openssh: Update to 7.7p1
authorMatthias Fischer <matthias.fischer@ipfire.org>
Sun, 6 May 2018 10:33:25 +0000 (12:33 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Mon, 7 May 2018 10:33:41 +0000 (11:33 +0100)
For details see:
http://www.openssh.com/txt/release-7.7

This release fixes:
https://bugzilla.ipfire.org/show_bug.cgi?id=11693
https://bugzilla.ipfire.org/show_bug.cgi?id=11694

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
lfs/openssh
src/patches/openssh-7.7p1-openssl-1.1.0-1.patch [moved from src/patches/openssh-7.6p1-openssl-1.1.0.patch with 84% similarity]

index 2034463..2db56b0 100644 (file)
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2016  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2018  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 7.6p1
+VER        = 7.7p1
 
 THISAPP    = openssh-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 06a88699018e5fef13d4655abfed1f63
+$(DL_FILE)_MD5 = 68ba883aff6958297432e5877e9a0fe2
 
 install : $(TARGET)
 
@@ -70,7 +70,7 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssh-7.6p1-openssl-1.1.0.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssh-7.7p1-openssl-1.1.0-1.patch
        cd $(DIR_APP) && sed -i "s/lkrb5 -ldes/lkrb5/" configure
        cd $(DIR_APP) && ./configure \
                --prefix=/usr \
@@ -1,7 +1,14 @@
-diff -Naur old/auth-pam.c new/auth-pam.c
---- old/auth-pam.c     2017-10-03 21:49:05.363829772 -1000
-+++ new/auth-pam.c     2017-10-03 21:55:50.869718862 -1000
-@@ -128,6 +128,10 @@
+Submitted by:            Bruce Dubbs (bdubbs@linuxfromscratch.org)
+Date:                    2018-04-07
+Initial Package Version: 7.7p1
+Upstream Status:         Pending (Still)
+Origin:                  https://git.archlinux.org/svntogit/packages.git/plain/trunk/openssl-1.1.0.patch?h=packages/openssh
+Description:             Fixes build issues with OpenSSL-1.1.0.
+
+diff -aurp old/auth-pam.c new/auth-pam.c
+--- old/auth-pam.c     2018-03-22 16:21:14.000000000 -1000
++++ new/auth-pam.c     2018-03-23 10:05:03.886621278 -1000
+@@ -128,6 +128,10 @@ extern u_int utmp_len;
  typedef pthread_t sp_pthread_t;
  #else
  typedef pid_t sp_pthread_t;
@@ -12,10 +19,10 @@ diff -Naur old/auth-pam.c new/auth-pam.c
  #endif
  
  struct pam_ctxt {
-diff -Naur old/cipher.c new/cipher.c
---- old/cipher.c       2017-10-03 21:49:05.367162904 -1000
-+++ new/cipher.c       2017-10-03 21:55:50.869718862 -1000
-@@ -297,7 +297,10 @@
+diff -aurp old/cipher.c new/cipher.c
+--- old/cipher.c       2018-03-22 16:21:14.000000000 -1000
++++ new/cipher.c       2018-03-23 10:05:03.886621278 -1000
+@@ -297,7 +297,10 @@ cipher_init(struct sshcipher_ctx **ccp,
                        goto out;
                }
        }
@@ -27,7 +34,7 @@ diff -Naur old/cipher.c new/cipher.c
                ret = SSH_ERR_LIBCRYPTO_ERROR;
                goto out;
        }
-@@ -486,7 +489,7 @@
+@@ -483,7 +486,7 @@ cipher_get_keyiv(struct sshcipher_ctx *c
                   len, iv))
                       return SSH_ERR_LIBCRYPTO_ERROR;
        } else
@@ -36,7 +43,7 @@ diff -Naur old/cipher.c new/cipher.c
  #endif
        return 0;
  }
-@@ -520,14 +523,19 @@
+@@ -517,14 +520,19 @@ cipher_set_keyiv(struct sshcipher_ctx *c
                    EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv))
                        return SSH_ERR_LIBCRYPTO_ERROR;
        } else
@@ -59,9 +66,9 @@ diff -Naur old/cipher.c new/cipher.c
  #endif
  
  int
-diff -Naur old/cipher.h new/cipher.h
---- old/cipher.h       2017-10-03 21:49:05.367162904 -1000
-+++ new/cipher.h       2017-10-03 21:55:50.869718862 -1000
+diff -aurp old/cipher.h new/cipher.h
+--- old/cipher.h       2018-03-22 16:21:14.000000000 -1000
++++ new/cipher.h       2018-03-23 10:05:03.886621278 -1000
 @@ -46,7 +46,18 @@
  #define CIPHER_DECRYPT                0
  
@@ -81,10 +88,10 @@ diff -Naur old/cipher.h new/cipher.h
  
  const struct sshcipher *cipher_by_name(const char *);
  const char *cipher_warning_message(const struct sshcipher_ctx *);
-diff -Naur old/configure new/configure
---- old/configure      2017-10-03 21:49:05.410493626 -1000
-+++ new/configure      2017-10-03 22:01:49.159050540 -1000
-@@ -12688,7 +12688,6 @@
+diff -aurp old/configure new/configure
+--- old/configure      2018-03-23 03:30:17.000000000 -1000
++++ new/configure      2018-03-23 10:05:03.888621444 -1000
+@@ -13076,7 +13076,6 @@ if ac_fn_c_try_run "$LINENO"; then :
                                100*)   ;; # 1.0.x
                                200*)   ;; # LibreSSL
                                *)
@@ -92,10 +99,10 @@ diff -Naur old/configure new/configure
                                        ;;
                        esac
                        { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5
-diff -Naur old/dh.c new/dh.c
---- old/dh.c   2017-10-03 21:49:05.370496037 -1000
-+++ new/dh.c   2017-10-03 21:55:50.869718862 -1000
-@@ -212,14 +212,15 @@
+diff -aurp old/dh.c new/dh.c
+--- old/dh.c   2018-03-22 16:21:14.000000000 -1000
++++ new/dh.c   2018-03-23 10:05:03.888621444 -1000
+@@ -211,14 +211,15 @@ choose_dh(int min, int wantbits, int max
  /* diffie-hellman-groupN-sha1 */
  
