- djm@cvs.openbsd.org 2014/06/24 01:13:21

     [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
     [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
     [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
     [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
     [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
     [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
     [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
     [sshconnect2.c sshd.c sshkey.c sshkey.h
     [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
     New key API: refactor key-related functions to be more library-like,
     existing API is offered as a set of wrappers.

     with and ok markus@

     Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
     Dempsky and Ron Bowes for a detailed review a few months ago.

     NB. This commit also removes portable OpenSSH support for OpenSSL
     <0.9.8e.

1 files changed, 17 insertions, 7 deletions

diff --git a/ssh-add.c b/ssh-add.c
index 3421452af..46b91cbde 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.109 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.110 2014/06/24 01:13:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -62,6 +62,7 @@
 #include "authfile.h"
 #include "pathnames.h"
 #include "misc.h"
+#include "ssherr.h"
 
 /* argv0 */
 extern char *__progname;
@@ -170,7 +171,7 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only)
         Key *private, *cert;
         char *comment = NULL;
         char msg[1024], *certpath = NULL;
-        int fd, perms_ok, ret = -1;
+        int r, fd, perms_ok, ret = -1;
         Buffer keyblob;
 
         if (strcmp(filename, "-") == 0) {
@@ -201,12 +202,18 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only)
         close(fd);
 
         /* At first, try empty passphrase */
-        private = key_parse_private(&keyblob, filename, "", &comment);
+        if ((r = sshkey_parse_private_fileblob(&keyblob, filename, "",
+            &private, &comment)) != 0 && r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+                        fatal("Cannot parse %s: %s", filename, ssh_err(r));
         if (comment == NULL)
                 comment = xstrdup(filename);
         /* try last */
-        if (private == NULL && pass != NULL)
-                private = key_parse_private(&keyblob, filename, pass, NULL);
+        if (private == NULL && pass != NULL) {
+                if ((r = sshkey_parse_private_fileblob(&keyblob, filename, pass,
+                    &private, &comment)) != 0 &&
+                    r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+                        fatal("Cannot parse %s: %s", filename, ssh_err(r));
+        }
         if (private == NULL) {
                 /* clear passphrase since it did not work */
                 clear_pass();
@@ -220,8 +227,11 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only)
                                 buffer_free(&keyblob);
                                 return -1;
                         }
-                        private = key_parse_private(&keyblob, filename, pass,
-                            &comment);
+                        if ((r = sshkey_parse_private_fileblob(&keyblob,
+                             filename, pass, &private, &comment)) != 0 &&
+                            r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+                                fatal("Cannot parse %s: %s",
+                                            filename, ssh_err(r));
                         if (private != NULL)
                                 break;
                         clear_pass();