Skip to content

GitLab

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

Refactor parsing key files in MbedTLS to support also generic PKCS8 PEM files

Review changes
Open in Workspace
Download
Patches
Plain diff

Refactor parsing key files in MbedTLS to support also generic PKCS8 PEM files

Jakub Jelenrequested to merge

jjelen/libssh-mirror:mbedtls-pem into master Jul 04, 2022

Overview 4
Commits 6
Pipelines 8
Changes 6

Currently the MbedTLS implementation supports only legacy PEM files (PKCS#1 with header -----BEGIN RSA PRIVATE KEY-----). The MbedTLS supports also the more modern PKCS#8 PEM files (with -----BEGIN PRIVATE KEY----- header), which are now generated by default bey OpenSSL, but the way how the code was written in libssh prevented their usage as this new header lead to ignoring these keys (and using invalid header lead to failure on the MbedTLS side, which is more picky than the OpenSSL).

This code refactors the key reading in MbedTLS and fixes couple of issues noticed on the way as well as improving the example keygen program to allow reading keys and printing their fingerprints.

I will try to get back to this to add some more test coverage.

Based on the discussion from https://archive.libssh.org/libssh/2022-06/0000001.html

Checklist

Commits have Signed-off-by: with name/author being identical to the commit author
Code modified for feature
Test suite updated with functionality tests
Test suite updated with negative tests
Documentation updated

Reviewer's checklist:

Any issues marked for closing are addressed
There is a test suite reasonably covering new functionality or modifications
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTING.md
This feature/change has adequate documentation added
No obvious mistakes in the code

Edited Aug 02, 2022 by Jakub Jelen

Merge request reports

Assignee Loading

Reviewers Loading

Request review from

Loading

Time tracking Loading

Loading