summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--auth.c6
-rw-r--r--auth.h27
-rw-r--r--auth2-hostbased.c6
-rw-r--r--auth2-pubkey.c19
-rw-r--r--monitor.c6
-rw-r--r--monitor_wrap.c14
-rw-r--r--monitor_wrap.h14
-rw-r--r--ssh-pkcs11-client.c6
-rw-r--r--ssh-pkcs11-helper.c14
-rw-r--r--ssh.c10
-rw-r--r--sshconnect.c22
-rw-r--r--sshconnect.h12
-rw-r--r--sshconnect2.c14
-rw-r--r--sshd.c43
14 files changed, 110 insertions, 103 deletions
diff --git a/auth.c b/auth.c
index 8b2942956..fd8211505 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.c,v 1.120 2017/05/17 01:24:17 djm Exp $ */ 1/* $OpenBSD: auth.c,v 1.121 2017/05/30 08:52:19 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -428,7 +428,7 @@ authorized_principals_file(struct passwd *pw)
428 428
429/* return ok if key exists in sysfile or userfile */ 429/* return ok if key exists in sysfile or userfile */
430HostStatus 430HostStatus
431check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, 431check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
432 const char *sysfile, const char *userfile) 432 const char *sysfile, const char *userfile)
433{ 433{
434 char *user_hostfile; 434 char *user_hostfile;
@@ -695,7 +695,7 @@ getpwnamallow(const char *user)
695 695
696/* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */ 696/* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */
697int 697int
698auth_key_is_revoked(Key *key) 698auth_key_is_revoked(struct sshkey *key)
699{ 699{
700 char *fp = NULL; 700 char *fp = NULL;
701 int r; 701 int r;
diff --git a/auth.h b/auth.h
index 338a62da7..db80fd0c7 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.h,v 1.89 2016/08/13 17:47:41 markus Exp $ */ 1/* $OpenBSD: auth.h,v 1.90 2017/05/30 08:52:19 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -117,9 +117,10 @@ auth_rhosts2(struct passwd *, const char *, const char *, const char *);
117 117
118int auth_password(Authctxt *, const char *); 118int auth_password(Authctxt *, const char *);
119 119
120int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); 120int hostbased_key_allowed(struct passwd *, const char *, char *,
121int user_key_allowed(struct passwd *, Key *, int); 121 struct sshkey *);
122void pubkey_auth_info(Authctxt *, const Key *, const char *, ...) 122int user_key_allowed(struct passwd *, struct sshkey *, int);
123void pubkey_auth_info(Authctxt *, const struct sshkey *, const char *, ...)
123 __attribute__((__format__ (printf, 3, 4))); 124 __attribute__((__format__ (printf, 3, 4)));
124void auth2_record_userkey(Authctxt *, struct sshkey *); 125void auth2_record_userkey(Authctxt *, struct sshkey *);
125int auth2_userkey_already_used(Authctxt *, struct sshkey *); 126int auth2_userkey_already_used(Authctxt *, struct sshkey *);
@@ -182,22 +183,22 @@ char *authorized_principals_file(struct passwd *);
182 183
183FILE *auth_openkeyfile(const char *, struct passwd *, int); 184FILE *auth_openkeyfile(const char *, struct passwd *, int);
184FILE *auth_openprincipals(const char *, struct passwd *, int); 185FILE *auth_openprincipals(const char *, struct passwd *, int);
185int auth_key_is_revoked(Key *); 186int auth_key_is_revoked(struct sshkey *);
186 187
187const char *auth_get_canonical_hostname(struct ssh *, int); 188const char *auth_get_canonical_hostname(struct ssh *, int);
188 189
189HostStatus 190HostStatus
190check_key_in_hostfiles(struct passwd *, Key *, const char *, 191check_key_in_hostfiles(struct passwd *, struct sshkey *, const char *,
191 const char *, const char *); 192 const char *, const char *);
192 193
193/* hostkey handling */ 194/* hostkey handling */
194Key *get_hostkey_by_index(int); 195struct sshkey *get_hostkey_by_index(int);
195Key *get_hostkey_public_by_index(int, struct ssh *); 196struct sshkey *get_hostkey_public_by_index(int, struct ssh *);
196Key *get_hostkey_public_by_type(int, int, struct ssh *); 197struct sshkey *get_hostkey_public_by_type(int, int, struct ssh *);
197Key *get_hostkey_private_by_type(int, int, struct ssh *); 198struct sshkey *get_hostkey_private_by_type(int, int, struct ssh *);
198int get_hostkey_index(Key *, int, struct ssh *); 199int get_hostkey_index(struct sshkey *, int, struct ssh *);
199int sshd_hostkey_sign(Key *, Key *, u_char **, size_t *, 200int sshd_hostkey_sign(struct sshkey *, struct sshkey *, u_char **,
200 const u_char *, size_t, const char *, u_int); 201 size_t *, const u_char *, size_t, const char *, u_int);
201 202
202/* debug messages during authentication */ 203/* debug messages during authentication */
