[Bug 3005] New: Use high-level EVP PKEY API instead of low-level algorithm specific calls + separate digesting in the every backend

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed May 8 01:27:00 AEST 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=3005

            Bug ID: 3005
           Summary: Use high-level EVP PKEY API instead of low-level
                    algorithm specific calls + separate digesting in the
                    every backend
           Product: Portable OpenSSH
           Version: 8.0p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

Created attachment 3277
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3277&action=edit
proposed patch

The OpenSSH is using low-level OpenSSL API to access and use keys,
which was fine in the past, but it is getting more complicated as the
amount of signature algorithms is expanding.

This patch mostly simplifies RSA signatures handling by dropping the
hardcoded hash algorithms OIDs and unifies the various key types
handling be encapsulating them in common EVP_PKEY structure.

I believe this API is also available in LibreSSL so it should not have
compatibility issues, but I did not test that.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list