diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-01-08 10:14:08 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-01-09 00:17:12 +1100 |
commit | 1195f4cb07ef4b0405c839293c38600b3e9bdb46 (patch) | |
tree | bee2cbc3442638bf18a2905608787a0c62b8994b /authfile.c | |
parent | febbe09e4e9aff579b0c5cc1623f756862e4757d (diff) |
upstream commit
deprecate key_load_private_pem() and
sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign
previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as
comment fields.
ok markus@
Diffstat (limited to 'authfile.c')
-rw-r--r-- | authfile.c | 64 |
1 files changed, 24 insertions, 40 deletions
diff --git a/authfile.c b/authfile.c index 95877e159..de9708607 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfile.c,v 1.108 2014/12/04 02:24:32 djm Exp $ */ | 1 | /* $OpenBSD: authfile.c,v 1.109 2015/01/08 10:14:08 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -95,7 +95,7 @@ sshkey_save_private(struct sshkey *key, const char *filename, | |||
95 | 95 | ||
96 | /* Load a key from a fd into a buffer */ | 96 | /* Load a key from a fd into a buffer */ |
97 | int | 97 | int |
98 | sshkey_load_file(int fd, const char *filename, struct sshbuf *blob) | 98 | sshkey_load_file(int fd, struct sshbuf *blob) |
99 | { | 99 | { |
100 | u_char buf[1024]; | 100 | u_char buf[1024]; |
101 | size_t len; | 101 | size_t len; |
@@ -142,8 +142,7 @@ sshkey_load_file(int fd, const char *filename, struct sshbuf *blob) | |||
142 | * otherwise. | 142 | * otherwise. |
143 | */ | 143 | */ |
144 | static int | 144 | static int |
145 | sshkey_load_public_rsa1(int fd, const char *filename, | 145 | sshkey_load_public_rsa1(int fd, struct sshkey **keyp, char **commentp) |
146 | struct sshkey **keyp, char **commentp) | ||
147 | { | 146 | { |
148 | struct sshbuf *b = NULL; | 147 | struct sshbuf *b = NULL; |
149 | int r; | 148 | int r; |
@@ -154,7 +153,7 @@ sshkey_load_public_rsa1(int fd, const char *filename, | |||
154 | 153 | ||
155 | if ((b = sshbuf_new()) == NULL) | 154 | if ((b = sshbuf_new()) == NULL) |
156 | return SSH_ERR_ALLOC_FAIL; | 155 | return SSH_ERR_ALLOC_FAIL; |
157 | if ((r = sshkey_load_file(fd, filename, b)) != 0) | 156 | if ((r = sshkey_load_file(fd, b)) != 0) |
158 | goto out; | 157 | goto out; |
159 | if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0) | 158 | if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0) |
160 | goto out; | 159 | goto out; |
@@ -165,33 +164,6 @@ sshkey_load_public_rsa1(int fd, const char *filename, | |||
165 | } | 164 | } |
166 | #endif /* WITH_SSH1 */ | 165 | #endif /* WITH_SSH1 */ |
167 | 166 | ||
168 | #ifdef WITH_OPENSSL | ||
169 | /* XXX Deprecate? */ | ||
170 | int | ||
171 | sshkey_load_private_pem(int fd, int type, const char *passphrase, | ||
172 | struct sshkey **keyp, char **commentp) | ||
173 | { | ||
174 | struct sshbuf *buffer = NULL; | ||
175 | int r; | ||
176 | |||
177 | *keyp = NULL; | ||
178 | if (commentp != NULL) | ||
179 | *commentp = NULL; | ||
180 | |||
181 | if ((buffer = sshbuf_new()) == NULL) | ||
182 | return SSH_ERR_ALLOC_FAIL; | ||
183 | if ((r = sshkey_load_file(fd, NULL, buffer)) != 0) | ||
184 | goto out; | ||
185 | if ((r = sshkey_parse_private_pem_fileblob(buffer, type, passphrase, | ||
186 | keyp, commentp)) != 0) | ||
187 | goto out; | ||
188 | r = 0; | ||