203void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); 204void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 1b3c3b202..92ac20d90 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-hostbased.c,v 1.26 2016/03/07 19:02:43 djm Exp $ */ 1/* $OpenBSD: auth2-hostbased.c,v 1.27 2017/05/30 08:52:19 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -59,7 +59,7 @@ static int
59userauth_hostbased(Authctxt *authctxt) 59userauth_hostbased(Authctxt *authctxt)
60{ 60{
61 Buffer b; 61 Buffer b;
62 Key *key = NULL; 62 struct sshkey *key = NULL;
63 char *pkalg, *cuser, *chost, *service; 63 char *pkalg, *cuser, *chost, *service;
64 u_char *pkblob, *sig; 64 u_char *pkblob, *sig;
65 u_int alen, blen, slen; 65 u_int alen, blen, slen;
@@ -158,7 +158,7 @@ done:
158/* return 1 if given hostkey is allowed */ 158/* return 1 if given hostkey is allowed */
159int 159int
160hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, 160hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
161 Key *key) 161 struct sshkey *key)
162{ 162{
163 struct ssh *ssh = active_state; /* XXX */ 163 struct ssh *ssh = active_state; /* XXX */
164 const char *resolvedname, *ipaddr, *lookup, *reason; 164 const char *resolvedname, *ipaddr, *lookup, *reason;
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 3e5706f4d..38940a6d9 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.62 2017/01/30 01:03:00 djm Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.63 2017/05/30 08:52:19 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -78,7 +78,7 @@ static int
78userauth_pubkey(Authctxt *authctxt) 78userauth_pubkey(Authctxt *authctxt)
79{ 79{
80 Buffer b; 80 Buffer b;
81 Key *key = NULL; 81 struct sshkey *key = NULL;
82 char *pkalg, *userstyle, *fp = NULL; 82 char *pkalg, *userstyle, *fp = NULL;
83 u_char *pkblob, *sig; 83 u_char *pkblob, *sig;
84 u_int alen, blen, slen; 84 u_int alen, blen, slen;
@@ -220,7 +220,8 @@ done:
220} 220}
221 221
222void 222void
223pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...) 223pubkey_auth_info(Authctxt *authctxt, const struct sshkey *key,
224 const char *fmt, ...)
224{ 225{
225 char *fp, *extra; 226 char *fp, *extra;
226 va_list ap; 227 va_list ap;
@@ -761,12 +762,12 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key)
761 * returns 1 if the key is allowed or 0 otherwise. 762 * returns 1 if the key is allowed or 0 otherwise.
762 */ 763 */
763static int 764static int
764check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) 765check_authkeys_file(FILE *f, char *file, struct sshkey* key, struct passwd *pw)
765{ 766{
766 char line[SSH_MAX_PUBKEY_BYTES]; 767 char line[SSH_MAX_PUBKEY_BYTES];
767 int found_key = 0; 768 int found_key = 0;
768 u_long linenum = 0; 769 u_long linenum = 0;
769 Key *found; 770 struct sshkey *found;
770 771
771 found_key = 0; 772 found_key = 0;
772 773
@@ -876,7 +877,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
876 877
877/* Authenticate a certificate key against TrustedUserCAKeys */ 878/* Authenticate a certificate key against TrustedUserCAKeys */
878static int 879static int
879user_cert_trusted_ca(struct passwd *pw, Key *key) 880user_cert_trusted_ca(struct passwd *pw, struct sshkey *key)
880{ 881{
881 char *ca_fp, *principals_file = NULL; 882 char *ca_fp, *principals_file = NULL;
882 const char *reason; 883 const char *reason;
@@ -942,7 +943,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
942 * returns 1 if the key is allowed or 0 otherwise. 943 * returns 1 if the key is allowed or 0 otherwise.
943 */ 944 */
944static int 945static int
945user_key_allowed2(struct passwd *pw, Key *key, char *file) 946user_key_allowed2(struct passwd *pw, struct sshkey *key, char *file)
946{ 947{
947 FILE *f; 948 FILE *f;
948 int found_key = 0; 949 int found_key = 0;
@@ -965,7 +966,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
965 * returns 1 if the key is allowed or 0 otherwise. 966 * returns 1 if the key is allowed or 0 otherwise.
966 */ 967 */
967static int 968static int
968user_key_command_allowed2(struct passwd *user_pw, Key *key) 969user_key_command_allowed2(struct passwd *user_pw, struct sshkey *key)
969{ 970{
970 FILE *f = NULL; 971 FILE *f = NULL;
971 int r, ok, found_key = 0; 972 int r, ok, found_key = 0;
@@ -1088,7 +1089,7 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key)
1088 * Check whether key authenticates and authorises the user. 1089 * Check whether key authenticates and authorises the user.
