倉庫指標
- Star
- (30,157 star)
- PR 合併指標
- (30 天內沒有已合併 PR)
描述
Finally, I have enough spare time to modernize key generation in PKIX-SSH. Remark: limited space time=long development time frame=do not touch working code
Introduction: This is part of process started long time ago with EVP based sing/verify (otherwise FIPS 1.2 module refuse operation), EVP compatible key attribute management (opaque data structures), use PKEY instead "plain" keys (follow deprecation of "plain" key). Serialization is postponed as requires key methods to be replaced by providers. Key generation that uses OpenSSL utilities was changed to use genpkey before to change program code. It was preferred to be activated if OpenSSL is 1.1 at least although is available since 1.0.
Cases (FOO_generate_key vs EVP_PKEY_keygen)
EVP_PKEY_keygen silence It seems to me EVP_PKEY_keygen is too silent when key generation fail. Some implementation tests shows that function (method) fail but error queue is empty. As result is not clear reason for failure. What about failure to be described in error queue?
paramgen_init() vs keygen_init() It seems to me EC key could be generated only with use of keygen_init() and paramgen. This is not case for DSA key. First with must create "param" pkey and then from this key to create context for generation. Tho step process is not document well in manual page. Demos are just fine, but documentation is not so precise. May be this is error in program code.
N-bit q in DSA Secure shell white papers define use of DSA as public-key algorithms. Use of plain key is based on FIPS-186-2 ("Digital Signature Standard (DSS)") with sha-1. Only 1024-bit key is allowed, and standard defines q as 160-bit. Old function DSA_generate_parameters use only key bits. Size of q is not managed. Unfortunately this is not case for keygen().
224-bits Q According to documentation 224 is default for Q. This is not exact. Manual page history section lacks information that default key sizes and indirectly Q are changed in "patch" versions! Note this "patch" version. Indirectly such changes add functional regression as programs code must set explicitly Q parameter.
manage Q-bits According to documentation either ...paramgen_q_bits or ...paramgen_md could be used. It seems to me digest function dies not work at all. Remark: This is the only case when I see error message returned for cryptographic library when generation fail: sshkey_generate: crypto message: 'error:0308010C:digital envelope routines::unsupported:Global default library context, Algorithm (xxxx : 0), Properties ()' where xxxx is something binary i.e., looks like data read from random memory. May be solution is just to document that digest function is broken. Remark: as is not reported on time there is no need to change code - looks like never used functionality. In addition, DSA is in process of dropping form secure shell as key size is weak, CA certificate bundle lacks DSA, exist legacy enterprise Linux with broken DSA X.509 certificate support.
Legacy May be is time to move DSA key to legacy provider.