diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2015-01-08 10:14:08 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-01-09 00:17:12 +1100 |
| commit | 1195f4cb07ef4b0405c839293c38600b3e9bdb46 (patch) | |
| tree | bee2cbc3442638bf18a2905608787a0c62b8994b /authfile.c | |
| parent | febbe09e4e9aff579b0c5cc1623f756862e4757d (diff) | |
upstream commit
deprecate key_load_private_pem() and
sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign
previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as
comment fields.
ok markus@
Diffstat (limited to 'authfile.c')
| -rw-r--r-- | authfile.c | 64 |
1 files changed, 24 insertions, 40 deletions
diff --git a/authfile.c b/authfile.c index 95877e159..de9708607 100644 --- a/authfile.c +++ b/authfile.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: authfile.c,v 1.108 2014/12/04 02:24:32 djm Exp $ */ | 1 | /* $OpenBSD: authfile.c,v 1.109 2015/01/08 10:14:08 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -95,7 +95,7 @@ sshkey_save_private(struct sshkey *key, const char *filename, | |||
| 95 | 95 | ||
| 96 | /* Load a key from a fd into a buffer */ | 96 | /* Load a key from a fd into a buffer */ |
| 97 | int | 97 | int |
| 98 | sshkey_load_file(int fd, const char *filename, struct sshbuf *blob) | 98 | sshkey_load_file(int fd, struct sshbuf *blob) |
| 99 | { | 99 | { |
| 100 | u_char buf[1024]; | 100 | u_char buf[1024]; |
| 101 | size_t len; | 101 | size_t len; |
| @@ -142,8 +142,7 @@ sshkey_load_file(int fd, const char *filename, struct sshbuf *blob) | |||
| 142 | * otherwise. | 142 | * otherwise. |
| 143 | */ | 143 | */ |
| 144 | static int | 144 | static int |
| 145 | sshkey_load_public_rsa1(int fd, const char *filename, | 145 | sshkey_load_public_rsa1(int fd, struct sshkey **keyp, char **commentp) |
| 146 | struct sshkey **keyp, char **commentp) | ||
| 147 | { | 146 | { |
| 148 | struct sshbuf *b = NULL; | 147 | struct sshbuf *b = NULL; |
| 149 | int r; | 148 | int r; |
| @@ -154,7 +153,7 @@ sshkey_load_public_rsa1(int fd, const char *filename, | |||
| 154 | 153 | ||
| 155 | if ((b = sshbuf_new()) == NULL) | 154 | if ((b = sshbuf_new()) == NULL) |
| 156 | return SSH_ERR_ALLOC_FAIL; | 155 | return SSH_ERR_ALLOC_FAIL; |
| 157 | if ((r = sshkey_load_file(fd, filename, b)) != 0) | 156 | if ((r = sshkey_load_file(fd, b)) != 0) |
| 158 | goto out; | 157 | goto out; |
| 159 | if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0) | 158 | if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0) |
| 160 | goto out; | 159 | goto out; |
| @@ -165,33 +164,6 @@ sshkey_load_public_rsa1(int fd, const char *filename, | |||
| 165 | } | 164 | } |
| 166 | #endif /* WITH_SSH1 */ | 165 | #endif /* WITH_SSH1 */ |
| 167 | 166 | ||
| 168 | #ifdef WITH_OPENSSL | ||
| 169 | /* XXX Deprecate? */ | ||
| 170 | int | ||
| 171 | sshkey_load_private_pem(int fd, int type, const char *passphrase, | ||
| 172 | struct sshkey **keyp, char **commentp) | ||
| 173 | { | ||
| 174 | struct sshbuf *buffer = NULL; | ||
| 175 | int r; | ||
| 176 | |||
| 177 | *keyp = NULL; | ||
| 178 | if (commentp != NULL) | ||
| 179 | *commentp = NULL; | ||
| 180 | |||
| 181 | if ((buffer = sshbuf_new()) == NULL) | ||
| 182 | return SSH_ERR_ALLOC_FAIL; | ||
| 183 | if ((r = sshkey_load_file(fd, NULL, buffer)) != 0) | ||
| 184 | goto out; | ||
| 185 | if ((r = sshkey_parse_private_pem_fileblob(buffer, type, passphrase, | ||
| 186 | keyp, commentp)) != 0) | ||
| 187 | goto out; | ||
| 188 | r = 0; | ||