1089 */ 1090 */
1090int 1091int
1091user_key_allowed(struct passwd *pw, Key *key, int auth_attempt) 1092user_key_allowed(struct passwd *pw, struct sshkey *key, int auth_attempt)
1092{ 1093{
1093 u_int success, i; 1094 u_int success, i;
1094 char *file; 1095 char *file;
diff --git a/monitor.c b/monitor.c
index 96d22b7e4..cd4089398 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.167 2017/02/03 23:05:57 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.168 2017/05/30 08:52:19 markus Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1119,7 +1119,7 @@ mm_answer_pam_free_ctx(int sock, Buffer *m)
1119int 1119int
1120mm_answer_keyallowed(int sock, Buffer *m) 1120mm_answer_keyallowed(int sock, Buffer *m)
1121{ 1121{
1122 Key *key; 1122 struct sshkey *key;
1123 char *cuser, *chost; 1123 char *cuser, *chost;
1124 u_char *blob; 1124 u_char *blob;
1125 u_int bloblen, pubkey_auth_attempt; 1125 u_int bloblen, pubkey_auth_attempt;
@@ -1332,7 +1332,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
1332int 1332int
1333mm_answer_keyverify(int sock, Buffer *m) 1333mm_answer_keyverify(int sock, Buffer *m)
1334{ 1334{
1335 Key *key; 1335 struct sshkey *key;
1336 u_char *signature, *data, *blob; 1336 u_char *signature, *data, *blob;
1337 u_int signaturelen, datalen, bloblen; 1337 u_int signaturelen, datalen, bloblen;
1338 int verified = 0; 1338 int verified = 0;
diff --git a/monitor_wrap.c b/monitor_wrap.c
index f2eec5a77..0710a10b0 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.c,v 1.90 2017/05/17 01:24:17 djm Exp $ */ 1/* $OpenBSD: monitor_wrap.c,v 1.91 2017/05/30 08:52:19 markus Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -216,7 +216,7 @@ mm_choose_dh(int min, int nbits, int max)
216#endif 216#endif
217 217
218int 218int
219mm_key_sign(Key *key, u_char **sigp, u_int *lenp, 219mm_key_sign(struct sshkey *key, u_char **sigp, u_int *lenp,
220 const u_char *data, u_int datalen, const char *hostkey_alg) 220 const u_char *data, u_int datalen, const char *hostkey_alg)
221{ 221{
222 struct kex *kex = *pmonitor->m_pkex; 222 struct kex *kex = *pmonitor->m_pkex;
@@ -375,7 +375,8 @@ mm_auth_password(Authctxt *authctxt, char *password)
375} 375}
376 376
377int 377int
378mm_user_key_allowed(struct passwd *pw, Key *key, int pubkey_auth_attempt) 378mm_user_key_allowed(struct passwd *pw, struct sshkey *key,
379 int pubkey_auth_attempt)
379{ 380{
380 return (mm_key_allowed(MM_USERKEY, NULL, NULL, key, 381 return (mm_key_allowed(MM_USERKEY, NULL, NULL, key,
381 pubkey_auth_attempt)); 382 pubkey_auth_attempt));
@@ -383,14 +384,14 @@ mm_user_key_allowed(struct passwd *pw, Key *key, int pubkey_auth_attempt)
383 384
384int 385int
385mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host, 386mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host,
386 Key *key) 387 struct sshkey *key)
387{ 388{
388 return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0)); 389 return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0));
389} 390}
390 391
391int 392int
392mm_key_allowed(enum mm_keytype type, const char *user, const char *host, 393mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
393 Key *key, int pubkey_auth_attempt) 394 struct sshkey *key, int pubkey_auth_attempt)
394{ 395{
395 Buffer m; 396 Buffer m;
396 u_char *blob; 397 u_char *blob;
@@ -435,7 +436,8 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
435 */ 436 */
436 437
437int 438int
438mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) 439mm_key_verify(struct sshkey *key, u_char *sig, u_int siglen, u_char *data,
440 u_int datalen)
439{ 441{
440 Buffer m; 442 Buffer m;
441 u_char *blob; 443 u_char *blob;
diff --git a/monitor_wrap.h b/monitor_wrap.h
index db5902f55..a1552d0c9 100644
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.h,v 1.32 2016/09/28 16:33:07 djm Exp $ */ 1/* $OpenBSD: monitor_wrap.h,v 1.33 2017/05/30 08:52:19 markus Exp $ */
2 2
3/* 3/*
4 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 4 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -40,16 +40,18 @@ struct Authctxt;