  int
@@ -113,7 +120,7 @@ diff -Naur old/dh.c new/dh.c
                logit("invalid public DH value: negative");
                return 0;
        }
-@@ -232,7 +233,8 @@
+@@ -231,7 +232,8 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
                error("%s: BN_new failed", __func__);
                return 0;
        }
@@ -123,7 +130,7 @@ diff -Naur old/dh.c new/dh.c
            BN_cmp(dh_pub, tmp) != -1) {                /* pub_exp > p-2 */
                BN_clear_free(tmp);
                logit("invalid public DH value: >= p-1");
-@@ -243,14 +245,14 @@
+@@ -242,14 +244,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
        for (i = 0; i <= n; i++)
                if (BN_is_bit_set(dh_pub, i))
                        bits_set++;
@@ -140,7 +147,7 @@ diff -Naur old/dh.c new/dh.c
                return 0;
        }
        return 1;
-@@ -260,9 +262,13 @@
+@@ -259,9 +261,13 @@ int
  dh_gen_key(DH *dh, int need)
  {
        int pbits;
@@ -156,7 +163,7 @@ diff -Naur old/dh.c new/dh.c
            need > INT_MAX / 2 || 2 * need > pbits)
                return SSH_ERR_INVALID_ARGUMENT;
        if (need < 256)
-@@ -271,10 +277,13 @@
+@@ -270,10 +276,13 @@ dh_gen_key(DH *dh, int need)
         * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)),
         * so double requested need here.
         */
@@ -174,7 +181,7 @@ diff -Naur old/dh.c new/dh.c
                return SSH_ERR_LIBCRYPTO_ERROR;
        }
        return 0;
-@@ -283,16 +292,27 @@
+@@ -282,16 +291,27 @@ dh_gen_key(DH *dh, int need)
  DH *
  dh_new_group_asc(const char *gen, const char *modulus)
  {
@@ -209,7 +216,7 @@ diff -Naur old/dh.c new/dh.c
  }
  
  /*
-@@ -307,8 +327,8 @@
+@@ -306,8 +326,8 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulu
  
        if ((dh = DH_new()) == NULL)
                return NULL;
@@ -220,10 +227,10 @@ diff -Naur old/dh.c new/dh.c
  
        return (dh);
  }
-diff -Naur old/dh.h new/dh.h
---- old/dh.h   2017-10-03 21:49:05.370496037 -1000
-+++ new/dh.h   2017-10-03 21:55:50.869718862 -1000
-@@ -42,7 +42,7 @@
+diff -aurp old/dh.h new/dh.h
+--- old/dh.h   2018-03-22 16:21:14.000000000 -1000
++++ new/dh.h   2018-03-23 10:05:03.889621527 -1000
+@@ -42,7 +42,7 @@ DH   *dh_new_group18(void);
  DH    *dh_new_group_fallback(int);
  
  int    dh_gen_key(DH *, int);
@@ -232,9 +239,9 @@ diff -Naur old/dh.h new/dh.h
  
  u_int  dh_estimate(int);
  
-diff -Naur old/digest-openssl.c new/digest-openssl.c
---- old/digest-openssl.c       2017-10-03 21:49:05.370496037 -1000
-+++ new/digest-openssl.c       2017-10-03 21:55:50.869718862 -1000
+diff -aurp old/digest-openssl.c new/digest-openssl.c
+--- old/digest-openssl.c       2018-03-22 16:21:14.000000000 -1000
++++ new/digest-openssl.c       2018-03-23 10:05:03.889621527 -1000
 @@ -43,7 +43,7 @@
  
  struct ssh_digest_ctx {
@@ -244,7 +251,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c
  };
  
  struct ssh_digest {
-@@ -106,20 +106,21 @@
+@@ -106,20 +106,21 @@ ssh_digest_bytes(int alg)
  size_t
  ssh_digest_blocksize(struct ssh_digest_ctx *ctx)
  {
@@ -270,7 +277,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c
                free(ret);
                return NULL;
        }
-@@ -132,7 +133,7 @@
+@@ -132,7 +133,7 @@ ssh_digest_copy_state(struct ssh_digest_
        if (from->alg != to->alg)
                return SSH_ERR_INVALID_ARGUMENT;
        /* we have bcopy-style order while openssl has memcpy-style */
@@ -279,7 +286,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c
                return SSH_ERR_LIBCRYPTO_ERROR;
        return 0;
  }
-@@ -140,7 +141,7 @@
+@@ -140,7 +141,7 @@ ssh_digest_copy_state(struct ssh_digest_
  int
  ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen)
  {
@@ -288,7 +295,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c
                return SSH_ERR_LIBCRYPTO_ERROR;
        return 0;
  }
-@@ -161,7 +162,7 @@
+@@ -161,7 +162,7 @@ ssh_digest_final(struct ssh_digest_ctx *
                return SSH_ERR_INVALID_ARGUMENT;
        if (dlen < digest->digest_len) /* No truncation allowed */
                return SSH_ERR_INVALID_ARGUMENT;
@@ -297,7 +304,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c
                return SSH_ERR_LIBCRYPTO_ERROR;
        if (l != digest->digest_len) /* sanity */
                return SSH_ERR_INTERNAL_ERROR;
-@@ -172,7 +173,7 @@
+@@ -172,7 +173,7 @@ void
  ssh_digest_free(struct ssh_digest_ctx *ctx)
  {
        if (ctx != NULL) {
@@ -306,10 +313,10 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c
                explicit_bzero(ctx, sizeof(*ctx));
                free(ctx);
        }
-diff -Naur old/kexdhc.c new/kexdhc.c
---- old/kexdhc.c       2017-10-03 21:49:05.373829169 -1000
-+++ new/kexdhc.c       2017-10-03 21:55:50.869718862 -1000
-@@ -81,11 +81,16 @@
+diff -aurp old/kexdhc.c new/kexdhc.c
+--- old/kexdhc.c       2018-03-22 16:21:14.000000000 -1000
++++ new/kexdhc.c       2018-03-23 10:05:03.889621527 -1000
+@@ -81,11 +81,16 @@ kexdh_client(struct ssh *ssh)
                goto out;
        }
        debug("sending SSH2_MSG_KEXDH_INIT");
@@ -329,7 +336,7 @@ diff -Naur old/kexdhc.c new/kexdhc.c
  #ifdef DEBUG_KEXDH
        DHparams_print_fp(stderr, kex->dh);
        fprintf(stderr, "pub= ");
-@@ -169,6 +174,9 @@
+@@ -169,6 +174,9 @@ input_kex_dh(int type, u_int32_t seq, st
  
