diff options
| author | Simon Chopin <simon.chopin@canonical.com> | 2022-04-08 09:32:24 +0200 |
|---|---|---|
| committer | Florian Wininger <fw.centrale@gmail.com> | 2022-04-29 14:32:38 +0200 |
| commit | be704639f00262d5359256a66f0bbbf7e1351ecc (patch) | |
| tree | 377a26fdf5d37aa02463d07535fff304ab9fbfcd | |
| parent | 763b9da5bc0fefc2345b76598d696e8b02a3eecb (diff) | |
| download | net-ssh-be704639f00262d5359256a66f0bbbf7e1351ecc.tar.gz | |
transport: create EC keys by loading PEM data directly
The OpenSSL 3.0 changes don't allow for us to modify the private key
details directly, and there are no dedicated constructors as of Ruby
3.0, so we need to actually create a PEM certificate in-memory and load
that instead.
Co-authored-by: Lucas Kanashiro <lucas.kanashiro@canonical.com>
| -rw-r--r-- | lib/net/ssh/transport/openssl.rb | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/lib/net/ssh/transport/openssl.rb b/lib/net/ssh/transport/openssl.rb index a398326..40561fb 100644 --- a/lib/net/ssh/transport/openssl.rb +++ b/lib/net/ssh/transport/openssl.rb @@ -159,10 +159,18 @@ module OpenSSL public_key_oct = buffer.read_string begin - key = OpenSSL::PKey::EC.new(OpenSSL::PKey::EC::CurveNameAlias[curve_name_in_key]) - group = key.group + curvename = OpenSSL::PKey::EC::CurveNameAlias[curve_name_in_key] + group = OpenSSL::PKey::EC::Group.new(curvename) point = OpenSSL::PKey::EC::Point.new(group, OpenSSL::BN.new(public_key_oct, 2)) - key.public_key = point + asn1 = OpenSSL::ASN1::Sequence([ + OpenSSL::ASN1::Sequence([ + OpenSSL::ASN1::ObjectId("id-ecPublicKey"), + OpenSSL::ASN1::ObjectId(curvename) + ]), + OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed)) + ]) + + key = OpenSSL::PKey::EC.new(asn1.to_der) return key rescue OpenSSL::PKey::ECError |