40void mm_log_handler(LogLevel, const char *, void *); 40void mm_log_handler(LogLevel, const char *, void *);
41int mm_is_monitor(void); 41int mm_is_monitor(void);
42DH *mm_choose_dh(int, int, int); 42DH *mm_choose_dh(int, int, int);
43int mm_key_sign(Key *, u_char **, u_int *, const u_char *, u_int, const char *); 43int mm_key_sign(struct sshkey *, u_char **, u_int *, const u_char *, u_int,
44 const char *);
44void mm_inform_authserv(char *, char *); 45void mm_inform_authserv(char *, char *);
45struct passwd *mm_getpwnamallow(const char *); 46struct passwd *mm_getpwnamallow(const char *);
46char *mm_auth2_read_banner(void); 47char *mm_auth2_read_banner(void);
47int mm_auth_password(struct Authctxt *, char *); 48int mm_auth_password(struct Authctxt *, char *);
48int mm_key_allowed(enum mm_keytype, const char *, const char *, Key *, int); 49int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *,
49int mm_user_key_allowed(struct passwd *, Key *, int); 50 int);
51int mm_user_key_allowed(struct passwd *, struct sshkey *, int);
50int mm_hostbased_key_allowed(struct passwd *, const char *, 52int mm_hostbased_key_allowed(struct passwd *, const char *,
51 const char *, Key *); 53 const char *, struct sshkey *);
52int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int); 54int mm_key_verify(struct sshkey *, u_char *, u_int, u_char *, u_int);
53 55
54#ifdef GSSAPI 56#ifdef GSSAPI
55OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); 57OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
index fac0167e6..a79c87210 100644
--- a/ssh-pkcs11-client.c
+++ b/ssh-pkcs11-client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-pkcs11-client.c,v 1.6 2015/12/11 00:20:04 mmcc Exp $ */ 1/* $OpenBSD: ssh-pkcs11-client.c,v 1.7 2017/05/30 08:52:19 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2010 Markus Friedl. All rights reserved. 3 * Copyright (c) 2010 Markus Friedl. All rights reserved.
4 * 4 *
@@ -106,7 +106,7 @@ static int
106pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, 106pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
107 int padding) 107 int padding)
108{ 108{
109 Key key; 109 struct sshkey key; /* XXX */
110 u_char *blob, *signature = NULL; 110 u_char *blob, *signature = NULL;
111 u_int blen, slen = 0; 111 u_int blen, slen = 0;
112 int ret = -1; 112 int ret = -1;
@@ -186,7 +186,7 @@ pkcs11_start_helper(void)
186int 186int
187pkcs11_add_provider(char *name, char *pin, Key ***keysp) 187pkcs11_add_provider(char *name, char *pin, Key ***keysp)
188{ 188{
189 Key *k; 189 struct sshkey *k;
190 int i, nkeys; 190 int i, nkeys;
191 u_char *blob; 191 u_char *blob;
192 u_int blen; 192 u_int blen;
diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c
index 53f41c555..fd3039c14 100644
--- a/ssh-pkcs11-helper.c
+++ b/ssh-pkcs11-helper.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-pkcs11-helper.c,v 1.12 2016/02/15 09:47:49 dtucker Exp $ */ 1/* $OpenBSD: ssh-pkcs11-helper.c,v 1.13 2017/05/30 08:52:19 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2010 Markus Friedl. All rights reserved. 3 * Copyright (c) 2010 Markus Friedl. All rights reserved.
4 * 4 *
@@ -42,7 +42,7 @@
42/* borrows code from sftp-server and ssh-agent */ 42/* borrows code from sftp-server and ssh-agent */
43 43
44struct pkcs11_keyinfo { 44struct pkcs11_keyinfo {
45 Key *key; 45 struct sshkey *key;
46 char *providername; 46 char *providername;
47 TAILQ_ENTRY(pkcs11_keyinfo) next; 47 TAILQ_ENTRY(pkcs11_keyinfo) next;
48}; 48};
@@ -60,7 +60,7 @@ Buffer iqueue;
60Buffer oqueue; 60Buffer oqueue;
61 61
62static void 62static void
63add_key(Key *k, char *name) 63add_key(struct sshkey *k, char *name)
64{ 64{
65 struct pkcs11_keyinfo *ki; 65 struct pkcs11_keyinfo *ki;
66 66
@@ -87,8 +87,8 @@ del_keys_by_name(char *name)
87} 87}
88 88
89/* lookup matching 'private' key */ 89/* lookup matching 'private' key */
90static Key * 90static struct sshkey *
91lookup_key(Key *k) 91lookup_key(struct sshkey *k)