        /* calc and verify H */
        hashlen = sizeof(hash);
@@ -339,7 +346,7 @@ diff -Naur old/kexdhc.c new/kexdhc.c
        if ((r = kex_dh_hash(
            kex->hash_alg,
            kex->client_version_string,
-@@ -176,11 +184,13 @@
+@@ -176,11 +184,13 @@ input_kex_dh(int type, u_int32_t seq, st
            sshbuf_ptr(kex->my), sshbuf_len(kex->my),
            sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
            server_host_key_blob, sbloblen,
@@ -354,22 +361,11 @@ diff -Naur old/kexdhc.c new/kexdhc.c
 +      }
  
        if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,
-           ssh->compat)) != 0)
-diff -Naur old/kexdhs.c new/kexdhs.c
---- old/kexdhs.c       2017-10-03 21:49:05.373829169 -1000
-+++ new/kexdhs.c       2017-10-03 21:55:50.869718862 -1000
-@@ -87,6 +87,10 @@
-       ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_INIT, &input_kex_dh_init);
-       r = 0;
-  out:
-+      if (r != 0) {
-+              if (kex->dh) DH_free(kex->dh);
-+              kex->dh = NULL;
-+      }
-       return r;
- }
-@@ -163,6 +167,9 @@
+           kex->hostkey_alg, ssh->compat)) != 0)
+diff -aurp old/kexdhs.c new/kexdhs.c
+--- old/kexdhs.c       2018-03-22 16:21:14.000000000 -1000
++++ new/kexdhs.c       2018-03-23 10:58:58.126733207 -1000
+@@ -163,6 +163,9 @@ input_kex_dh_init(int type, u_int32_t se
                goto out;
        /* calc H */
        hashlen = sizeof(hash);
@@ -379,7 +375,7 @@ diff -Naur old/kexdhs.c new/kexdhs.c
        if ((r = kex_dh_hash(
            kex->hash_alg,
            kex->client_version_string,
-@@ -171,10 +178,12 @@
+@@ -171,10 +174,12 @@ input_kex_dh_init(int type, u_int32_t se
            sshbuf_ptr(kex->my), sshbuf_len(kex->my),
            server_host_key_blob, sbloblen,
            dh_client_pub,
@@ -394,7 +390,7 @@ diff -Naur old/kexdhs.c new/kexdhs.c
  
        /* save session id := H */
        if (kex->session_id == NULL) {
-@@ -195,12 +204,17 @@
+@@ -195,12 +200,17 @@ input_kex_dh_init(int type, u_int32_t se
        /* destroy_sensitive_data(); */
  
        /* send server hostkey, DH pubkey 'f' and singed H */
@@ -414,10 +410,10 @@ diff -Naur old/kexdhs.c new/kexdhs.c
  
        if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
                r = kex_send_newkeys(ssh);
-diff -Naur old/kexgexc.c new/kexgexc.c
---- old/kexgexc.c      2017-10-03 21:49:05.373829169 -1000
-+++ new/kexgexc.c      2017-10-03 21:55:50.869718862 -1000
-@@ -118,11 +118,17 @@
+diff -aurp old/kexgexc.c new/kexgexc.c
+--- old/kexgexc.c      2018-03-22 16:21:14.000000000 -1000
++++ new/kexgexc.c      2018-03-23 11:00:00.132866201 -1000
+@@ -118,11 +118,17 @@ input_kex_dh_gex_group(int type, u_int32
        p = g = NULL; /* belong to kex->dh now */
  
        /* generate and send 'e', client DH public key */
@@ -439,22 +435,7 @@ diff -Naur old/kexgexc.c new/kexgexc.c
        debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
  #ifdef DEBUG_KEXDH
        DHparams_print_fp(stderr, kex->dh);
-@@ -134,10 +140,12 @@
-       ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &input_kex_dh_gex_reply);
-       r = 0;
- out:
--      if (p)
-+      if (r != 0) {
-               BN_clear_free(p);
--      if (g)
-               BN_clear_free(g);
-+              DH_free(kex->dh);
-+              kex->dh = NULL;
-+      }
-       return r;
- }
-@@ -214,6 +222,10 @@
+@@ -212,6 +218,10 @@ input_kex_dh_gex_reply(int type, u_int32
  
        /* calc and verify H */
        hashlen = sizeof(hash);
@@ -465,7 +446,7 @@ diff -Naur old/kexgexc.c new/kexgexc.c
        if ((r = kexgex_hash(
            kex->hash_alg,
            kex->client_version_string,
-@@ -222,12 +234,14 @@
+@@ -220,12 +230,14 @@ input_kex_dh_gex_reply(int type, u_int32
            sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
            server_host_key_blob, sbloblen,
            kex->min, kex->nbits, kex->max,
@@ -482,11 +463,11 @@ diff -Naur old/kexgexc.c new/kexgexc.c
 +      }
  
        if ((r = sshkey_verify(server_host_key, signature, slen, hash,
-           hashlen, ssh->compat)) != 0)
-diff -Naur old/kexgexs.c new/kexgexs.c
---- old/kexgexs.c      2017-10-03 21:49:05.373829169 -1000
-+++ new/kexgexs.c      2017-10-03 21:55:50.869718862 -1000
-@@ -101,11 +101,16 @@
+           hashlen, kex->hostkey_alg, ssh->compat)) != 0)
+diff -aurp old/kexgexs.c new/kexgexs.c
+--- old/kexgexs.c      2018-03-22 16:21:14.000000000 -1000
++++ new/kexgexs.c      2018-03-23 11:03:06.045049721 -1000
+@@ -101,11 +101,16 @@ input_kex_dh_gex_request(int type, u_int
                goto out;
        }
        debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
@@ -506,18 +487,7 @@ diff -Naur old/kexgexs.c new/kexgexs.c
  
        /* Compute our exchange value in parallel with the client */
        if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
-@@ -115,6 +120,10 @@
-       ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &input_kex_dh_gex_init);
-       r = 0;
-  out:
-+      if (r != 0) {
-+              DH_free(kex->dh);
-+              kex->dh = NULL;
-+      }
-       return r;
- }
-@@ -191,6 +200,10 @@
+@@ -191,6 +196,10 @@ input_kex_dh_gex_init(int type, u_int32_
                goto out;
        /* calc H */
        hashlen = sizeof(hash);
@@ -528,7 +498,7 @@ diff -Naur old/kexgexs.c new/kexgexs.c
        if ((r = kexgex_hash(
            kex->hash_alg,
            kex->client_version_string,
-@@ -199,12 +212,14 @@
+@@ -199,12 +208,14 @@ input_kex_dh_gex_init(int type, u_int32_
            sshbuf_ptr(kex->my), sshbuf_len(kex->my),
            server_host_key_blob, sbloblen,
            kex->min, kex->nbits, kex->max,
@@ -546,7 +516,7 @@ diff -Naur old/kexgexs.c new/kexgexs.c
  
        /* save session id := H */
        if (kex->session_id == NULL) {
-@@ -225,12 +240,17 @@
+@@ -225,12 +236,17 @@ input_kex_dh_gex_init(int type, u_int32_
        /* destroy_sensitive_data(); */
  
        /* send server hostkey, DH pubkey 'f' and singed H */
@@ -566,10 +536,10 @@ diff -Naur old/kexgexs.c new/kexgexs.c
  
        if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
                r = kex_send_newkeys(ssh);
-diff -Naur old/monitor.c new/monitor.c
---- old/monitor.c      2017-10-03 21:49:05.377162302 -1000
-+++ new/monitor.c      2017-10-03 21:55:50.869718862 -1000
-@@ -586,10 +586,12 @@
+diff -aurp old/monitor.c new/monitor.c
+--- old/monitor.c      2018-03-22 16:21:14.000000000 -1000
++++ new/monitor.c      2018-03-23 10:05:03.890621610 -1000
+@@ -595,10 +595,12 @@ mm_answer_moduli(int sock, Buffer *m)
                buffer_put_char(m, 0);
                return (0);
        } else {
@@ -584,10 +554,10 @@ diff -Naur old/monitor.c new/monitor.c
  
                DH_free(dh);
        }
-diff -Naur old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat.c
---- old/openbsd-compat/openssl-compat.c        2017-10-03 21:49:05.397161097 -1000
-+++ new/openbsd-compat/openssl-compat.c        2017-10-03 21:55:50.886387486 -1000
-@@ -75,7 +75,6 @@
+diff -aurp old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat.c
+--- old/openbsd-compat/openssl-compat.c        2018-03-22 16:21:14.000000000 -1000
++++ new/openbsd-compat/openssl-compat.c        2018-03-23 10:05:03.890621610 -1000
+@@ -75,7 +75,6 @@ ssh_OpenSSL_add_all_algorithms(void)
        /* Enable use of crypto hardware */
        ENGINE_load_builtin_engines();
        ENGINE_register_all_complete();
@@ -595,10 +565,10 @@ diff -Naur old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat
  }
  #endif
  
-diff -Naur old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey/test_file.c
---- old/regress/unittests/sshkey/test_file.c   2017-10-03 21:49:05.387161699 -1000
-+++ new/regress/unittests/sshkey/test_file.c   2017-10-03 21:55:50.883053761 -1000
-@@ -60,9 +60,14 @@
+diff -aurp old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey/test_file.c
+--- old/regress/unittests/sshkey/test_file.c   2018-03-22 16:21:14.000000000 -1000
++++ new/regress/unittests/sshkey/test_file.c   2018-03-23 10:05:03.890621610 -1000
+@@ -60,9 +60,14 @@ sshkey_file_tests(void)
        a = load_bignum("rsa_1.param.n");
        b = load_bignum("rsa_1.param.p");
        c = load_bignum("rsa_1.param.q");
@@ -616,7 +586,7 @@ diff -Naur old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey
        BN_free(a);
        BN_free(b);
        BN_free(c);
-@@ -151,9 +156,14 @@
+@@ -151,9 +156,14 @@ sshkey_file_tests(void)
        a = load_bignum("dsa_1.param.g");
        b = load_bignum("dsa_1.param.priv");
        c = load_bignum("dsa_1.param.pub");
@@ -634,10 +604,10 @@ diff -Naur old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey
        BN_free(a);
        BN_free(b);
        BN_free(c);
-diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshkey/test_sshkey.c
---- old/regress/unittests/sshkey/test_sshkey.c 2017-10-03 21:49:05.387161699 -1000
-+++ new/regress/unittests/sshkey/test_sshkey.c 2017-10-03 21:55:50.883053761 -1000
-@@ -197,9 +197,14 @@
+diff -aurp old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshkey/test_sshkey.c
+--- old/regress/unittests/sshkey/test_sshkey.c 2018-03-22 16:21:14.000000000 -1000
++++ new/regress/unittests/sshkey/test_sshkey.c 2018-03-23 10:05:03.890621610 -1000
+@@ -197,9 +197,14 @@ sshkey_tests(void)
        k1 = sshkey_new(KEY_RSA);
        ASSERT_PTR_NE(k1, NULL);
        ASSERT_PTR_NE(k1->rsa, NULL);
@@ -655,7 +625,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk
        sshkey_free(k1);
        TEST_DONE();
  
-@@ -207,8 +212,13 @@
+@@ -207,8 +212,13 @@ sshkey_tests(void)
        k1 = sshkey_new(KEY_DSA);
        ASSERT_PTR_NE(k1, NULL);
        ASSERT_PTR_NE(k1->dsa, NULL);
@@ -671,7 +641,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk
        sshkey_free(k1);
        TEST_DONE();
  
