diff options
author | Colin Watson <cjwatson@debian.org> | 2010-08-23 22:56:08 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-08-23 22:56:08 +0100 |
commit | 31e30b835fd9695d3b6647cab4867001b092e28f (patch) | |
tree | 138e715c25661825457c7280cd66e3f4853d474c /authfile.c | |
parent | 78eedc2c60ff4718200f9271d8ee4f437da3a0c5 (diff) | |
parent | 43094ebf14c9b16f1ea398bc5b65a7335e947288 (diff) |
merge 5.6p1
Diffstat (limited to 'authfile.c')
-rw-r--r-- | authfile.c | 62 |
1 files changed, 61 insertions, 1 deletions
diff --git a/authfile.c b/authfile.c index 224c6aa80..2bd887845 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfile.c,v 1.80 2010/03/04 10:36:03 djm Exp $ */ | 1 | /* $OpenBSD: authfile.c,v 1.82 2010/08/04 05:49:22 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -693,6 +693,66 @@ key_load_public(const char *filename, char **commentp) | |||
693 | return NULL; | 693 | return NULL; |
694 | } | 694 | } |
695 | 695 | ||
696 | /* Load the certificate associated with the named private key */ | ||
697 | Key * | ||
698 | key_load_cert(const char *filename) | ||
699 | { | ||
700 | Key *pub; | ||
701 | char *file; | ||
702 | |||
703 | pub = key_new(KEY_UNSPEC); | ||
704 | xasprintf(&file, "%s-cert.pub", filename); | ||
705 | if (key_try_load_public(pub, file, NULL) == 1) { | ||
706 | xfree(file); | ||
707 | return pub; | ||
708 | } | ||
709 | xfree(file); | ||
710 | key_free(pub); | ||
711 | return NULL; | ||
712 | } | ||
713 | |||
714 | /* Load private key and certificate */ | ||
715 | Key * | ||
716 | key_load_private_cert(int type, const char *filename, const char *passphrase, | ||
717 | int *perm_ok) | ||
718 | { | ||
719 | Key *key, *pub; | ||
720 | |||
721 | switch (type) { | ||
722 | case KEY_RSA: | ||
723 | case KEY_DSA: | ||
724 | break; | ||
725 | default: | ||
726 | error("%s: unsupported key type", __func__); | ||
727 | return NULL; | ||
728 | } | ||
729 | |||
730 | if ((key = key_load_private_type(type, filename, | ||
731 | passphrase, NULL, perm_ok)) == NULL) | ||
732 | return NULL; | ||
733 | |||
734 | if ((pub = key_load_cert(filename)) == NULL) { | ||
735 | key_free(key); | ||
736 | return NULL; | ||
737 | } | ||
738 | |||
739 | /* Make sure the private key matches the certificate */ | ||
740 | if (key_equal_public(key, pub) == 0) { | ||
741 | error("%s: certificate does not match private key %s", | ||
742 | __func__, filename); | ||
743 | } else if (key_to_certified(key, key_cert_is_legacy(pub)) != 0) { | ||
744 | error("%s: key_to_certified failed", __func__); | ||
745 | } else { | ||
746 | key_cert_copy(pub, key); | ||
747 | key_free(pub); | ||
748 | return key; | ||
749 | } | ||
750 | |||
751 | key_free(key); | ||
752 | key_free(pub); | ||
753 | return NULL; | ||
754 | } | ||
755 | |||
696 | /* | 756 | /* |
697 | * Returns 1 if the specified "key" is listed in the file "filename", | 757 | * Returns 1 if the specified "key" is listed in the file "filename", |
698 | * 0 if the key is not listed or -1 on error. | 758 | * 0 if the key is not listed or -1 on error. |