summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormarkus@openbsd.org <markus@openbsd.org>2017-05-30 14:16:41 +0000
committerDamien Miller <djm@mindrot.org>2017-05-31 10:49:50 +1000
commit7da5df11ac788bc1133d8d598d298e33500524cc (patch)
tree9c201ad7bfbb674771d3cd17bda0c90d2523ffaa
parentff7371afd08ac0bbd957d90451d4dcd0da087ef5 (diff)
upstream commit
remove unused wrapper functions from key.[ch]; ok djm@ Upstream-ID: ea0f4016666a6817fc11f439dd4be06bab69707e
-rw-r--r--key.c177
-rw-r--r--key.h36
-rw-r--r--ssh-add.c4
-rw-r--r--ssh-keygen.c20
4 files changed, 14 insertions, 223 deletions
diff --git a/key.c b/key.c
index 93f4ccb24..6e338c495 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: key.c,v 1.130 2016/05/02 09:36:42 djm Exp $ */ 1/* $OpenBSD: key.c,v 1.131 2017/05/30 14:16:41 markus Exp $ */
2/* 2/*
3 * placed in the public domain 3 * placed in the public domain
4 */ 4 */
@@ -20,68 +20,6 @@
20#include "log.h" 20#include "log.h"
21#include "authfile.h" 21#include "authfile.h"
22 22
23void
24key_add_private(Key *k)
25{
26 int r;
27
28 if ((r = sshkey_add_private(k)) != 0)
29 fatal("%s: %s", __func__, ssh_err(r));
30}
31
32Key *
33key_new_private(int type)
34{
35 Key *ret = NULL;
36
37 if ((ret = sshkey_new_private(type)) == NULL)
38 fatal("%s: failed", __func__);
39 return ret;
40}
41
42int
43key_read(Key *ret, char **cpp)
44{
45 return sshkey_read(ret, cpp) == 0 ? 1 : -1;
46}
47
48int
49key_write(const Key *key, FILE *f)
50{
51 return sshkey_write(key, f) == 0 ? 1 : 0;
52}
53
54Key *
55key_generate(int type, u_int bits)
56{
57 int r;
58 Key *ret = NULL;
59
60 if ((r = sshkey_generate(type, bits, &ret)) != 0)
61 fatal("%s: %s", __func__, ssh_err(r));
62 return ret;
63}
64
65void
66key_cert_copy(const Key *from_key, Key *to_key)
67{
68 int r;
69
70 if ((r = sshkey_cert_copy(from_key, to_key)) != 0)
71 fatal("%s: %s", __func__, ssh_err(r));
72}
73
74Key *
75key_from_private(const Key *k)
76{
77 int r;
78 Key *ret = NULL;
79
80 if ((r = sshkey_from_private(k, &ret)) != 0)
81 fatal("%s: %s", __func__, ssh_err(r));
82 return ret;
83}
84
85static void 23static void
86fatal_on_fatal_errors(int r, const char *func, int extra_fatal) 24fatal_on_fatal_errors(int r, const char *func, int extra_fatal)
87{ 25{
@@ -184,19 +122,6 @@ key_demote(const Key *k)
184} 122}
185 123
186int 124int
187key_to_certified(Key *k)
188{
189 int r;
190
191 if ((r = sshkey_to_certified(k)) != 0) {
192 fatal_on_fatal_errors(r, __func__, 0);
193 error("%s: %s", __func__, ssh_err(r));
194 return -1;
195 }
196 return 0;
197}
198
199int
200key_drop_cert(Key *k) 125key_drop_cert(Key *k)
201{ 126{
202 int r; 127 int r;
@@ -210,19 +135,6 @@ key_drop_cert(Key *k)
210} 135}
211 136
212int 137int
213key_certify(Key *k, Key *ca)
214{
215 int r;
216
217 if ((r = sshkey_certify(k, ca, NULL)) != 0) {
218 fatal_on_fatal_errors(r, __func__, 0);
219 error("%s: %s", __func__, ssh_err(r));
220 return -1;
221 }
222 return 0;
223}
224
225int
226key_cert_check_authority(const Key *k, int want_host, int require_principal, 138key_cert_check_authority(const Key *k, int want_host, int require_principal,
227 const char *name, const char **reason) 139 const char *name, const char **reason)
228{ 140{
@@ -237,88 +149,8 @@ key_cert_check_authority(const Key *k, int want_host, int require_principal,
237 return 0; 149 return 0;
238} 150}
239 151
240#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
241int
242key_ec_validate_public(const EC_GROUP *group, const EC_POINT *public)
243{
244 int r;
245
246 if ((r = sshkey_ec_validate_public(group, public)) != 0) {
247 fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
248 error("%s: %s", __func__, ssh_err(r));
249 return -1;
250 }
251 return 0;
252}
253
254int
255key_ec_validate_private(const EC_KEY *key)
256{
257 int r;
258
259 if ((r = sshkey_ec_validate_private(key)) != 0) {