-@@ -234,9 +244,14 @@
+@@ -234,9 +244,14 @@ sshkey_tests(void)
        k1 = sshkey_new_private(KEY_RSA);
        ASSERT_PTR_NE(k1, NULL);
        ASSERT_PTR_NE(k1->rsa, NULL);
@@ -689,7 +659,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk
        ASSERT_INT_EQ(sshkey_add_private(k1), 0);
        sshkey_free(k1);
        TEST_DONE();
-@@ -245,8 +260,13 @@
+@@ -245,8 +260,13 @@ sshkey_tests(void)
        k1 = sshkey_new_private(KEY_DSA);
        ASSERT_PTR_NE(k1, NULL);
        ASSERT_PTR_NE(k1->dsa, NULL);
@@ -705,7 +675,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk
        ASSERT_INT_EQ(sshkey_add_private(k1), 0);
        sshkey_free(k1);
        TEST_DONE();
-@@ -285,18 +305,28 @@
+@@ -285,18 +305,28 @@ sshkey_tests(void)
        ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0);
        ASSERT_PTR_NE(kr, NULL);
        ASSERT_PTR_NE(kr->rsa, NULL);
@@ -740,7 +710,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk
        TEST_DONE();
  
  #ifdef OPENSSL_HAS_ECC
-@@ -323,9 +353,14 @@
+@@ -323,9 +353,14 @@ sshkey_tests(void)
        ASSERT_PTR_NE(kr, k1);
        ASSERT_INT_EQ(k1->type, KEY_RSA);
        ASSERT_PTR_NE(k1->rsa, NULL);
@@ -758,7 +728,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk
        TEST_DONE();
  
        TEST_START("equal KEY_RSA/demoted KEY_RSA");
-@@ -339,8 +374,13 @@
+@@ -339,8 +374,13 @@ sshkey_tests(void)
        ASSERT_PTR_NE(kd, k1);
        ASSERT_INT_EQ(k1->type, KEY_DSA);
        ASSERT_PTR_NE(k1->dsa, NULL);
@@ -774,10 +744,10 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk
        TEST_DONE();
  
        TEST_START("equal KEY_DSA/demoted KEY_DSA");
-diff -Naur old/ssh-dss.c new/ssh-dss.c
---- old/ssh-dss.c      2017-10-03 21:49:05.403827361 -1000
-+++ new/ssh-dss.c      2017-10-03 21:55:50.869718862 -1000
-@@ -53,6 +53,7 @@
+diff -aurp old/ssh-dss.c new/ssh-dss.c
+--- old/ssh-dss.c      2018-03-22 16:21:14.000000000 -1000
++++ new/ssh-dss.c      2018-03-23 10:05:03.891621693 -1000
+@@ -53,6 +53,7 @@ ssh_dss_sign(const struct sshkey *key, u
        DSA_SIG *sig = NULL;
        u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN];
        size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
@@ -785,7 +755,7 @@ diff -Naur old/ssh-dss.c new/ssh-dss.c
        struct sshbuf *b = NULL;
        int ret = SSH_ERR_INVALID_ARGUMENT;
  
-@@ -76,15 +77,16 @@
+@@ -76,15 +77,16 @@ ssh_dss_sign(const struct sshkey *key, u
                goto out;
        }
  
@@ -804,9 +774,9 @@ diff -Naur old/ssh-dss.c new/ssh-dss.c
 +      BN_bn2bin(r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
 +      BN_bn2bin(s, sigblob + SIGBLOB_LEN - slen);
  
-       if (compat & SSH_BUG_SIGBLOB) {
-               if (sigp != NULL) {
-@@ -176,17 +178,26 @@
+       if ((b = sshbuf_new()) == NULL) {
+               ret = SSH_ERR_ALLOC_FAIL;
+@@ -154,17 +156,26 @@ ssh_dss_verify(const struct sshkey *key,
        }
  
        /* parse signature */
@@ -837,10 +807,10 @@ diff -Naur old/ssh-dss.c new/ssh-dss.c
  
        /* sha1 the data */
        if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
-diff -Naur old/ssh-ecdsa.c new/ssh-ecdsa.c
---- old/ssh-ecdsa.c    2017-10-03 21:49:05.403827361 -1000
-+++ new/ssh-ecdsa.c    2017-10-03 21:55:50.869718862 -1000
-@@ -80,9 +80,14 @@
+diff -aurp old/ssh-ecdsa.c new/ssh-ecdsa.c
+--- old/ssh-ecdsa.c    2018-03-22 16:21:14.000000000 -1000
++++ new/ssh-ecdsa.c    2018-03-23 10:05:03.891621693 -1000
+@@ -80,9 +80,14 @@ ssh_ecdsa_sign(const struct sshkey *key,
                ret = SSH_ERR_ALLOC_FAIL;
                goto out;
        }
@@ -857,7 +827,7 @@ diff -Naur old/ssh-ecdsa.c new/ssh-ecdsa.c
        if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 ||
            (ret = sshbuf_put_stringb(b, bb)) != 0)
                goto out;
-@@ -151,11 +156,27 @@
+@@ -150,11 +155,27 @@ ssh_ecdsa_verify(const struct sshkey *ke
                ret = SSH_ERR_ALLOC_FAIL;
                goto out;
        }
@@ -887,10 +857,10 @@ diff -Naur old/ssh-ecdsa.c new/ssh-ecdsa.c
        if (sshbuf_len(sigbuf) != 0) {
                ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
                goto out;
-diff -Naur old/ssh-keygen.c new/ssh-keygen.c
---- old/ssh-keygen.c   2017-10-03 21:49:05.403827361 -1000
-+++ new/ssh-keygen.c   2017-10-03 21:55:50.869718862 -1000
-@@ -496,11 +496,33 @@
+diff -aurp old/ssh-keygen.c new/ssh-keygen.c
+--- old/ssh-keygen.c   2018-03-22 16:21:14.000000000 -1000
++++ new/ssh-keygen.c   2018-03-23 10:05:03.891621693 -1000
+@@ -493,11 +493,33 @@ do_convert_private_ssh2_from_blob(u_char
  