92{ 92{
93 struct pkcs11_keyinfo *ki; 93 struct pkcs11_keyinfo *ki;
94 94
@@ -114,7 +114,7 @@ static void
114process_add(void) 114process_add(void)
115{ 115{
116 char *name, *pin; 116 char *name, *pin;
117 Key **keys; 117 struct sshkey **keys;
118 int i, nkeys; 118 int i, nkeys;
119 u_char *blob; 119 u_char *blob;
120 u_int blen; 120 u_int blen;
@@ -170,7 +170,7 @@ process_sign(void)
170 u_char *blob, *data, *signature = NULL; 170 u_char *blob, *data, *signature = NULL;
171 u_int blen, dlen, slen = 0; 171 u_int blen, dlen, slen = 0;
172 int ok = -1; 172 int ok = -1;
173 Key *key, *found; 173 struct sshkey *key, *found;
174 Buffer msg; 174 Buffer msg;
175 175
176 blob = get_string(&blen); 176 blob = get_string(&blen);
diff --git a/ssh.c b/ssh.c
index 70631c24d..cfd6b70e5 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.459 2017/05/02 08:06:33 jmc Exp $ */ 1/* $OpenBSD: ssh.c,v 1.460 2017/05/30 08:52:19 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1278,7 +1278,7 @@ main(int ac, char **av)
1278 if (options.hostbased_authentication) { 1278 if (options.hostbased_authentication) {
1279 sensitive_data.nkeys = 9; 1279 sensitive_data.nkeys = 9;
1280 sensitive_data.keys = xcalloc(sensitive_data.nkeys, 1280 sensitive_data.keys = xcalloc(sensitive_data.nkeys,
1281 sizeof(Key)); 1281 sizeof(struct sshkey)); /* XXX */
1282 for (i = 0; i < sensitive_data.nkeys; i++) 1282 for (i = 0; i < sensitive_data.nkeys; i++)
1283 sensitive_data.keys[i] = NULL; 1283 sensitive_data.keys[i] = NULL;
1284 1284
@@ -1849,16 +1849,16 @@ load_public_identity_files(void)
1849{ 1849{
1850 char *filename, *cp, thishost[NI_MAXHOST]; 1850 char *filename, *cp, thishost[NI_MAXHOST];
1851 char *pwdir = NULL, *pwname = NULL; 1851 char *pwdir = NULL, *pwname = NULL;
1852 Key *public; 1852 struct sshkey *public;
1853 struct passwd *pw; 1853 struct passwd *pw;
1854 int i; 1854 int i;
1855 u_int n_ids, n_certs; 1855 u_int n_ids, n_certs;
1856 char *identity_files[SSH_MAX_IDENTITY_FILES]; 1856 char *identity_files[SSH_MAX_IDENTITY_FILES];
1857 Key *identity_keys[SSH_MAX_IDENTITY_FILES]; 1857 struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES];
1858 char *certificate_files[SSH_MAX_CERTIFICATE_FILES]; 1858 char *certificate_files[SSH_MAX_CERTIFICATE_FILES];
1859 struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES]; 1859 struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES];
1860#ifdef ENABLE_PKCS11 1860#ifdef ENABLE_PKCS11
1861 Key **keys; 1861 struct sshkey **keys;
1862 int nkeys; 1862 int nkeys;
1863#endif /* PKCS11 */ 1863#endif /* PKCS11 */
1864 1864
diff --git a/sshconnect.c b/sshconnect.c
index 0af5f55bc..af7307eb5 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.278 2017/05/01 02:27:11 djm Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.279 2017/05/30 08:52:19 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -67,7 +67,7 @@
67 67
68char *client_version_string = NULL; 68char *client_version_string = NULL;
69char *server_version_string = NULL; 69char *server_version_string = NULL;
70Key *previous_host_key = NULL; 70struct sshkey *previous_host_key = NULL;
71 71
72static int matching_host_key_dns = 0; 72static int matching_host_key_dns = 0;
73 73
@@ -79,8 +79,8 @@ extern char *__progname;
79extern uid_t original_real_uid; 79extern uid_t original_real_uid;
80extern uid_t original_effective_uid; 80extern uid_t original_effective_uid;
81 81
82static int show_other_keys(struct hostkeys *, Key *); 82static int show_other_keys(struct hostkeys *, struct sshkey *);
83static void warn_changed_key(Key *); 83static void warn_changed_key(struct sshkey *);
84 84
85/* Expand a proxy command */ 85/* Expand a proxy command */
86static char * 86static char *
@@ -667,7 +667,7 @@ confirm(const char *prompt)
667} 667}
668 668
669static int 669static int
670check_host_cert(const char *host, const Key *host_key) 670check_host_cert(const char *host, const struct sshkey *host_key)
671{ 671{
672 const char *reason; 672 const char *reason;
