if (r == 0 && (r = sshkey_shield_private(key)) != 0) { + error("Unable to shield host key \"%s\": %s", + options.host_key_files[i], ssh_err(r)); + } if ((r = sshkey_load_public(options.host_key_files[i], &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) error("Error loading host key \"%s\": %s", diff --git a/sshkey.c b/sshkey.c index e33ab66..569a37a 100644 --- a/sshkey.c +++ b/sshkey.c @@ -76,7 +76,15 @@ /* Version identification string for SSH v1 identity files. */ #define LEGACY_BEGIN "SSH PRIVATE KEY FILE FORMAT 1.1\n" -int sshkey_private_serialize_opt(const struct sshkey *key, +/* + * Constants relating to "shielding" support; protection of keys expected + * to remain in memory for long durations + */ +#define SSHKEY_SHIELD_PREKEY_LEN (16 * 1024) +#define SSHKEY_SHIELD_CIPHER "aes256-ctr" /* XXX want AES-EME* */ +#define SSHKEY_SHIELD_PREKEY_HASH SSH_DIGEST_SHA512 + +int sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf, enum sshkey_serialize_rep); static int sshkey_from_blob_internal(struct sshbuf *buf, struct sshkey **keyp, int allow_cert); @@ -638,6 +646,8 @@ sshkey_free(struct sshkey *k) } if (sshkey_is_cert(k)) cert_free(k->cert); + freezero(k->shielded_private, k->shielded_len); + freezero(k->shield_prekey, k->shield_prekey_len); freezero(k, sizeof(*k)); } @@ -1903,6 +1913,218 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) return r; } +int +sshkey_is_shielded(struct sshkey *k) +{ + return k != NULL && k->shielded_private != NULL; +} + +int +sshkey_shield_private(struct sshkey *k) +{ + struct sshbuf *prvbuf = NULL; + u_char *prekey = NULL, *enc = NULL, keyiv[SSH_DIGEST_MAX_LENGTH]; + struct sshcipher_ctx *cctx = NULL; + const struct sshcipher *cipher; + size_t i, enclen = 0; + struct sshkey *kswap = NULL, tmp; + int r = SSH_ERR_INTERNAL_ERROR; + +#ifdef DEBUG_PK + fprintf(stderr, "%s: entering for %s\n", __func__, sshkey_ssh_name(k)); +#endif + if ((cipher = cipher_by_name(SSHKEY_SHIELD_CIPHER)) == NULL) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if (cipher_keylen(cipher) + cipher_ivlen(cipher) > + ssh_digest_bytes(SSHKEY_SHIELD_PREKEY_HASH)) { + r = SSH_ERR_INTERNAL_ERROR; + goto out; + } + + /* Prepare a random pre-key, and from it an ephemeral key */ + if ((prekey = malloc(SSHKEY_SHIELD_PREKEY_LEN)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + arc4random_buf(prekey, SSHKEY_SHIELD_PREKEY_LEN); + if ((r = ssh_digest_memory(SSHKEY_SHIELD_PREKEY_HASH, + prekey, SSHKEY_SHIELD_PREKEY_LEN, + keyiv, SSH_DIGEST_MAX_LENGTH)) != 0) + goto out; +#ifdef DEBUG_PK + fprintf(stderr, "%s: key+iv\n", __func__); + sshbuf_dump_data(keyiv, ssh_digest_bytes(SSHKEY_SHIELD_PREKEY_HASH), + stderr); +#endif + if ((r = cipher_init(&cctx, cipher, keyiv, cipher_keylen(cipher), + keyiv + cipher_keylen(cipher), cipher_ivlen(cipher), 1)) != 0) + goto out; + + /* Serialise and encrypt the private key using the ephemeral key */ + if ((prvbuf = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (sshkey_is_shielded(k) && (r = sshkey_unshield_private(k)) != 0) + goto out; + if ((r = sshkey_private_serialize_opt(k, prvbuf, + SSHKEY_SERIALIZE_FULL)) != 0) + goto out; + /* pad to cipher blocksize */ + i = 0; + while (sshbuf_len(prvbuf) % cipher_blocksize(cipher)) { + if ((r = sshbuf_put_u8(prvbuf, ++i & 0xff)) != 0) + goto out; + } +#ifdef DEBUG_PK + fprintf(stderr, "%s: serialised\n", __func__); + sshbuf_dump(prvbuf, stderr); +#endif + /* encrypt */ + enclen = sshbuf_len(prvbuf); + if ((enc = malloc(enclen)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = cipher_crypt(cctx, 0, enc, + sshbuf_ptr(prvbuf), sshbuf_len(prvbuf), 0, 0)) != 0) + goto out; +#ifdef DEBUG_PK + fprintf(stderr, "%s: encrypted\n", __func__); + sshbuf_dump_data(enc, enclen, stderr); +#endif + + /* Make a scrubbed, public-only copy of our private key argument */ + if ((r = sshkey_from_private(k, &kswap)) != 0) + goto out; + + /* Swap the private key out (it will be destroyed below) */ + tmp = *kswap; + *kswap = *k; + *k = tmp; + + /* Insert the shielded key into our argument */ + k->shielded_private = enc; + k->shielded_len = enclen; + k->shield_prekey = prekey; + k->shield_prekey_len = SSHKEY_SHIELD_PREKEY_LEN; + enc = prekey = NULL; /* transferred */ + enclen = 0; + + /* success */ + r = 0; + + out: + /* XXX behaviour on error - invalidate original private key? */ + cipher_free(cctx); + explicit_bzero(enc, enclen); + explicit_bzero(keyiv, sizeof(keyiv)); + explicit_bzero(&tmp, sizeof(tmp)); + freezero(prekey, SSHKEY_SHIELD_PREKEY_LEN); + sshkey_free(kswap); + sshbuf_free(prvbuf); + return r; +} + +int +sshkey_unshield_private(struct sshkey *k) +{ + struct sshbuf *prvbuf = NULL; + u_char pad, *cp, keyiv[SSH_DIGEST_MAX_LENGTH]; + struct sshcipher_ctx *cctx = NULL; + const struct sshcipher *cipher; + size_t i; + struct sshkey *kswap = NULL, tmp; + int r = SSH_ERR_INTERNAL_ERROR; + +#ifdef DEBUG_PK + fprintf(stderr, "%s: entering for %s\n", __func__, sshkey_ssh_name(k)); +#endif + if (!sshkey_is_shielded(k)) + return 0; /* nothing to do */ + + if ((cipher = cipher_by_name(SSHKEY_SHIELD_CIPHER)) == NULL) { + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if (cipher_keylen(cipher) + cipher_ivlen(cipher) > + ssh_digest_bytes(SSHKEY_SHIELD_PREKEY_HASH)) { + r = SSH_ERR_INTERNAL_ERROR; + goto out; + } + /* check size of shielded key blob */ + if (k->shielded_len < cipher_blocksize(cipher) || + (k->shielded_len % cipher_blocksize(cipher)) != 0) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + + /* Calculate the ephemeral key from the prekey */ + if ((r = ssh_digest_memory(SSHKEY_SHIELD_PREKEY_HASH, + k->shield_prekey, k->shield_prekey_len, + keyiv, SSH_DIGEST_MAX_LENGTH)) != 0) + goto out; + if ((r = cipher_init(&cctx, cipher, keyiv, cipher_keylen(cipher), + keyiv + cipher_keylen(cipher), cipher_ivlen(cipher), 0)) != 0) + goto out; +#ifdef DEBUG_PK + fprintf(stderr, "%s: key+iv\n", __func__); + sshbuf_dump_data(keyiv, ssh_digest_bytes(SSHKEY_SHIELD_PREKEY_HASH), + stderr); +#endif + + /* Decrypt and parse the shielded private key using the ephemeral key */ + if ((prvbuf = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_reserve(prvbuf, k->shielded_len, &cp)) != 0) + goto out; + /* decrypt */ +#ifdef DEBUG_PK + fprintf(stderr, "%s: encrypted\n", __func__); + sshbuf_dump_data(k->shielded_private, k->shielded_len, stderr); +#endif + if ((r = cipher_crypt(cctx, 0, cp, + k->shielded_private, k->shielded_len, 0, 0)) != 0) + goto out; +#ifdef DEBUG_PK + fprintf(stderr, "%s: serialised\n", __func__); + sshbuf_dump(prvbuf, stderr); +#endif + /* Parse private key */ + if ((r = sshkey_private_deserialize(prvbuf, &kswap)) != 0) + goto out; + /* Check deterministic padding */ + i = 0; + while (sshbuf_len(prvbuf)) { + if ((r = sshbuf_get_u8(prvbuf, &pad)) != 0) + goto out; + if (pad != (++i & 0xff)) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + } + + /* Swap the parsed key back into place */ + tmp = *kswap; + *kswap = *k; + *k = tmp; + + /* success */ + r = 0; + + out: + cipher_free(cctx); + explicit_bzero(keyiv, sizeof(keyiv)); + explicit_bzero(&tmp, sizeof(tmp)); + sshkey_free(kswap); + sshbuf_free(prvbuf); + return r; +} + static int cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf) { @@ -2419,41 +2641,55 @@ sshkey_check_sigtype(const u_char *sig, size_t siglen, } int -sshkey_sign(const struct sshkey *key, +sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, const char *alg, u_int compat) { + int was_shielded = sshkey_is_shielded(key); + int r2, r = SSH_ERR_INTERNAL_ERROR; + if (sigp != NULL) *sigp = NULL; if (lenp != NULL) *lenp = 0; if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE) return