260 fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
261 error("%s: %s", __func__, ssh_err(r));
262 return -1;
263 }
264 return 0;
265}
266#endif /* WITH_OPENSSL */
267
268void
269key_private_serialize(const Key *key, struct sshbuf *b)
270{
271 int r;
272
273 if ((r = sshkey_private_serialize(key, b)) != 0)
274 fatal("%s: %s", __func__, ssh_err(r));
275}
276
277Key *
278key_private_deserialize(struct sshbuf *blob)
279{
280 int r;
281 Key *ret = NULL;
282
283 if ((r = sshkey_private_deserialize(blob, &ret)) != 0) {
284 fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
285 error("%s: %s", __func__, ssh_err(r));
286 return NULL;
287 }
288 return ret;
289}
290
291/* authfile.c */ 152/* authfile.c */
292 153
293int
294key_save_private(Key *key, const char *filename, const char *passphrase,
295 const char *comment, int force_new_format, const char *new_format_cipher,
296 int new_format_rounds)
297{
298 int r;
299
300 if ((r = sshkey_save_private(key, filename, passphrase, comment,
301 force_new_format, new_format_cipher, new_format_rounds)) != 0) {
302 fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
303 error("%s: %s", __func__, ssh_err(r));
304 return 0;
305 }
306 return 1;
307}
308
309int
310key_load_file(int fd, const char *filename, struct sshbuf *blob)
311{
312 int r;
313
314 if ((r = sshkey_load_file(fd, blob)) != 0) {
315 fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
316 error("%s: %s", __func__, ssh_err(r));
317 return 0;
318 }
319 return 1;
320}
321
322Key * 154Key *
323key_load_cert(const char *filename) 155key_load_cert(const char *filename)
324{ 156{
@@ -417,10 +249,3 @@ key_load_private_type(int type, const char *filename, const char *passphrase,
417 } 249 }
418 return ret; 250 return ret;
419} 251}
420
421int
422key_perm_ok(int fd, const char *filename)
423{
424 return sshkey_perm_ok(fd, filename) == 0 ? 1 : 0;
425}
426
diff --git a/key.h b/key.h
index 2e501a9f4..a14f37037 100644
--- a/key.h
+++ b/key.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: key.h,v 1.50 2016/09/12 23:31:27 djm Exp $ */ 1/* $OpenBSD: key.h,v 1.51 2017/05/30 14:16:41 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -35,51 +35,24 @@ typedef struct sshkey Key;
35#define fp_rep sshkey_fp_rep 35#define fp_rep sshkey_fp_rep
36 36
37#ifndef SSH_KEY_NO_DEFINE 37#ifndef SSH_KEY_NO_DEFINE
38#define key_new sshkey_new
39#define key_free sshkey_free 38#define key_free sshkey_free
40#define key_equal_public sshkey_equal_public 39#define key_equal_public sshkey_equal_public
41#define key_equal sshkey_equal 40#define key_equal sshkey_equal
42#define key_type sshkey_type 41#define key_type sshkey_type
43#define key_cert_type sshkey_cert_type
44#define key_ssh_name sshkey_ssh_name 42#define key_ssh_name sshkey_ssh_name
45#define key_ssh_name_plain sshkey_ssh_name_plain 43#define key_ssh_name_plain sshkey_ssh_name_plain
46#define key_type_from_name sshkey_type_from_name 44#define key_type_from_name sshkey_type_from_name
47#define key_ecdsa_nid_from_name sshkey_ecdsa_nid_from_name
48#define key_type_is_cert sshkey_type_is_cert
49#define key_size sshkey_size
50#define key_ecdsa_bits_to_nid sshkey_ecdsa_bits_to_nid
51#define key_ecdsa_key_to_nid sshkey_ecdsa_key_to_nid
52#define key_is_cert sshkey_is_cert 45#define key_is_cert sshkey_is_cert
53#define key_type_plain sshkey_type_plain 46#define key_type_plain sshkey_type_plain
54#define key_curve_name_to_nid sshkey_curve_name_to_nid
55#define key_curve_nid_to_bits sshkey_curve_nid_to_bits
56#define key_curve_nid_to_name sshkey_curve_nid_to_name
57#define key_ec_nid_to_hash_alg sshkey_ec_nid_to_hash_alg
58#define key_dump_ec_point sshkey_dump_ec_point
59#define key_dump_ec_key sshkey_dump_ec_key
60#endif 47#endif
61 48
62void key_add_private(Key *);
63Key *key_new_private(int);
64void key_free(Key *); 49void key_free(Key *);