673 673
@@ -765,13 +765,13 @@ get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr,
765#define ROQUIET 2 765#define ROQUIET 2
766static int 766static int
767check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, 767check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
768 Key *host_key, int readonly, 768 struct sshkey *host_key, int readonly,
769 char **user_hostfiles, u_int num_user_hostfiles, 769 char **user_hostfiles, u_int num_user_hostfiles,
770 char **system_hostfiles, u_int num_system_hostfiles) 770 char **system_hostfiles, u_int num_system_hostfiles)
771{ 771{
772 HostStatus host_status; 772 HostStatus host_status;
773 HostStatus ip_status; 773 HostStatus ip_status;
774 Key *raw_key = NULL; 774 struct sshkey *raw_key = NULL;
775 char *ip = NULL, *host = NULL; 775 char *ip = NULL, *host = NULL;
776 char hostline[1000], *hostp, *fp, *ra; 776 char hostline[1000], *hostp, *fp, *ra;
777 char msg[1024]; 777 char msg[1024];
@@ -1196,7 +1196,7 @@ fail:
1196 1196
1197/* returns 0 if key verifies or -1 if key does NOT verify */ 1197/* returns 0 if key verifies or -1 if key does NOT verify */
1198int 1198int
1199verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) 1199verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key)
1200{ 1200{
1201 u_int i; 1201 u_int i;
1202 int r = -1, flags = 0; 1202 int r = -1, flags = 0;
@@ -1362,7 +1362,7 @@ ssh_put_password(char *password)
1362 1362
1363/* print all known host keys for a given host, but skip keys of given type */ 1363/* print all known host keys for a given host, but skip keys of given type */
1364static int 1364static int
1365show_other_keys(struct hostkeys *hostkeys, Key *key) 1365show_other_keys(struct hostkeys *hostkeys, struct sshkey *key)
1366{ 1366{
1367 int type[] = { 1367 int type[] = {
1368 KEY_RSA, 1368 KEY_RSA,
@@ -1402,7 +1402,7 @@ show_other_keys(struct hostkeys *hostkeys, Key *key)
1402} 1402}
1403 1403
1404static void 1404static void
1405warn_changed_key(Key *host_key) 1405warn_changed_key(struct sshkey *host_key)
1406{ 1406{
1407 char *fp; 1407 char *fp;
1408 1408
@@ -1465,7 +1465,7 @@ ssh_local_cmd(const char *args)
1465} 1465}
1466 1466
1467void 1467void
1468maybe_add_key_to_agent(char *authfile, Key *private, char *comment, 1468maybe_add_key_to_agent(char *authfile, struct sshkey *private, char *comment,
1469 char *passphrase) 1469 char *passphrase)
1470{ 1470{
1471 int auth_sock = -1, r; 1471 int auth_sock = -1, r;
diff --git a/sshconnect.h b/sshconnect.h
index cf1851a95..f4e73f7b1 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.h,v 1.29 2015/11/15 22:26:49 jcs Exp $ */ 1/* $OpenBSD: sshconnect.h,v 1.30 2017/05/30 08:52:19 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -26,9 +26,9 @@
26 26
27typedef struct Sensitive Sensitive; 27typedef struct Sensitive Sensitive;
28struct Sensitive { 28struct Sensitive {
29 Key **keys; 29 struct sshkey **keys;
30 int nkeys; 30 int nkeys;
31 int external_keysign; 31 int external_keysign;
32}; 32};
33 33
34struct addrinfo; 34struct addrinfo;
@@ -41,7 +41,7 @@ void ssh_login(Sensitive *, const char *, struct sockaddr *, u_short,
41 41
42void ssh_exchange_identification(int); 42void ssh_exchange_identification(int);
43 43
44int verify_host_key(char *, struct sockaddr *, Key *); 44int verify_host_key(char *, struct sockaddr *, struct sshkey *);
45 45
46void get_hostfile_hostname_ipaddr(char *, struct sockaddr *, u_short, 46void get_hostfile_hostname_ipaddr(char *, struct sockaddr *, u_short,
47 char **, char **); 47 char **, char **);
@@ -55,7 +55,7 @@ void ssh_userauth2(const char *, const char *, char *, Sensitive *);
55void ssh_put_password(char *); 55void ssh_put_password(char *);
56int ssh_local_cmd(const char *); 56int ssh_local_cmd(const char *);
57 57
58void maybe_add_key_to_agent(char *, Key *, char *, char *); 58void maybe_add_key_to_agent(char *, struct sshkey *, char *, char *);
59 59
60/* 60/*
61 * Macros to raise/lower permissions. 61 * Macros to raise/lower permissions.