SSH_ERR_INVALID_ARGUMENT; + if ((r = sshkey_unshield_private(key)) != 0) + return r; switch (key->type) { #ifdef WITH_OPENSSL case KEY_DSA_CERT: case KEY_DSA: - return ssh_dss_sign(key, sigp, lenp, data, datalen, compat); + r = ssh_dss_sign(key, sigp, lenp, data, datalen, compat); + break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA: - return ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); + r = ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); + break; # endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: case KEY_RSA: - return ssh_rsa_sign(key, sigp, lenp, data, datalen, alg); + r = ssh_rsa_sign(key, sigp, lenp, data, datalen, alg); + break; #endif /* WITH_OPENSSL */ case KEY_ED25519: case KEY_ED25519_CERT: - return ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); + r = ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); + break; #ifdef WITH_XMSS case KEY_XMSS: case KEY_XMSS_CERT: - return ssh_xmss_sign(key, sigp, lenp, data, datalen, compat); + r = ssh_xmss_sign(key, sigp, lenp, data, datalen, compat); + break; #endif /* WITH_XMSS */ default: - return SSH_ERR_KEY_TYPE_UNKNOWN; + r = SSH_ERR_KEY_TYPE_UNKNOWN; + break; } + if (was_shielded && (r2 = sshkey_shield_private(key)) != 0) + return r2; + return r; } /* @@ -2691,7 +2927,7 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, } static int -default_key_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, +default_key_sign(struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, const char *alg, u_int compat, void *ctx) { @@ -2801,15 +3037,21 @@ sshkey_format_cert_validity(const struct sshkey_cert *cert, char *s, size_t l) } int -sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *b, +sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf, enum sshkey_serialize_rep opts) { int r = SSH_ERR_INTERNAL_ERROR; + int was_shielded = sshkey_is_shielded(key); + struct sshbuf *b = NULL; #ifdef WITH_OPENSSL const BIGNUM *rsa_n, *rsa_e, *rsa_d, *rsa_iqmp, *rsa_p, *rsa_q; const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key, *dsa_priv_key; #endif /* WITH_OPENSSL */ + if ((r = sshkey_unshield_private(key)) != 0) + return r; + if ((b = sshbuf_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; if ((r = sshbuf_put_cstring(b, sshkey_ssh_name(key))) != 0) goto out; switch (key->type) { @@ -2935,14 +3177,23 @@ sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *b, r = SSH_ERR_INVALID_ARGUMENT; goto out; } - /* success */ + /* + * success (but we still need to append the output to buf after + * possibly re-shielding the private key) + */ r = 0; out: + if (was_shielded) + r = sshkey_shield_private(key); + if (r == 0) + r = sshbuf_putb(buf, b); + sshbuf_free(b); + return r; } int -sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) +sshkey_private_serialize(struct sshkey *key, struct sshbuf *b) { return sshkey_private_serialize_opt(key, b, SSHKEY_SERIALIZE_DEFAULT); @@ -3429,7 +3680,7 @@ sshkey_dump_ec_key(const EC_KEY *key) #endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ static int -sshkey_private_to_blob2(const struct sshkey *prv, struct sshbuf *blob, +sshkey_private_to_blob2(struct sshkey *prv, struct sshbuf *blob, const char *passphrase, const char *comment, const char *ciphername, int rounds) { @@ -3799,20 +4050,28 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, #ifdef WITH_OPENSSL /* convert SSH v2 key in OpenSSL PEM format */ static int -sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob, +sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *buf, const char *_passphrase, const char *comment) { + int was_shielded = sshkey_is_shielded(key); int success, r; int blen, len = strlen(_passphrase); u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL; const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL; char *bptr; BIO *bio = NULL; + struct sshbuf *blob; if (len > 0 && len <= 4) return SSH_ERR_PASSPHRASE_TOO_SHORT; - if ((bio = BIO_new(BIO_s_mem())) == NULL) + if ((blob = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; + if ((bio = BIO_new(BIO_s_mem())) == NULL) { + sshbuf_free(blob); + return SSH_ERR_ALLOC_FAIL; + } + if ((r = sshkey_unshield_private(key)) != 0) + goto out; switch (key->type) { case KEY_DSA: @@ -3845,6 +4104,12 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob, goto out; r = 0; out: + if (was_shielded) + r = sshkey_shield_private(key); + if (r == 0) + r = sshbuf_putb(buf, blob); + sshbuf_free(blob); + BIO_free(bio); return r; } @@ -4173,7 +4438,7 @@ sshkey_set_filename(struct sshkey *k, const char *filename) } #else int -sshkey_private_serialize_maxsign(const struct sshkey *k, struct sshbuf *b, +sshkey_private_serialize_maxsign(struct sshkey *k, struct sshbuf *b, u_int32_t maxsign, sshkey_printfn *pr) { return sshkey_private_serialize_opt(k, b, SSHKEY_SERIALIZE_DEFAULT); diff --git a/sshkey.h b/sshkey.h index c874a2c..fb61c1a 100644 --- a/sshkey.h +++ b/sshkey.h @@ -123,6 +123,10 @@ struct sshkey { u_char *xmss_sk; u_char *xmss_pk; struct sshkey_cert *cert; + u_char *shielded_private; + size_t shielded_len; + u_char *shield_prekey; + size_t shield_prekey_len; }; #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES @@ -146,6 +150,11 @@ u_int sshkey_size(const struct sshkey *); int sshkey_generate(int type, u_int bits, struct sshkey **keyp); int sshkey_from_private(const struct sshkey *, struct sshkey **); + +int sshkey_is_shielded(struct sshkey *); +int sshkey_shield_private(struct sshkey *); +int sshkey_unshield_private(struct sshkey *); + int sshkey_type_from_name(const char *); int sshkey_is_private(const struct sshkey *); int sshkey_is_cert(const struct sshkey *); @@ -162,7 +171,7 @@ int sshkey_check_cert_sigtype(const struct sshkey *, const char *); int sshkey_certify(struct sshkey *, struct sshkey *, const char *); /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ -typedef int sshkey_certify_signer(const struct sshkey *, u_char **, size_t *, +typedef int sshkey_certify_signer(struct sshkey *, u_char **, size_t *, const u_char *, size_t, const char *, u_int, void *); int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *, sshkey_certify_signer *, void *); @@ -193,7 +202,7 @@ int sshkey_puts_opts(const struct sshkey *, struct sshbuf *, int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); -int sshkey_sign(const struct sshkey *, u_char **, size_t *, +int sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t, const char *, u_int); int sshkey_verify(const struct sshkey *, const u_char *, size_t, const u_char *, size_t, const char *, u_int); @@ -205,8 +214,8 @@ void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); void sshkey_dump_ec_key(const EC_KEY *); /* private key parsing and serialisation */ -int sshkey_private_serialize(const struct sshkey *key, struct sshbuf *buf); -int sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *buf, +int sshkey_private_serialize(struct sshkey *key, struct sshbuf *buf); +int sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf, enum sshkey_serialize_rep); int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); @@ -232,7 +241,7 @@ int sshkey_set_filename(struct sshkey *, const char *); int sshkey_enable_maxsign(struct sshkey *, u_int32_t); u_int32_t sshkey_signatures_left(const struct sshkey *); int sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *); -int sshkey_private_serialize_maxsign(const struct sshkey *key, struct sshbuf *buf, +int sshkey_private_serialize_maxsign(struct sshkey *key, struct sshbuf *buf, u_int32_t maxsign, sshkey_printfn *pr); #ifdef SSHKEY_INTERNAL
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor