From 4f7a56d5e02e3d04ab69eac1213817a7536d0562 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 21 Jun 2019 04:21:04 +0000 Subject: upstream: Add protection for private keys at rest in RAM against speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@ OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4 --- sshkey.h | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) (limited to 'sshkey.h') diff --git a/sshkey.h b/sshkey.h index a91e60436..41d159a1b 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.31 2019/01/20 22:51:37 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.32 2019/06/21 04:21:05 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -123,6 +123,10 @@ struct sshkey { u_char *xmss_sk; u_char *xmss_pk; struct sshkey_cert *cert; + u_char *shielded_private; + size_t shielded_len; + u_char *shield_prekey; + size_t shield_prekey_len; }; #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES @@ -146,6 +150,11 @@ u_int sshkey_size(const struct sshkey *); int sshkey_generate(int type, u_int bits, struct sshkey **keyp); int sshkey_from_private(const struct sshkey *, struct sshkey **); + +int sshkey_is_shielded(struct sshkey *); +int sshkey_shield_private(struct sshkey *); +int sshkey_unshield_private(struct sshkey *); + int sshkey_type_from_name(const char *); int sshkey_is_cert(const struct sshkey *); int sshkey_type_is_cert(int); @@ -161,7 +170,7 @@ int sshkey_check_cert_sigtype(const struct sshkey *, const char *); int sshkey_certify(struct sshkey *, struct sshkey *, const char *); /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ -typedef int sshkey_certify_signer(const struct sshkey *, u_char **, size_t *, +typedef int sshkey_certify_signer(struct sshkey *, u_char **, size_t *, const u_char *, size_t, const char *, u_int, void *); int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *, sshkey_certify_signer *, void *); @@ -192,7 +201,7 @@ int sshkey_puts_opts(const struct sshkey *, struct sshbuf *, int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); -int sshkey_sign(const struct sshkey *, u_char **, size_t *, +int sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t, const char *, u_int); int sshkey_verify(const struct sshkey *, const u_char *, size_t, const u_char *, size_t, const char *, u_int); @@ -204,8 +213,8 @@ void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); void sshkey_dump_ec_key(const EC_KEY *); /* private key parsing and serialisation */ -int sshkey_private_serialize(const struct sshkey *key, struct sshbuf *buf); -int sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *buf, +int sshkey_private_serialize(struct sshkey *key, struct sshbuf *buf); +int sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf, enum sshkey_serialize_rep); int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); @@ -231,7 +240,7 @@ int sshkey_set_filename(struct sshkey *, const char *); int sshkey_enable_maxsign(struct sshkey *, u_int32_t); u_int32_t sshkey_signatures_left(const struct sshkey *); int sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *); -int sshkey_private_serialize_maxsign(const struct sshkey *key, struct sshbuf *buf, +int sshkey_private_serialize_maxsign(struct sshkey *key, struct sshbuf *buf, u_int32_t maxsign, sshkey_printfn *pr); #ifdef SSHKEY_INTERNAL -- cgit v1.2.3 From eb0d8e708a1f958aecd2d6e2ff2450af488d4c2a Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 15 Jul 2019 13:16:29 +0000 Subject: upstream: support PKCS8 as an optional format for storage of private keys, enabled via "ssh-keygen -m PKCS8" on operations that save private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less terrible KDF (IIRC PEM uses a single round of MD5 as a KDF). adapted from patch by Jakub Jelen via bz3013; ok markus OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1 --- authfile.c | 6 ++--- ssh-keygen.1 | 9 +++---- ssh-keygen.c | 25 ++++++++++--------- sshkey.c | 78 +++++++++++++++++++++++++++++++++++++++++++----------------- sshkey.h | 11 +++++++-- 5 files changed, 87 insertions(+), 42 deletions(-) (limited to 'sshkey.h') diff --git a/authfile.c b/authfile.c index 2166c1689..851c1a8a1 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.132 2019/06/28 13:35:04 deraadt Exp $ */ +/* $OpenBSD: authfile.c,v 1.133 2019/07/15 13:16:29 djm Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -74,7 +74,7 @@ sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) int sshkey_save_private(struct sshkey *key, const char *filename, const char *passphrase, const char *comment, - int force_new_format, const char *new_format_cipher, int new_format_rounds) + int format, const char *openssh_format_cipher, int openssh_format_rounds) { struct sshbuf *keyblob = NULL; int r; @@ -82,7 +82,7 @@ sshkey_save_private(struct sshkey *key, const char *filename, if ((keyblob = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment, - force_new_format, new_format_cipher, new_format_rounds)) != 0) + format, openssh_format_cipher, openssh_format_rounds)) != 0) goto out; if ((r = sshkey_save_private_blob(keyblob, filename)) != 0) goto out; diff --git a/ssh-keygen.1 b/ssh-keygen.1 index f42127c60..8184a1797 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.160 2019/05/20 06:01:59 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.161 2019/07/15 13:16:29 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 20 2019 $ +.Dd $Mdocdate: July 15 2019 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -419,11 +419,12 @@ The supported key formats are: .Dq RFC4716 (RFC 4716/SSH2 public or private key), .Dq PKCS8 -(PEM PKCS8 public key) +(PKCS8 public or private key) or .Dq PEM (PEM public key). -The default conversion format is +By default OpenSSH will write newly-generated private keys in its own +format, but when converting public keys for export the default format is .Dq RFC4716 . Setting a format of .Dq PEM diff --git a/ssh-keygen.c b/ssh-keygen.c index b019a02ff..5dcad1f61 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.335 2019/07/05 07:32:01 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.336 2019/07/15 13:16:29 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -147,11 +147,11 @@ static char *key_type_name = NULL; /* Load key from this PKCS#11 provider */ static char *pkcs11provider = NULL; -/* Use new OpenSSH private key format when writing SSH2 keys instead of PEM */ -static int use_new_format = 1; +/* Format for writing private keys */ +static int private_key_format = SSHKEY_PRIVATE_OPENSSH; /* Cipher for new-format private keys */ -static char *new_format_cipher = NULL; +static char *openssh_format_cipher = NULL; /* * Number of KDF rounds to derive new format keys / @@ -1048,7 +1048,8 @@ do_gen_all_hostkeys(struct passwd *pw) snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname); if ((r = sshkey_save_private(private, prv_tmp, "", - comment, use_new_format, new_format_cipher, rounds)) != 0) { + comment, private_key_format, openssh_format_cipher, + rounds)) != 0) { error("Saving key \"%s\" failed: %s", prv_tmp, ssh_err(r)); goto failnext; @@ -1391,7 +1392,7 @@ do_change_passphrase(struct passwd *pw) /* Save the file using the new passphrase. */ if ((r = sshkey_save_private(private, identity_file, passphrase1, - comment, use_new_format, new_format_cipher, rounds)) != 0) { + comment, private_key_format, openssh_format_cipher, rounds)) != 0) { error("Saving key \"%s\" failed: %s.", identity_file, ssh_err(r)); explicit_bzero(passphrase1, strlen(passphrase1)); @@ -1480,7 +1481,7 @@ do_change_comment(struct passwd *pw, const char *identity_comment) } if (private->type != KEY_ED25519 && private->type != KEY_XMSS && - !use_new_format) { + private_key_format != SSHKEY_PRIVATE_OPENSSH) { error("Comments are only supported for keys stored in " "the new format (-o)."); explicit_bzero(passphrase, strlen(passphrase)); @@ -1514,7 +1515,8 @@ do_change_comment(struct passwd *pw, const char *identity_comment) /* Save the file using the new passphrase. */ if ((r = sshkey_save_private(private, identity_file, passphrase, - new_comment, use_new_format, new_format_cipher, rounds)) != 0) { + new_comment, private_key_format, openssh_format_cipher, + rounds)) != 0) { error("Saving key \"%s\" failed: %s", identity_file, ssh_err(r)); explicit_bzero(passphrase, strlen(passphrase)); @@ -2525,11 +2527,12 @@ main(int argc, char **argv) } if (strcasecmp(optarg, "PKCS8") == 0) { convert_format = FMT_PKCS8; + private_key_format = SSHKEY_PRIVATE_PKCS8; break; } if (strcasecmp(optarg, "PEM") == 0) { convert_format = FMT_PEM; - use_new_format = 0; + private_key_format = SSHKEY_PRIVATE_PEM; break; } fatal("Unsupported conversion format \"%s\"", optarg); @@ -2567,7 +2570,7 @@ main(int argc, char **argv) add_cert_option(optarg); break; case 'Z': - new_format_cipher = optarg; + openssh_format_cipher = optarg; break; case 'C': identity_comment = optarg; @@ -2912,7 +2915,7 @@ passphrase_again: /* Save the key with the given passphrase and comment. */ if ((r = sshkey_save_private(private, identity_file, passphrase1, - comment, use_new_format, new_format_cipher, rounds)) != 0) { + comment, private_key_format, openssh_format_cipher, rounds)) != 0) { error("Saving key \"%s\" failed: %s", identity_file, ssh_err(r)); explicit_bzero(passphrase1, strlen(passphrase1)); diff --git a/sshkey.c b/sshkey.c index 6b5ff0485..a0cea9257 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.79 2019/07/07 01:05:00 dtucker Exp $ */ +/* $OpenBSD: sshkey.c,v 1.80 2019/07/15 13:16:29 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -3975,10 +3975,10 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, #ifdef WITH_OPENSSL -/* convert SSH v2 key in OpenSSL PEM format */ +/* convert SSH v2 key to PEM or PKCS#8 format */ static int -sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *buf, - const char *_passphrase, const char *comment) +sshkey_private_to_blob_pem_pkcs8(struct sshkey *key, struct sshbuf *buf, + int format, const char *_passphrase, const char *comment) { int was_shielded = sshkey_is_shielded(key); int success, r; @@ -3988,32 +3988,49 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *buf, char *bptr; BIO *bio = NULL; struct sshbuf *blob; + EVP_PKEY *pkey = NULL; if (len > 0 && len <= 4) return SSH_ERR_PASSPHRASE_TOO_SHORT; if ((blob = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((bio = BIO_new(BIO_s_mem())) == NULL) { - sshbuf_free(blob); - return SSH_ERR_ALLOC_FAIL; + if ((bio = BIO_new(BIO_s_mem())) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; } + if (format == SSHKEY_PRIVATE_PKCS8 && (pkey = EVP_PKEY_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } if ((r = sshkey_unshield_private(key)) != 0) goto out; switch (key->type) { case KEY_DSA: - success = PEM_write_bio_DSAPrivateKey(bio, key->dsa, - cipher, passphrase, len, NULL, NULL); + if (format == SSHKEY_PRIVATE_PEM) { + success = PEM_write_bio_DSAPrivateKey(bio, key->dsa, + cipher, passphrase, len, NULL, NULL); + } else { + success = EVP_PKEY_set1_DSA(pkey, key->dsa); + } break; #ifdef OPENSSL_HAS_ECC case KEY_ECDSA: - success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa, - cipher, passphrase, len, NULL, NULL); + if (format == SSHKEY_PRIVATE_PEM) { + success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa, + cipher, passphrase, len, NULL, NULL); + } else { + success = EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa); + } break; #endif case KEY_RSA: - success = PEM_write_bio_RSAPrivateKey(bio, key->rsa, - cipher, passphrase, len, NULL, NULL); + if (format == SSHKEY_PRIVATE_PEM) { + success = PEM_write_bio_RSAPrivateKey(bio, key->rsa, + cipher, passphrase, len, NULL, NULL); + } else { + success = EVP_PKEY_set1_RSA(pkey, key->rsa); + } break; default: success = 0; @@ -4023,6 +4040,13 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *buf, r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } + if (format == SSHKEY_PRIVATE_PKCS8) { + if ((success = PEM_write_bio_PrivateKey(bio, pkey, cipher, + passphrase, len, NULL, NULL)) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + } if ((blen = BIO_get_mem_data(bio, &bptr)) <= 0) { r = SSH_ERR_INTERNAL_ERROR; goto out; @@ -4035,8 +4059,9 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *buf, r = sshkey_shield_private(key); if (r == 0) r = sshbuf_putb(buf, blob); - sshbuf_free(blob); + EVP_PKEY_free(pkey); + sshbuf_free(blob); BIO_free(bio); return r; } @@ -4046,29 +4071,38 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *buf, int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, const char *passphrase, const char *comment, - int force_new_format, const char *new_format_cipher, int new_format_rounds) + int format, const char *openssh_format_cipher, int openssh_format_rounds) { switch (key->type) { #ifdef WITH_OPENSSL case KEY_DSA: case KEY_ECDSA: case KEY_RSA: - if (force_new_format) { - return sshkey_private_to_blob2(key, blob, passphrase, - comment, new_format_cipher, new_format_rounds); - } - return sshkey_private_pem_to_blob(key, blob, - passphrase, comment); + break; /* see below */ #endif /* WITH_OPENSSL */ case KEY_ED25519: #ifdef WITH_XMSS case KEY_XMSS: #endif /* WITH_XMSS */ return sshkey_private_to_blob2(key, blob, passphrase, - comment, new_format_cipher, new_format_rounds); + comment, openssh_format_cipher, openssh_format_rounds); default: return SSH_ERR_KEY_TYPE_UNKNOWN; } + +#ifdef WITH_OPENSSL + switch (format) { + case SSHKEY_PRIVATE_OPENSSH: + return