diff --git a/sshconnect2.c b/sshconnect2.c
index 1b79253da..5193c9cea 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.258 2017/05/05 10:42:49 naddy Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.259 2017/05/30 08:52:20 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -93,7 +93,7 @@ char *xxx_host;
93struct sockaddr *xxx_hostaddr; 93struct sockaddr *xxx_hostaddr;
94 94
95static int 95static int
96verify_host_key_callback(Key *hostkey, struct ssh *ssh) 96verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh)
97{ 97{
98 if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1) 98 if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
99 fatal("Host key verification failed."); 99 fatal("Host key verification failed.");
@@ -319,7 +319,7 @@ static int sign_and_send_pubkey(Authctxt *, Identity *);
319static void pubkey_prepare(Authctxt *); 319static void pubkey_prepare(Authctxt *);
320static void pubkey_cleanup(Authctxt *); 320static void pubkey_cleanup(Authctxt *);
321static void pubkey_reset(Authctxt *); 321static void pubkey_reset(Authctxt *);
322static Key *load_identity_file(Identity *); 322static struct sshkey *load_identity_file(Identity *);
323 323
324static Authmethod *authmethod_get(char *authlist); 324static Authmethod *authmethod_get(char *authlist);
325static Authmethod *authmethod_lookup(const char *name); 325static Authmethod *authmethod_lookup(const char *name);
@@ -574,7 +574,7 @@ int
574input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) 574input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
575{ 575{
576 Authctxt *authctxt = ctxt; 576 Authctxt *authctxt = ctxt;
577 Key *key = NULL; 577 struct sshkey *key = NULL;
578 Identity *id = NULL; 578 Identity *id = NULL;
579 Buffer b; 579 Buffer b;
580 int pktype, sent = 0; 580 int pktype, sent = 0;
@@ -1015,7 +1015,7 @@ static int
1015identity_sign(struct identity *id, u_char **sigp, size_t *lenp, 1015identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
1016 const u_char *data, size_t datalen, u_int compat) 1016 const u_char *data, size_t datalen, u_int compat)
1017{ 1017{
1018 Key *prv; 1018 struct sshkey *prv;
1019 int ret; 1019 int ret;
1020 1020
1021 /* the agent supports this key */ 1021 /* the agent supports this key */
@@ -1225,10 +1225,10 @@ send_pubkey_test(Authctxt *authctxt, Identity *id)
1225 return 1; 1225 return 1;
1226} 1226}
1227 1227
1228static Key * 1228static struct sshkey *
1229load_identity_file(Identity *id) 1229load_identity_file(Identity *id)
1230{ 1230{
1231 Key *private = NULL; 1231 struct sshkey *private = NULL;
1232 char prompt[300], *passphrase, *comment; 1232 char prompt[300], *passphrase, *comment;
1233 int r, perm_ok = 0, quit = 0, i; 1233 int r, perm_ok = 0, quit = 0, i;
1234 struct stat st; 1234 struct stat st;
diff --git a/sshd.c b/sshd.c
index f128912b5..b01eb874c 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.487 2017/04/30 23:18:44 djm Exp $ */ 1/* $OpenBSD: sshd.c,v 1.488 2017/05/30 08:52:20 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -195,10 +195,10 @@ int have_agent = 0;
195 * not very useful. Currently, memory locking is not implemented. 195 * not very useful. Currently, memory locking is not implemented.
196 */ 196 */
197struct { 197struct {
198 Key **host_keys; /* all private host keys */ 198 struct sshkey **host_keys; /* all private host keys */
199 Key **host_pubkeys; /* all public host keys */ 199 struct sshkey **host_pubkeys; /* all public host keys */
200 Key **host_certificates; /* all public host certificates */ 200 struct sshkey **host_certificates; /* all public host certificates */
201 int have_ssh2_key; 201 int have_ssh2_key;
202} sensitive_data; 202} sensitive_data;
203 203
204/* This is set to true when a signal is received. */ 204/* This is set to true when a signal is received. */
@@ -486,7 +486,7 @@ destroy_sensitive_data(void)
486void 486void
487demote_sensitive_data(void) 487demote_sensitive_data(void)
488{ 488{
489 Key *tmp; 489 struct sshkey *tmp;
490 int i; 490 int i;
491 491
492 for (i = 0; i < options.num_host_key_files; i++) { 492 for (i = 0; i < options.num_host_key_files; i++) {
@@ -686,7 +686,7 @@ list_hostkey_types(void)
686 const char *p; 686 const char *p;
687 char *ret; 687 char *ret;
688 int i; 688 int i;
689 Key *key; 689 struct sshkey *key;
690 690
691 buffer_init(&b); 691 buffer_init(&b);
692 for (i = 0; i < options.num_host_key_files; i++) { 692 for (i = 0; i < options.num_host_key_files; i++) {