        switch (key->type) {
        case KEY_DSA:
@@ -929,7 +899,7 @@ diff -Naur old/ssh-keygen.c new/ssh-keygen.c
                break;
        case KEY_RSA:
                if ((r = sshbuf_get_u8(b, &e1)) != 0 ||
-@@ -517,16 +539,52 @@
+@@ -514,16 +536,52 @@ do_convert_private_ssh2_from_blob(u_char
                        e += e3;
                        debug("e %lx", e);
                }
@@ -988,7 +958,7 @@ diff -Naur old/ssh-keygen.c new/ssh-keygen.c
                if ((r = ssh_rsa_generate_additional_parameters(key)) != 0)
                        fatal("generate RSA parameters failed: %s", ssh_err(r));
                break;
-@@ -636,7 +694,7 @@
+@@ -633,7 +691,7 @@ do_convert_from_pkcs8(struct sshkey **k,
                    identity_file);
        }
        fclose(fp);
@@ -997,7 +967,7 @@ diff -Naur old/ssh-keygen.c new/ssh-keygen.c
        case EVP_PKEY_RSA:
                if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
                        fatal("sshkey_new failed");
-@@ -660,7 +718,7 @@
+@@ -657,7 +715,7 @@ do_convert_from_pkcs8(struct sshkey **k,
  #endif
        default:
                fatal("%s: unsupported pubkey type %d", __func__,
@@ -1006,10 +976,10 @@ diff -Naur old/ssh-keygen.c new/ssh-keygen.c
        }
        EVP_PKEY_free(pubkey);
        return;
-diff -Naur old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c
---- old/ssh-pkcs11-client.c    2017-10-03 21:49:05.403827361 -1000
-+++ new/ssh-pkcs11-client.c    2017-10-03 21:55:50.869718862 -1000
-@@ -143,12 +143,13 @@
+diff -aurp old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c
+--- old/ssh-pkcs11-client.c    2018-03-22 16:21:14.000000000 -1000
++++ new/ssh-pkcs11-client.c    2018-03-23 10:05:03.892621777 -1000
+@@ -144,12 +144,13 @@ pkcs11_rsa_private_encrypt(int flen, con
  static int
  wrap_key(RSA *rsa)
  {
@@ -1028,10 +998,10 @@ diff -Naur old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c
        return (0);
  }
  
-diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c
---- old/ssh-pkcs11.c   2017-10-03 21:49:05.403827361 -1000
-+++ new/ssh-pkcs11.c   2017-10-03 21:55:50.869718862 -1000
-@@ -67,7 +67,7 @@
+diff -aurp old/ssh-pkcs11.c new/ssh-pkcs11.c
+--- old/ssh-pkcs11.c   2018-03-22 16:21:14.000000000 -1000
++++ new/ssh-pkcs11.c   2018-03-23 10:05:03.892621777 -1000
+@@ -67,7 +67,7 @@ struct pkcs11_key {
        struct pkcs11_provider  *provider;
        CK_ULONG                slotidx;
        int                     (*orig_finish)(RSA *rsa);
@@ -1040,7 +1010,7 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c
        char                    *keyid;
        int                     keyid_len;
  };
-@@ -326,13 +326,15 @@
+@@ -326,13 +326,15 @@ pkcs11_rsa_wrap(struct pkcs11_provider *
                k11->keyid = xmalloc(k11->keyid_len);
                memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
        }
@@ -1063,7 +1033,7 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c
        RSA_set_app_data(rsa, k11);
        return (0);
  }
-@@ -512,10 +514,19 @@
+@@ -512,10 +514,19 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
                        if ((rsa = RSA_new()) == NULL) {
                                error("RSA_new failed");
                        } else {
@@ -1087,7 +1057,7 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c
                        }
                } else {
                        cp = attribs[2].pValue;
-@@ -525,17 +536,20 @@
+@@ -525,16 +536,19 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
                            == NULL) {
                                error("d2i_X509 failed");
                        } else if ((evp = X509_get_pubkey(x509)) == NULL ||
@@ -1101,8 +1071,7 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c
                            == NULL) {
                                error("RSAPublicKey_dup");
                        }
-                       if (x509)
-                               X509_free(x509);
+                       X509_free(x509);
                }
 -              if (rsa && rsa->n && rsa->e &&
 +              {
@@ -1112,7 +1081,7 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c
                    pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
                        if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
                                fatal("sshkey_new failed");
-@@ -555,6 +569,7 @@
+@@ -554,6 +568,7 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
                } else if (rsa) {
                        RSA_free(rsa);
                }
@@ -1120,17 +1089,28 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c
                for (i = 0; i < 3; i++)
                        free(attribs[i].pValue);
        }
-diff -Naur old/ssh-rsa.c new/ssh-rsa.c
---- old/ssh-rsa.c      2017-10-03 21:49:05.403827361 -1000
-+++ new/ssh-rsa.c      2017-10-03 22:06:32.005937158 -1000
-@@ -99,13 +99,27 @@
+diff -aurp old/ssh-rsa.c new/ssh-rsa.c
+--- old/ssh-rsa.c      2018-03-22 16:21:14.000000000 -1000
++++ new/ssh-rsa.c      2018-03-23 10:05:03.892621777 -1000
+@@ -84,7 +84,6 @@ ssh_rsa_generate_additional_parameters(s
+ {
+       BIGNUM *aux = NULL;
+       BN_CTX *ctx = NULL;
+-      BIGNUM d;
+       int r;
+       if (key == NULL || key->rsa == NULL ||
+@@ -99,16 +98,27 @@ ssh_rsa_generate_additional_parameters(s
        }
-       rsa = key->rsa;
+       BN_set_flags(aux, BN_FLG_CONSTTIME);
  
