On 11/7/17 4:11 AM, Jakub Jelen wrote:
Hello,
this patch is an addition to the commit 954da14 which is trying to use
non-deprecated functions in OpenSSL 1.1.0.
But the newly function needs special allocation of the dsa structure
before, which was missing. See the attached patch (or on github [1]).
[1] https://github.com/Jakuje/libssh/commit/dcdba1a
I believe that if DSA_generate_parameters_ex fails, the key->dsa
needs to be DSA_free'd and then set to NULL in the error-out path
on line 469:
454 int pki_key_generate_dss(ssh_key key, int parameter){
455 int rc;
456 #if OPENSSL_VERSION_NUMBER > 0x10100000L
457 key->dsa = DSA_new();
458 if (!key->dsa) {
459 return SSH_ERROR;
460 }
461 rc = DSA_generate_parameters_ex(key->dsa,
462 parameter,
463 NULL, /* seed */
464 0, /* seed_len */
465 NULL, /* counter_ret */
466 NULL, /* h_ret */
467 NULL); /* cb */
468 if (rc != 1) {
469 return SSH_ERROR; /* XXX: DSA_free, set to NULL here. */
470 }
471 #else
472 key->dsa = DSA_generate_parameters(parameter, NULL, 0, NULL, NULL,
473 NULL, NULL);
474 if(key->dsa == NULL){
475 return SSH_ERROR;
476 }
477 #endif
478 rc = DSA_generate_key(key->dsa);
479 if (rc != 1){
480 DSA_free(key->dsa);
481 key->dsa=NULL;
482 return SSH_ERROR;
483 }
484 return SSH_OK;
485 }
-Jon