189 | out: | ||
190 | sshbuf_free(buffer); | ||
191 | return r; | ||
192 | } | ||
193 | #endif /* WITH_OPENSSL */ | ||
194 | |||
195 | /* XXX remove error() calls from here? */ | 167 | /* XXX remove error() calls from here? */ |
196 | int | 168 | int |
197 | sshkey_perm_ok(int fd, const char *filename) | 169 | sshkey_perm_ok(int fd, const char *filename) |
@@ -227,7 +199,6 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase, | |||
227 | struct sshkey **keyp, char **commentp, int *perm_ok) | 199 | struct sshkey **keyp, char **commentp, int *perm_ok) |
228 | { | 200 | { |
229 | int fd, r; | 201 | int fd, r; |
230 | struct sshbuf *buffer = NULL; | ||
231 | 202 | ||
232 | *keyp = NULL; | 203 | *keyp = NULL; |
233 | if (commentp != NULL) | 204 | if (commentp != NULL) |
@@ -247,18 +218,31 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase, | |||
247 | if (perm_ok != NULL) | 218 | if (perm_ok != NULL) |
248 | *perm_ok = 1; | 219 | *perm_ok = 1; |
249 | 220 | ||
221 | r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp); | ||
222 | out: | ||
223 | close(fd); | ||
224 | return r; | ||
225 | } | ||
226 | |||
227 | int | ||
228 | sshkey_load_private_type_fd(int fd, int type, const char *passphrase, | ||
229 | struct sshkey **keyp, char **commentp) | ||
230 | { | ||
231 | struct sshbuf *buffer = NULL; | ||
232 | int r; | ||
233 | |||
250 | if ((buffer = sshbuf_new()) == NULL) { | 234 | if ((buffer = sshbuf_new()) == NULL) { |
251 | r = SSH_ERR_ALLOC_FAIL; | 235 | r = SSH_ERR_ALLOC_FAIL; |
252 | goto out; | 236 | goto out; |
253 | } | 237 | } |
254 | if ((r = sshkey_load_file(fd, filename, buffer)) != 0) | 238 | if ((r = sshkey_load_file(fd, buffer)) != 0 || |
255 | goto out; | 239 | (r = sshkey_parse_private_fileblob_type(buffer, type, |
256 | if ((r = sshkey_parse_private_fileblob_type(buffer, type, passphrase, | 240 | passphrase, keyp, commentp)) != 0) |
257 | keyp, commentp)) != 0) | ||
258 | goto out; | 241 | goto out; |
242 | |||
243 | /* success */ | ||
259 | r = 0; | 244 | r = 0; |
260 | out: | 245 | out: |
261 | close(fd); | ||
262 | if (buffer != NULL) | 246 | if (buffer != NULL) |
263 | sshbuf_free(buffer); | 247 | sshbuf_free(buffer); |
264 | return r; | 248 | return r; |
@@ -287,7 +271,7 @@ sshkey_load_private(const char *filename, const char *passphrase, | |||
287 | r = SSH_ERR_ALLOC_FAIL; | 271 | r = SSH_ERR_ALLOC_FAIL; |
288 | goto out; | 272 | goto out; |
289 | } | 273 | } |
290 | if ((r = sshkey_load_file(fd, filename, buffer)) != 0 || | 274 | if ((r = sshkey_load_file(fd, buffer)) != 0 || |
291 | (r = sshkey_parse_private_fileblob(buffer, passphrase, filename, | 275 | (r = sshkey_parse_private_fileblob(buffer, passphrase, filename, |
292 | keyp, commentp)) != 0) | 276 | keyp, commentp)) != 0) |
293 | goto out; | 277 | goto out; |
@@ -363,7 +347,7 @@ sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) | |||
363 | goto skip; | 347 | goto skip; |
364 | #ifdef WITH_SSH1 | 348 | #ifdef WITH_SSH1 |
365 | /* try rsa1 private key */ | 349 | /* try rsa1 private key */ |
366 | r = sshkey_load_public_rsa1(fd, filename, keyp, commentp); | 350 | r = sshkey_load_public_rsa1(fd, keyp, commentp); |
367 | close(fd); | 351 | close(fd); |
368 | switch (r) { | 352 | switch (r) { |
369 | case SSH_ERR_INTERNAL_ERROR: | 353 | case SSH_ERR_INTERNAL_ERROR: |