upstream commit

deprecate key_load_private_pem() and
 sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
 not require pathnames to be specified (they weren't really used).

Fixes a few other things en passant:

Makes ed25519 keys work for hostbased authentication (ssh-keysign
previously used the PEM-only routines).

Fixes key comment regression bz#2306: key pathnames were being lost as
comment fields.

ok markus@

1 files changed, 2 insertions, 23 deletions

diff --git a/key.c b/key.c
index b821d9e1d..37eb67634 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.124 2014/12/21 22:27:56 djm Exp $ */
+/* $OpenBSD: key.c,v 1.125 2015/01/08 10:14:08 djm Exp $ */
 /*
  * placed in the public domain
  */
@@ -328,7 +328,7 @@ key_load_file(int fd, const char *filename, struct sshbuf *blob)
 {
         int r;
 
-        if ((r = sshkey_load_file(fd, filename, blob)) != 0) {
+        if ((r = sshkey_load_file(fd, blob)) != 0) {
                 fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
                 error("%s: %s", __func__, ssh_err(r));
                 return 0;
@@ -435,27 +435,6 @@ key_load_private_type(int type, const char *filename, const char *passphrase,
         return ret;
 }
 
-#ifdef WITH_OPENSSL
-Key *
-key_load_private_pem(int fd, int type, const char *passphrase,
-    char **commentp)
-{
-        int r;
-        Key *ret = NULL;
-
-        if ((r = sshkey_load_private_pem(fd, type, passphrase,
-             &ret, commentp)) != 0) {
-                fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
-                if (r == SSH_ERR_KEY_WRONG_PASSPHRASE)
-                        debug("%s: %s", __func__, ssh_err(r));
-                else
-                        error("%s: %s", __func__, ssh_err(r));
-                return NULL;
-        }
-        return ret;
-}
-#endif /* WITH_OPENSSL */
-
 int
 key_perm_ok(int fd, const char *filename)
 {