[Bug 3005] New: Use high-level EVP PKEY API instead of low-level algorithm specific calls + separate digesting in the every backend
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed May 8 01:27:00 AEST 2019
https://bugzilla.mindrot.org/show_bug.cgi?id=3005
Bug ID: 3005
Summary: Use high-level EVP PKEY API instead of low-level
algorithm specific calls + separate digesting in the
every backend
Product: Portable OpenSSH
Version: 8.0p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: jjelen at redhat.com
Created attachment 3277
--> https://bugzilla.mindrot.org/attachment.cgi?id=3277&action=edit
proposed patch
The OpenSSH is using low-level OpenSSL API to access and use keys,
which was fine in the past, but it is getting more complicated as the
amount of signature algorithms is expanding.
This patch mostly simplifies RSA signatures handling by dropping the
hardcoded hash algorithms OIDs and unifies the various key types
handling be encapsulating them in common EVP_PKEY structure.
I believe this API is also available in LibreSSL so it should not have
compatibility issues, but I did not test that.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list