--      if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
--          (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
--          (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
--          (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) {
+-      BN_init(&d);
+-      BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME);
+-
+-      if ((BN_sub(aux, key->rsa->q, BN_value_one()) == 0) ||
+-          (BN_mod(key->rsa->dmq1, &d, aux, ctx) == 0) ||
+-          (BN_sub(aux, key->rsa->p, BN_value_one()) == 0) ||
+-          (BN_mod(key->rsa->dmp1, &d, aux, ctx) == 0)) {
 +      {
 +      const BIGNUM *q, *d, *p;
 +      BIGNUM *dmq1=NULL, *dmp1=NULL;
@@ -1139,13 +1119,13 @@ diff -Naur old/ssh-rsa.c new/ssh-rsa.c
 +              r = SSH_ERR_ALLOC_FAIL;
 +              goto out;
 +      }
-+      RSA_get0_key(rsa, NULL, NULL, &d);
-+      RSA_get0_factors(rsa, &p, &q);
++      RSA_get0_key(key->rsa, NULL, NULL, &d);
++      RSA_get0_factors(key->rsa, &p, &q);
 +      if ((BN_sub(aux, q, BN_value_one()) == 0) ||
 +          (BN_mod(dmq1, d, aux, ctx) == 0) ||
 +          (BN_sub(aux, p, BN_value_one()) == 0) ||
 +          (BN_mod(dmp1, d, aux, ctx) == 0) ||
-+           RSA_set0_crt_params(rsa, dmp1, dmq1, NULL) == 0) {
++          RSA_set0_crt_params(key->rsa, dmp1, dmq1, NULL) == 0) {
                r = SSH_ERR_LIBCRYPTO_ERROR;
 +              BN_clear_free(dmp1);
 +              BN_clear_free(dmq1);
@@ -1155,7 +1135,7 @@ diff -Naur old/ssh-rsa.c new/ssh-rsa.c
        r = 0;
   out:
        BN_clear_free(aux);
-@@ -136,7 +150,7 @@
+@@ -139,7 +149,7 @@ ssh_rsa_sign(const struct sshkey *key, u
        if (key == NULL || key->rsa == NULL || hash_alg == -1 ||
            sshkey_type_plain(key->type) != KEY_RSA)
                return SSH_ERR_INVALID_ARGUMENT;
@@ -1164,7 +1144,7 @@ diff -Naur old/ssh-rsa.c new/ssh-rsa.c
                return SSH_ERR_KEY_LENGTH;
        slen = RSA_size(key->rsa);
        if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
-@@ -210,7 +224,7 @@
+@@ -211,7 +221,7 @@ ssh_rsa_verify(const struct sshkey *key,
            sshkey_type_plain(key->type) != KEY_RSA ||
            sig == NULL || siglen == 0)
                return SSH_ERR_INVALID_ARGUMENT;
@@ -1173,10 +1153,10 @@ diff -Naur old/ssh-rsa.c new/ssh-rsa.c
                return SSH_ERR_KEY_LENGTH;
  