sshkey_private_to_blob2(key, blob, passphrase, + comment, openssh_format_cipher, openssh_format_rounds); + case SSHKEY_PRIVATE_PEM: + case SSHKEY_PRIVATE_PKCS8: + return sshkey_private_to_blob_pem_pkcs8(key, blob, + format, passphrase, comment); + default: + return SSH_ERR_INVALID_ARGUMENT; + } +#endif /* WITH_OPENSSL */ } diff --git a/sshkey.h b/sshkey.h index 41d159a1b..d30a69cc9 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.32 2019/06/21 04:21:05 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.33 2019/07/15 13:16:29 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -88,6 +88,13 @@ enum sshkey_serialize_rep { SSHKEY_SERIALIZE_INFO = 254, }; +/* Private key disk formats */ +enum sshkey_private_format { + SSHKEY_PRIVATE_OPENSSH = 0, + SSHKEY_PRIVATE_PEM = 1, + SSHKEY_PRIVATE_PKCS8 = 2, +}; + /* key is stored in external hardware */ #define SSHKEY_FLAG_EXT 0x0001 @@ -221,7 +228,7 @@ int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); /* private key file format parsing and serialisation */ int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, const char *passphrase, const char *comment, - int force_new_format, const char *new_format_cipher, int new_format_rounds); + int format, const char *openssh_format_cipher, int openssh_format_rounds); int sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, struct sshkey **keyp, char **commentp); int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, -- cgit v1.2.3 From f8df0413f0a057b6a3d3dd7bd8bc7c5d80911d3a Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 3 Sep 2019 08:31:20 +0000 Subject: upstream: make get_sigtype public as sshkey_get_sigtype(); ok markus@ OpenBSD-Commit-ID: 01f8cdbec63350490d2249f41112c5780d1cfbb8 --- sshkey.c | 14 +++++++------- sshkey.h | 3 ++- 2 files changed, 9 insertions(+), 8 deletions(-) (limited to 'sshkey.h') diff --git a/sshkey.c b/sshkey.c index 9956a08b9..7136f6986 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.81 2019/07/16 13:18:39 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.82 2019/09/03 08:31:20 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -90,7 +90,6 @@ int sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf, enum sshkey_serialize_rep); static int sshkey_from_blob_internal(struct sshbuf *buf, struct sshkey **keyp, int allow_cert); -static int get_sigtype(const u_char *sig, size_t siglen, char **sigtypep); /* Supported key types */ struct keytype { @@ -2200,7 +2199,8 @@ cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf) if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0) goto out; - if ((ret = get_sigtype(sig, slen, &key->cert->signature_type)) != 0) + if ((ret = sshkey_get_sigtype(sig, slen, + &key->cert->signature_type)) != 0) goto out; /* Success */ @@ -2502,8 +2502,8 @@ sshkey_froms(struct sshbuf *buf, struct sshkey **keyp) return r; } -static int -get_sigtype(const u_char *sig, size_t siglen, char **sigtypep) +int +sshkey_get_sigtype(const u_char *sig, size_t siglen, char **sigtypep) { int r; struct sshbuf *b = NULL; @@ -2585,7 +2585,7 @@ sshkey_check_sigtype(const u_char *sig, size_t siglen, return 0; if ((expected_alg = sshkey_sigalg_by_name(requested_alg)) == NULL) return SSH_ERR_INVALID_ARGUMENT; - if ((r = get_sigtype(sig, siglen, &sigtype)) != 0) + if ((r = sshkey_get_sigtype(sig, siglen, &sigtype)) != 0) return r; r = strcmp(expected_alg, sigtype) == 0; free(sigtype); @@ -2861,7 +2861,7 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, sshbuf_len(cert), alg, 0, signer_ctx)) != 0) goto out; /* Check and update signature_type against what was actually used */ - if ((ret = get_sigtype(sig_blob, sig_len, &sigtype)) != 0) + if ((ret = sshkey_get_sigtype(sig_blob, sig_len, &sigtype)) != 0) goto out; if (alg != NULL && strcmp(alg, sigtype) != 0) { ret = SSH_ERR_SIGN_ALG_UNSUPPORTED; diff --git a/sshkey.h b/sshkey.h index d30a69cc9..1119a7b07 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.33 2019/07/15 13:16:29 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.34 2019/09/03 08:31:20 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -214,6 +214,7 @@ int sshkey_verify(const struct sshkey *, const u_char *, size_t, const u_char *, size_t, const char *, u_int); int sshkey_check_sigtype(const u_char *, size_t, const char *); const char *sshkey_sigalg_by_name(const char *); +int sshkey_get_sigtype(const u_char *, size_t, char **); /* for debug */ void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); -- cgit v1.2.3