upstream: let sshkey_try_load_public() load public keys from the

unencrypted envelope of private key files if not sidecar public key file is present. ok markus@ OpenBSD-Commit-ID: 252a0a580e10b9a6311632530d63b5ac76592040
author: djm@openbsd.org <djm@openbsd.org> 2020-04-08 00:10:37 +0000
committer: Damien Miller <djm@mindrot.org> 2020-04-08 10:14:21 +1000
commit: 2b13d3934d5803703c04803ca3a93078ecb5b715 (patch)
tree: 30d834cff84affab51cd9df7d659c4ceb21ee26f
parent: d01f39304eaab0352793b490a25e1ab5f59a5366 (diff)
1 files changed, 37 insertions, 1 deletions
diff --git a/authfile.c b/authfile.c
index 953812f4f..50fa48e4a 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.138 2020/04/08 00:09:24 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.139 2020/04/08 00:10:37 djm Exp $ */
 /*
 * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
 *
@@ -194,6 +194,38 @@ sshkey_load_private(const char *filename, const char *passphrase,
        return r;
 }
+/* Load a pubkey from the unencrypted envelope of a new-format private key */
+static int
+sshkey_load_pubkey_from_private(const char *filename, struct sshkey **pubkeyp)
+{
+        struct sshbuf *buffer = NULL;
+        struct sshkey *pubkey = NULL;
+        int r, fd;
+        if (pubkeyp != NULL)
+                *pubkeyp = NULL;
+        if ((fd = open(filename, O_RDONLY)) == -1)
+                return SSH_ERR_SYSTEM_ERROR;
+        if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
+            (r = sshkey_parse_pubkey_from_private_fileblob_type(buffer,
+            KEY_UNSPEC, &pubkey)) != 0)
+                goto out;
+        if ((r = sshkey_set_filename(pubkey, filename)) != 0)
+                goto out;
+        /* success */
+        if (pubkeyp != NULL) {
+                *pubkeyp = pubkey;
+                pubkey = NULL;
+        }
+        r = 0;
+ out:
+        close(fd);
+        sshbuf_free(buffer);
+        sshkey_free(pubkey);
+        return r;
+}
 static int
 sshkey_try_load_public(struct sshkey **kp, const char *filename,
    char **commentp)
@@ -272,6 +304,10 @@ sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
        if ((r = sshkey_try_load_public(keyp, pubfile, commentp)) == 0)
                goto out;
+        /* finally, try to extract public key from private key file */
+        if ((r = sshkey_load_pubkey_from_private(filename, keyp)) == 0)
+                goto out;
 out:
        free(pubfile);
        return r;
author	djm@openbsd.org <djm@openbsd.org>	2020-04-08 00:10:37 +0000
committer	Damien Miller <djm@mindrot.org>	2020-04-08 10:14:21 +1000
commit	2b13d3934d5803703c04803ca3a93078ecb5b715 (patch)
tree	30d834cff84affab51cd9df7d659c4ceb21ee26f
parent	d01f39304eaab0352793b490a25e1ab5f59a5366 (diff)

diff --git a/authfile.c b/authfile.c index 953812f4f..50fa48e4a 100644 --- a/authfile.c +++ b/authfile.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: authfile.c,v 1.138 2020/04/08 00:09:24 djm Exp $ */	1	/* $OpenBSD: authfile.c,v 1.139 2020/04/08 00:10:37 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
4	*	4	*
@@ -194,6 +194,38 @@ sshkey_load_private(const char filename, const char passphrase,
194	return r;	194	return r;
195	}	195	}
196		196
		197	/* Load a pubkey from the unencrypted envelope of a new-format private key */
		198	static int
		199	sshkey_load_pubkey_from_private(const char filename, struct sshkey *pubkeyp)
		200	{
		201	struct sshbuf *buffer = NULL;
		202	struct sshkey *pubkey = NULL;
		203	int r, fd;
		204
		205	if (pubkeyp != NULL)
		206	*pubkeyp = NULL;
		207
		208	if ((fd = open(filename, O_RDONLY)) == -1)
		209	return SSH_ERR_SYSTEM_ERROR;
		210	if ((r = sshbuf_load_fd(fd, &buffer)) != 0 \|\|
		211	(r = sshkey_parse_pubkey_from_private_fileblob_type(buffer,
		212	KEY_UNSPEC, &pubkey)) != 0)
		213	goto out;
		214	if ((r = sshkey_set_filename(pubkey, filename)) != 0)
		215	goto out;
		216	/* success */
		217	if (pubkeyp != NULL) {
		218	*pubkeyp = pubkey;
		219	pubkey = NULL;
		220	}
		221	r = 0;
		222	out:
		223	close(fd);
		224	sshbuf_free(buffer);
		225	sshkey_free(pubkey);
		226	return r;
		227	}
		228
197	static int	229	static int
198	sshkey_try_load_public(struct sshkey *kp, const char filename,	230	sshkey_try_load_public(struct sshkey *kp, const char filename,
199	char **commentp)	231	char **commentp)
@@ -272,6 +304,10 @@ sshkey_load_public(const char filename, struct sshkey keyp, char *commentp)
272	if ((r = sshkey_try_load_public(keyp, pubfile, commentp)) == 0)	304	if ((r = sshkey_try_load_public(keyp, pubfile, commentp)) == 0)
273	goto out;	305	goto out;
274		306
		307	/* finally, try to extract public key from private key file */
		308	if ((r = sshkey_load_pubkey_from_private(filename, keyp)) == 0)
		309	goto out;
		310
275	out:	311	out:
276	free(pubfile);	312	free(pubfile);
277	return r;	313	return r;