| 189 | out: | ||
| 190 | sshbuf_free(buffer); | ||
| 191 | return r; | ||
| 192 | } | ||
| 193 | #endif /* WITH_OPENSSL */ | ||
| 194 | |||
| 195 | /* XXX remove error() calls from here? */ | 167 | /* XXX remove error() calls from here? */ |
| 196 | int | 168 | int |
| 197 | sshkey_perm_ok(int fd, const char *filename) | 169 | sshkey_perm_ok(int fd, const char *filename) |
| @@ -227,7 +199,6 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase, | |||
| 227 | struct sshkey **keyp, char **commentp, int *perm_ok) | 199 | struct sshkey **keyp, char **commentp, int *perm_ok) |
| 228 | { | 200 | { |
| 229 | int fd, r; | 201 | int fd, r; |
| 230 | struct sshbuf *buffer = NULL; | ||
| 231 | 202 | ||
| 232 | *keyp = NULL; | 203 | *keyp = NULL; |
| 233 | if (commentp != NULL) | 204 | if (commentp != NULL) |
| @@ -247,18 +218,31 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase, | |||
| 247 | if (perm_ok != NULL) | 218 | if (perm_ok != NULL) |
| 248 | *perm_ok = 1; | 219 | *perm_ok = 1; |
| 249 | 220 | ||
| 221 | r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp); | ||
| 222 | out: | ||
| 223 | close(fd); | ||
| 224 | return r; | ||
| 225 | } | ||
| 226 | |||
| 227 | int | ||
| 228 | sshkey_load_private_type_fd(int fd, int type, const char *passphrase, | ||
| 229 | struct sshkey **keyp, char **commentp) | ||
| 230 | { | ||
| 231 | struct sshbuf *buffer = NULL; | ||
| 232 | int r; | ||
| 233 | |||
| 250 | if ((buffer = sshbuf_new()) == NULL) { | 234 | if ((buffer = sshbuf_new()) == NULL) { |
| 251 | r = SSH_ERR_ALLOC_FAIL; | 235 | r = SSH_ERR_ALLOC_FAIL; |
| 252 | goto out; | 236 | goto out; |
| 253 | } | 237 | } |
| 254 | if ((r = sshkey_load_file(fd, filename, buffer)) != 0) | 238 | if ((r = sshkey_load_file(fd, buffer)) != 0 || |
| 255 | goto out; | 239 | (r = sshkey_parse_private_fileblob_type(buffer, type, |
| 256 | if ((r = sshkey_parse_private_fileblob_type(buffer, type, passphrase, | 240 | passphrase, keyp, commentp)) != 0) |
| 257 | keyp, commentp)) != 0) | ||
| 258 | goto out; | 241 | goto out; |
| 242 | |||
| 243 | /* success */ | ||
| 259 | r = 0; | 244 | r = 0; |
| 260 | out: | 245 | out: |
| 261 | close(fd); | ||
| 262 | if (buffer != NULL) | 246 | if (buffer != NULL) |
| 263 | sshbuf_free(buffer); | 247 | sshbuf_free(buffer); |
| 264 | return r; | 248 | return r; |
| @@ -287,7 +271,7 @@ sshkey_load_private(const char *filename, const char *passphrase, | |||
| 287 | r = SSH_ERR_ALLOC_FAIL; | 271 | r = SSH_ERR_ALLOC_FAIL; |
| 288 | goto out; | 272 | goto out; |
| 289 | } | 273 | } |
| 290 | if ((r = sshkey_load_file(fd, filename, buffer)) != 0 || | 274 | if ((r = sshkey_load_file(fd, buffer)) != 0 || |
| 291 | (r = sshkey_parse_private_fileblob(buffer, passphrase, filename, | 275 | (r = sshkey_parse_private_fileblob(buffer, passphrase, filename, |
| 292 | keyp, commentp)) != 0) | 276 | keyp, commentp)) != 0) |
| 293 | goto out; | 277 | goto out; |
| @@ -363,7 +347,7 @@ sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) | |||
| 363 | goto skip; | 347 | goto skip; |
| 364 | #ifdef WITH_SSH1 | 348 | #ifdef WITH_SSH1 |
| 365 | /* try rsa1 private key */ | 349 | /* try rsa1 private key */ |
| 366 | r = sshkey_load_public_rsa1(fd, filename, keyp, commentp); | 350 | r = sshkey_load_public_rsa1(fd, keyp, commentp); |
| 367 | close(fd); | 351 | close(fd); |
| 368 | switch (r) { | 352 | switch (r) { |
| 369 | case SSH_ERR_INTERNAL_ERROR: | 353 | case SSH_ERR_INTERNAL_ERROR: |