65Key *key_demote(const Key *); 50Key *key_demote(const Key *);
66int key_write(const Key *, FILE *);
67int key_read(Key *, char **);
68 51
69Key *key_generate(int, u_int);
70Key *key_from_private(const Key *);
71int key_to_certified(Key *);
72int key_drop_cert(Key *); 52int key_drop_cert(Key *);
73int key_certify(Key *, Key *);
74void key_cert_copy(const Key *, Key *);
75int key_cert_check_authority(const Key *, int, int, const char *, 53int key_cert_check_authority(const Key *, int, int, const char *,
76 const char **); 54 const char **);
77 55
78#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
79int key_ec_validate_public(const EC_GROUP *, const EC_POINT *);
80int key_ec_validate_private(const EC_KEY *);
81#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */
82
83Key *key_from_blob(const u_char *, u_int); 56Key *key_from_blob(const u_char *, u_int);
84int key_to_blob(const Key *, u_char **, u_int *); 57int key_to_blob(const Key *, u_char **, u_int *);
85 58
@@ -87,18 +60,11 @@ int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int,
87 const char *); 60 const char *);
88int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); 61int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
89 62
90void key_private_serialize(const Key *, struct sshbuf *);
91Key *key_private_deserialize(struct sshbuf *);
92
93/* authfile.c */ 63/* authfile.c */
94int key_save_private(Key *, const char *, const char *, const char *,
95 int, const char *, int);
96int key_load_file(int, const char *, struct sshbuf *);
97Key *key_load_cert(const char *); 64Key *key_load_cert(const char *);
98Key *key_load_public(const char *, char **); 65Key *key_load_public(const char *, char **);
99Key *key_load_private(const char *, const char *, char **); 66Key *key_load_private(const char *, const char *, char **);
100Key *key_load_private_cert(int, const char *, const char *, int *); 67Key *key_load_private_cert(int, const char *, const char *, int *);
101Key *key_load_private_type(int, const char *, const char *, char **, int *); 68Key *key_load_private_type(int, const char *, const char *, char **, int *);
102int key_perm_ok(int, const char *);
103 69
104#endif 70#endif
diff --git a/ssh-add.c b/ssh-add.c
index a1e0d464b..438c1c25a 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-add.c,v 1.131 2017/05/05 10:42:49 naddy Exp $ */ 1/* $OpenBSD: ssh-add.c,v 1.132 2017/05/30 14:16:41 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -306,7 +306,7 @@ add_file(int agent_fd, const char *filename, int key_only)
306 goto out; 306 goto out;
307 } 307 }
308 if ((r = sshkey_cert_copy(cert, private)) != 0) { 308 if ((r = sshkey_cert_copy(cert, private)) != 0) {
309 error("%s: key_cert_copy: %s", __func__, ssh_err(r)); 309 error("%s: sshkey_cert_copy: %s", __func__, ssh_err(r));
310 sshkey_free(cert); 310 sshkey_free(cert);
311 goto out; 311 goto out;
312 } 312 }
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 7886582d7..cc3a7df18 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.303 2017/05/07 23:15:59 djm Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.304 2017/05/30 14:16:41 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -488,7 +488,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
488 return NULL; 488 return NULL;
489 } 489 }
490 if ((key = sshkey_new_private(ktype)) == NULL) 490 if ((key = sshkey_new_private(ktype)) == NULL)
491 fatal("key_new_private failed"); 491 fatal("sshkey_new_private failed");
492 free(type); 492 free(type);
493 493
494 switch (key->type) { 494 switch (key->type) {
@@ -770,7 +770,7 @@ do_print_public(struct passwd *pw)
770 fatal("%s: %s", identity_file, strerror(errno)); 770 fatal("%s: %s", identity_file, strerror(errno));
771 prv = load_identity(identity_file); 771 prv = load_identity(identity_file);
772 if ((r = sshkey_write(prv, stdout)) != 0) 772 if ((r = sshkey_write(prv, stdout)) != 0)