        if ((b = sshbuf_from(sig, siglen)) == NULL)
-diff -Naur old/sshkey.c new/sshkey.c
---- old/sshkey.c       2017-10-03 21:49:05.407160494 -1000
-+++ new/sshkey.c       2017-10-03 22:16:31.124964276 -1000
-@@ -264,10 +264,18 @@
+diff -aurp old/sshkey.c new/sshkey.c
+--- old/sshkey.c       2018-03-22 16:21:14.000000000 -1000
++++ new/sshkey.c       2018-03-23 10:05:03.893621860 -1000
+@@ -274,10 +274,18 @@ sshkey_size(const struct sshkey *k)
  #ifdef WITH_OPENSSL
        case KEY_RSA:
        case KEY_RSA_CERT:
@@ -1196,7 +1176,7 @@ diff -Naur old/sshkey.c new/sshkey.c
        case KEY_ECDSA:
        case KEY_ECDSA_CERT:
                return sshkey_curve_nid_to_bits(k->ecdsa_nid);
-@@ -466,28 +474,55 @@
+@@ -482,26 +490,53 @@ sshkey_new(int type)
  #ifdef WITH_OPENSSL
        case KEY_RSA:
        case KEY_RSA_CERT:
@@ -1209,8 +1189,7 @@ diff -Naur old/sshkey.c new/sshkey.c
 +                  (e = BN_new()) == NULL) {
 +                      BN_free(n);
 +                      BN_free(e);
-                       if (rsa != NULL)
-                               RSA_free(rsa);
+                       RSA_free(rsa);
                        free(k);
                        return NULL;
                }
@@ -1238,8 +1217,7 @@ diff -Naur old/sshkey.c new/sshkey.c
 +                      BN_free(q);
 +                      BN_free(g);
 +                      BN_free(pubkey);
-                       if (dsa != NULL)
-                               DSA_free(dsa);
+                       DSA_free(dsa);
                        free(k);
                        return NULL;
                }
@@ -1258,7 +1236,7 @@ diff -Naur old/sshkey.c new/sshkey.c
                k->dsa = dsa;
                break;
        case KEY_ECDSA:
-@@ -523,6 +558,51 @@
+@@ -539,6 +574,51 @@ sshkey_add_private(struct sshkey *k)
  #ifdef WITH_OPENSSL
        case KEY_RSA:
        case KEY_RSA_CERT:
@@ -1310,7 +1288,7 @@ diff -Naur old/sshkey.c new/sshkey.c
  #define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL)
                if (bn_maybe_alloc_failed(k->rsa->d) ||
                    bn_maybe_alloc_failed(k->rsa->iqmp) ||
-@@ -531,13 +611,28 @@
+@@ -547,13 +627,28 @@ sshkey_add_private(struct sshkey *k)
                    bn_maybe_alloc_failed(k->rsa->dmq1) ||
                    bn_maybe_alloc_failed(k->rsa->dmp1))
                        return SSH_ERR_ALLOC_FAIL;
@@ -1339,7 +1317,7 @@ diff -Naur old/sshkey.c new/sshkey.c
        case KEY_ECDSA:
        case KEY_ECDSA_CERT:
                /* Cannot do anything until we know the group */
-@@ -655,16 +750,34 @@
+@@ -677,16 +772,34 @@ sshkey_equal_public(const struct sshkey
  #ifdef WITH_OPENSSL
        case KEY_RSA_CERT:
        case KEY_RSA:
@@ -1382,7 +1360,7 @@ diff -Naur old/sshkey.c new/sshkey.c
  # ifdef OPENSSL_HAS_ECC
        case KEY_ECDSA_CERT:
        case KEY_ECDSA:
-@@ -742,12 +855,17 @@
+@@ -775,12 +888,17 @@ to_blob_buf(const struct sshkey *key, st
        case KEY_DSA:
                if (key->dsa == NULL)
                        return SSH_ERR_INVALID_ARGUMENT;
@@ -1404,7 +1382,7 @@ diff -Naur old/sshkey.c new/sshkey.c
                break;
  # ifdef OPENSSL_HAS_ECC
        case KEY_ECDSA:
-@@ -763,10 +881,14 @@
+@@ -796,10 +914,14 @@ to_blob_buf(const struct sshkey *key, st
        case KEY_RSA:
                if (key->rsa == NULL)
                        return SSH_ERR_INVALID_ARGUMENT;
@@ -1421,7 +1399,7 @@ diff -Naur old/sshkey.c new/sshkey.c
                break;
  #endif /* WITH_OPENSSL */
        case KEY_ED25519:
-@@ -1643,13 +1765,32 @@
+@@ -1740,13 +1862,32 @@ sshkey_from_private(const struct sshkey
        case KEY_DSA_CERT:
                if ((n = sshkey_new(k->type)) == NULL)
                        return SSH_ERR_ALLOC_FAIL;
@@ -1458,7 +1436,7 @@ diff -Naur old/sshkey.c new/sshkey.c
                break;
  # ifdef OPENSSL_HAS_ECC
        case KEY_ECDSA:
-@@ -1673,11 +1814,23 @@
+@@ -1770,11 +1911,23 @@ sshkey_from_private(const struct sshkey
        case KEY_RSA_CERT:
                if ((n = sshkey_new(k->type)) == NULL)
                        return SSH_ERR_ALLOC_FAIL;
@@ -1484,7 +1462,7 @@ diff -Naur old/sshkey.c new/sshkey.c
                break;
  #endif /* WITH_OPENSSL */
        case KEY_ED25519:
-@@ -1875,12 +2028,27 @@
+@@ -1995,12 +2148,27 @@ sshkey_from_blob_internal(struct sshbuf
                        ret = SSH_ERR_ALLOC_FAIL;
                        goto out;
                }
@@ -1515,7 +1493,7 @@ diff -Naur old/sshkey.c new/sshkey.c
                        ret = SSH_ERR_KEY_LENGTH;
                        goto out;
                }
-@@ -1900,13 +2068,36 @@
+@@ -2020,13 +2188,36 @@ sshkey_from_blob_internal(struct sshbuf
                        ret = SSH_ERR_ALLOC_FAIL;
                        goto out;
                }
@@ -1556,7 +1534,7 @@ diff -Naur old/sshkey.c new/sshkey.c
  #ifdef DEBUG_PK
                DSA_print_fp(stderr, key->dsa, 8);
  #endif
-@@ -2140,26 +2331,63 @@
+@@ -2327,26 +2518,63 @@ sshkey_demote(const struct sshkey *k, st
                        goto fail;
                /* FALLTHROUGH */
        case KEY_RSA:
@@ -1628,7 +1606,7 @@ diff -Naur old/sshkey.c new/sshkey.c
                break;
        case KEY_ECDSA_CERT:
                if ((ret = sshkey_cert_copy(k, pk)) != 0)
-@@ -2281,11 +2509,17 @@
+@@ -2496,11 +2724,17 @@ sshkey_certify_custom(struct sshkey *k,
        switch (k->type) {
  #ifdef WITH_OPENSSL
        case KEY_DSA_CERT:
@@ -1650,7 +1628,7 @@ diff -Naur old/sshkey.c new/sshkey.c
                break;
  # ifdef OPENSSL_HAS_ECC
        case KEY_ECDSA_CERT:
-@@ -2298,9 +2532,15 @@
+@@ -2513,9 +2747,15 @@ sshkey_certify_custom(struct sshkey *k,
                break;
  # endif /* OPENSSL_HAS_ECC */
        case KEY_RSA_CERT:
@@ -1668,7 +1646,7 @@ diff -Naur old/sshkey.c new/sshkey.c
                break;
  #endif /* WITH_OPENSSL */
        case KEY_ED25519_CERT:
-@@ -2474,42 +2714,67 @@
+@@ -2702,42 +2942,67 @@ sshkey_private_serialize_opt(const struc
        switch (key->type) {
  #ifdef WITH_OPENSSL
        case KEY_RSA:
@@ -1752,7 +1730,7 @@ diff -Naur old/sshkey.c new/sshkey.c
                break;
  # ifdef OPENSSL_HAS_ECC
        case KEY_ECDSA:
-@@ -2585,18 +2850,61 @@
+@@ -2851,18 +3116,61 @@ sshkey_private_deserialize(struct sshbuf
                        r = SSH_ERR_ALLOC_FAIL;
                        goto out;
                }
@@ -1821,7 +1799,7 @@ diff -Naur old/sshkey.c new/sshkey.c
                break;
  # ifdef OPENSSL_HAS_ECC
        case KEY_ECDSA:
-@@ -2655,29 +2963,104 @@
+@@ -2921,29 +3229,104 @@ sshkey_private_deserialize(struct sshbuf
                        r = SSH_ERR_ALLOC_FAIL;
                        goto out;
                }
@@ -1940,7 +1918,7 @@ diff -Naur old/sshkey.c new/sshkey.c
                        r = SSH_ERR_KEY_LENGTH;
                        goto out;
                }
-@@ -3395,7 +3778,6 @@
+@@ -3707,7 +4090,6 @@ translate_libcrypto_error(unsigned long
                switch (pem_reason) {
                case EVP_R_BAD_DECRYPT:
                        return SSH_ERR_KEY_WRONG_PASSPHRASE;
@@ -1948,7 +1926,7 @@ diff -Naur old/sshkey.c new/sshkey.c
                case EVP_R_DECODE_ERROR:
  #ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR
                case EVP_R_PRIVATE_KEY_DECODE_ERROR:
-@@ -3460,7 +3842,7 @@
+@@ -3772,7 +4154,7 @@ sshkey_parse_private_pem_fileblob(struct
                r = convert_libcrypto_error();
                goto out;
        }
@@ -1957,7 +1935,7 @@ diff -Naur old/sshkey.c new/sshkey.c
            (type == KEY_UNSPEC || type == KEY_RSA)) {
                if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
                        r = SSH_ERR_ALLOC_FAIL;
-@@ -3475,11 +3857,11 @@
+@@ -3787,11 +4169,11 @@ sshkey_parse_private_pem_fileblob(struct
                        r = SSH_ERR_LIBCRYPTO_ERROR;
                        goto out;
                }
@@ -1971,7 +1949,7 @@ diff -Naur old/sshkey.c new/sshkey.c
            (type == KEY_UNSPEC || type == KEY_DSA)) {
                if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
                        r = SSH_ERR_ALLOC_FAIL;
-@@ -3491,7 +3873,7 @@
+@@ -3803,7 +4185,7 @@ sshkey_parse_private_pem_fileblob(struct
                DSA_print_fp(stderr, prv->dsa, 8);
  #endif
  #ifdef OPENSSL_HAS_ECC