@@ -742,11 +742,11 @@ list_hostkey_types(void)
742 return ret; 742 return ret;
743} 743}
744 744
745static Key * 745static struct sshkey *
746get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh) 746get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh)
747{ 747{
748 int i; 748 int i;
749 Key *key; 749 struct sshkey *key;
750 750
751 for (i = 0; i < options.num_host_key_files; i++) { 751 for (i = 0; i < options.num_host_key_files; i++) {
752 switch (type) { 752 switch (type) {
@@ -770,19 +770,19 @@ get_hostkey_by_type(int type, int nid, int need_private, struct ssh *ssh)
770 return NULL; 770 return NULL;
771} 771}
772 772
773Key * 773struct sshkey *
774get_hostkey_public_by_type(int type, int nid, struct ssh *ssh) 774get_hostkey_public_by_type(int type, int nid, struct ssh *ssh)
775{ 775{
776 return get_hostkey_by_type(type, nid, 0, ssh); 776 return get_hostkey_by_type(type, nid, 0, ssh);
777} 777}
778 778
779Key * 779struct sshkey *
780get_hostkey_private_by_type(int type, int nid, struct ssh *ssh) 780get_hostkey_private_by_type(int type, int nid, struct ssh *ssh)
781{ 781{
782 return get_hostkey_by_type(type, nid, 1, ssh); 782 return get_hostkey_by_type(type, nid, 1, ssh);
783} 783}
784 784
785Key * 785struct sshkey *
786get_hostkey_by_index(int ind) 786get_hostkey_by_index(int ind)
787{ 787{
788 if (ind < 0 || ind >= options.num_host_key_files) 788 if (ind < 0 || ind >= options.num_host_key_files)
@@ -790,7 +790,7 @@ get_hostkey_by_index(int ind)
790 return (sensitive_data.host_keys[ind]); 790 return (sensitive_data.host_keys[ind]);
791} 791}
792 792
793Key * 793struct sshkey *
794get_hostkey_public_by_index(int ind, struct ssh *ssh) 794get_hostkey_public_by_index(int ind, struct ssh *ssh)
795{ 795{
796 if (ind < 0 || ind >= options.num_host_key_files) 796 if (ind < 0 || ind >= options.num_host_key_files)
@@ -799,7 +799,7 @@ get_hostkey_public_by_index(int ind, struct ssh *ssh)
799} 799}
800 800
801int 801int
802get_hostkey_index(Key *key, int compare, struct ssh *ssh) 802get_hostkey_index(struct sshkey *key, int compare, struct ssh *ssh)
803{ 803{
804 int i; 804 int i;
805 805
@@ -1366,8 +1366,8 @@ main(int ac, char **av)
1366 u_int n; 1366 u_int n;
1367 u_int64_t ibytes, obytes; 1367 u_int64_t ibytes, obytes;
1368 mode_t new_umask; 1368 mode_t new_umask;
1369 Key *key; 1369 struct sshkey *key;
1370 Key *pubkey; 1370 struct sshkey *pubkey;
1371 int keytype; 1371 int keytype;
1372 Authctxt *authctxt; 1372 Authctxt *authctxt;
1373 struct connection_info *connection_info = get_connection_info(0, 0); 1373 struct connection_info *connection_info = get_connection_info(0, 0);
@@ -1655,9 +1655,9 @@ main(int ac, char **av)
1655 1655
1656 /* load host keys */ 1656 /* load host keys */
1657 sensitive_data.host_keys = xcalloc(options.num_host_key_files, 1657 sensitive_data.host_keys = xcalloc(options.num_host_key_files,
1658 sizeof(Key *)); 1658 sizeof(struct sshkey *));
1659 sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files, 1659 sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files,
1660 sizeof(Key *)); 1660 sizeof(struct sshkey *));
1661 1661
1662 if (options.host_key_agent) { 1662 if (options.host_key_agent) {
1663 if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME)) 1663 if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME))
@@ -1721,7 +1721,7 @@ main(int ac, char **av)
1721 * indices to the public keys that they relate to. 1721 * indices to the public keys that they relate to.
1722 */ 1722 */
1723 sensitive_data.host_certificates = xcalloc(options.num_host_key_files, 1723 sensitive_data.host_certificates = xcalloc(options.num_host_key_files,
1724 sizeof(Key *)); 1724 sizeof(struct sshkey *));
1725 for (i = 0; i < options.num_host_key_files; i++) 1725 for (i = 0; i < options.num_host_key_files; i++)
1726 sensitive_data.host_certificates[i] = NULL; 1726 sensitive_data.host_certificates[i] = NULL;
1727 1727
@@ -2109,8 +2109,9 @@ main(int ac, char **av)
2109} 2109}
2110 2110
2111int 2111int
2112sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, size_t *slen, 2112sshd_hostkey_sign(struct sshkey *privkey, struct sshkey *pubkey,
2113 const u_char *data, size_t dlen, const char *alg, u_int flag) 2113 u_char **signature, size_t *slen, const u_char *data, size_t dlen,
2114 const char *alg, u_int flag)
2114{ 2115{
2115 int r; 2116 int r;
2116 u_int xxx_slen, xxx_dlen = dlen; 2117 u_int xxx_slen, xxx_dlen = dlen;