773 error("key_write failed: %s", ssh_err(r)); 773 error("sshkey_write failed: %s", ssh_err(r));
774 sshkey_free(prv); 774 sshkey_free(prv);
775 fprintf(stdout, "\n"); 775 fprintf(stdout, "\n");
776 exit(0); 776 exit(0);
@@ -1019,7 +1019,7 @@ do_gen_all_hostkeys(struct passwd *pw)
1019 bits = 0; 1019 bits = 0;
1020 type_bits_valid(type, NULL, &bits); 1020 type_bits_valid(type, NULL, &bits);
1021 if ((r = sshkey_generate(type, bits, &private)) != 0) { 1021 if ((r = sshkey_generate(type, bits, &private)) != 0) {
1022 error("key_generate failed: %s", ssh_err(r)); 1022 error("sshkey_generate failed: %s", ssh_err(r));
1023 first = 0; 1023 first = 0;
1024 continue; 1024 continue;
1025 } 1025 }
@@ -1475,7 +1475,7 @@ do_change_comment(struct passwd *pw)
1475 explicit_bzero(passphrase, strlen(passphrase)); 1475 explicit_bzero(passphrase, strlen(passphrase));
1476 free(passphrase); 1476 free(passphrase);
1477 if ((r = sshkey_from_private(private, &public)) != 0) 1477 if ((r = sshkey_from_private(private, &public)) != 0)
1478 fatal("key_from_private failed: %s", ssh_err(r)); 1478 fatal("sshkey_from_private failed: %s", ssh_err(r));
1479 sshkey_free(private); 1479 sshkey_free(private);
1480 1480
1481 strlcat(identity_file, ".pub", sizeof(identity_file)); 1481 strlcat(identity_file, ".pub", sizeof(identity_file));
@@ -1662,7 +1662,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
1662 OPTIONS_EXTENSIONS); 1662 OPTIONS_EXTENSIONS);
1663 if ((r = sshkey_from_private(ca, 1663 if ((r = sshkey_from_private(ca,
1664 &public->cert->signature_key)) != 0) 1664 &public->cert->signature_key)) != 0)
1665 fatal("key_from_private (ca key): %s", ssh_err(r)); 1665 fatal("sshkey_from_private (ca key): %s", ssh_err(r));
1666 1666
1667 if ((r = sshkey_certify(public, ca, key_type_name)) != 0) 1667 if ((r = sshkey_certify(public, ca, key_type_name)) != 0)
1668 fatal("Couldn't certify key %s: %s", tmp, ssh_err(r)); 1668 fatal("Couldn't certify key %s: %s", tmp, ssh_err(r));
@@ -1980,7 +1980,7 @@ do_show_cert(struct passwd *pw)
1980 if (*cp == '#' || *cp == '\0') 1980 if (*cp == '#' || *cp == '\0')
1981 continue; 1981 continue;
1982 if ((key = sshkey_new(KEY_UNSPEC)) == NULL) 1982 if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
1983 fatal("key_new"); 1983 fatal("sshkey_new");
1984 if ((r = sshkey_read(key, &cp)) != 0) { 1984 if ((r = sshkey_read(key, &cp)) != 0) {
1985 error("%s:%lu: invalid key: %s", path, 1985 error("%s:%lu: invalid key: %s", path,
1986 lnum, ssh_err(r)); 1986 lnum, ssh_err(r));
@@ -2126,7 +2126,7 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca,
2126 */ 2126 */
2127 } 2127 }
2128 if ((key = sshkey_new(KEY_UNSPEC)) == NULL) 2128 if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
2129 fatal("key_new"); 2129 fatal("sshkey_new");
2130 if ((r = sshkey_read(key, &cp)) != 0) 2130 if ((r = sshkey_read(key, &cp)) != 0)
2131 fatal("%s:%lu: invalid key: %s", 2131 fatal("%s:%lu: invalid key: %s",
2132 path, lnum, ssh_err(r)); 2132 path, lnum, ssh_err(r));
@@ -2667,9 +2667,9 @@ main(int argc, char **argv)
2667 printf("Generating public/private %s key pair.\n", 2667 printf("Generating public/private %s key pair.\n",
2668 key_type_name); 2668 key_type_name);
2669 if ((r = sshkey_generate(type, bits, &private)) != 0) 2669 if ((r = sshkey_generate(type, bits, &private)) != 0)
2670 fatal("key_generate failed"); 2670 fatal("sshkey_generate failed");
2671 if ((r = sshkey_from_private(private, &public)) != 0) 2671 if ((r = sshkey_from_private(private, &public)) != 0)
2672 fatal("key_from_private failed: %s\n", ssh_err(r)); 2672 fatal("sshkey_from_private failed: %s\n", ssh_err(r));
2673 2673
2674 if (!have_identity) 2674 if (!have_identity)
2675 ask_filename(pw, "Enter file in which to save the key"); 2675 ask_filename(pw, "Enter file in which to save the key");