diff options
-rw-r--r-- | krl.c | 17 | ||||
-rw-r--r-- | sshkey.c | 110 | ||||
-rw-r--r-- | sshkey.h | 9 |
3 files changed, 86 insertions, 50 deletions
@@ -14,7 +14,7 @@ | |||
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
15 | */ | 15 | */ |
16 | 16 | ||
17 | /* $OpenBSD: krl.c,v 1.29 2015/01/20 23:14:00 deraadt Exp $ */ | 17 | /* $OpenBSD: krl.c,v 1.30 2015/01/26 02:59:11 djm Exp $ */ |
18 | 18 | ||
19 | #include "includes.h" | 19 | #include "includes.h" |
20 | 20 | ||
@@ -555,13 +555,10 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf) | |||
555 | return SSH_ERR_ALLOC_FAIL; | 555 | return SSH_ERR_ALLOC_FAIL; |
556 | 556 | ||
557 | /* Store the header: CA scope key, reserved */ | 557 | /* Store the header: CA scope key, reserved */ |
558 | if ((r = sshkey_to_blob_buf(rc->ca_key, sect)) != 0 || | 558 | if ((r = sshkey_puts(rc->ca_key, buf)) != 0 || |
559 | (r = sshbuf_put_stringb(buf, sect)) != 0 || | ||
560 | (r = sshbuf_put_string(buf, NULL, 0)) != 0) | 559 | (r = sshbuf_put_string(buf, NULL, 0)) != 0) |
561 | goto out; | 560 | goto out; |
562 | 561 | ||
563 | sshbuf_reset(sect); | ||
564 | |||
565 | /* Store the revoked serials. */ | 562 | /* Store the revoked serials. */ |
566 | for (rs = RB_MIN(revoked_serial_tree, &rc->revoked_serials); | 563 | for (rs = RB_MIN(revoked_serial_tree, &rc->revoked_serials); |
567 | rs != NULL; | 564 | rs != NULL; |
@@ -759,14 +756,10 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, | |||
759 | } | 756 | } |
760 | 757 | ||
761 | for (i = 0; i < nsign_keys; i++) { | 758 | for (i = 0; i < nsign_keys; i++) { |
762 | sshbuf_reset(sect); | 759 | KRL_DBG(("%s: signature key %s", __func__, |
763 | if ((r = sshkey_to_blob_buf(sign_keys[i], sect)) != 0) | 760 | sshkey_ssh_name(sign_keys[i]))); |
764 | goto out; | ||
765 | |||
766 | KRL_DBG(("%s: signature key len %zu", __func__, | ||
767 | sshbuf_len(sect))); | ||
768 | if ((r = sshbuf_put_u8(buf, KRL_SECTION_SIGNATURE)) != 0 || | 761 | if ((r = sshbuf_put_u8(buf, KRL_SECTION_SIGNATURE)) != 0 || |
769 | (r = sshbuf_put_stringb(buf, sect)) != 0) | 762 | (r = sshkey_puts(sign_keys[i], buf)) != 0) |
770 | goto out; | 763 | goto out; |
771 | 764 | ||
772 | if ((r = sshkey_sign(sign_keys[i], &sblob, &slen, | 765 | if ((r = sshkey_sign(sign_keys[i], &sblob, &slen, |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey.c,v 1.13 2015/01/16 06:40:12 deraadt Exp $ */ | 1 | /* $OpenBSD: sshkey.c,v 1.14 2015/01/26 02:59:11 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. | 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. |
@@ -73,7 +73,7 @@ | |||
73 | /* Version identification string for SSH v1 identity files. */ | 73 | /* Version identification string for SSH v1 identity files. */ |
74 | #define LEGACY_BEGIN "SSH PRIVATE KEY FILE FORMAT 1.1\n" | 74 | #define LEGACY_BEGIN "SSH PRIVATE KEY FILE FORMAT 1.1\n" |
75 | 75 | ||
76 | static int sshkey_from_blob_internal(const u_char *blob, size_t blen, | 76 | static int sshkey_from_blob_internal(struct sshbuf *buf, |
77 | struct sshkey **keyp, int allow_cert); | 77 | struct sshkey **keyp, int allow_cert); |
78 | 78 | ||
79 | /* Supported key types */ | 79 | /* Supported key types */ |
@@ -824,13 +824,28 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain) | |||
824 | } | 824 | } |
825 | 825 | ||
826 | int | 826 | int |
827 | sshkey_to_blob_buf(const struct sshkey *key, struct sshbuf *b) | 827 | sshkey_putb(const struct sshkey *key, struct sshbuf *b) |
828 | { | 828 | { |
829 | return to_blob_buf(key, b, 0); | 829 | return to_blob_buf(key, b, 0); |
830 | } | 830 | } |
831 | 831 | ||
832 | int | 832 | int |
833 | sshkey_plain_to_blob_buf(const struct sshkey *key, struct sshbuf *b) | 833 | sshkey_puts(const struct sshkey *key, struct sshbuf *b) |
834 | { | ||
835 | struct sshbuf *tmp; | ||
836 | int r; | ||
837 | |||
838 | if ((tmp = sshbuf_new()) == NULL) | ||
839 | return SSH_ERR_ALLOC_FAIL; | ||
840 | r = to_blob_buf(key, tmp, 0); | ||
841 | if (r == 0) | ||
842 | r = sshbuf_put_stringb(b, tmp); | ||
843 | sshbuf_free(tmp); | ||
844 | return r; | ||
845 | } | ||
846 | |||
847 | int | ||
848 | sshkey_putb_plain(const struct sshkey *key, struct sshbuf *b) | ||
834 | { | 849 | { |
835 | return to_blob_buf(key, b, 1); | 850 | return to_blob_buf(key, b, 1); |
836 | } | 851 | } |
@@ -1450,7 +1465,7 @@ sshkey_write(const struct sshkey *key, FILE *f) | |||
1450 | ret = SSH_ERR_ALLOC_FAIL; | 1465 | ret = SSH_ERR_ALLOC_FAIL; |
1451 | goto out; | 1466 | goto out; |
1452 | } | 1467 | } |
1453 | if ((ret = sshkey_to_blob_buf(key, bb)) != 0) | 1468 | if ((ret = sshkey_putb(key, bb)) != 0) |
1454 | goto out; | 1469 | goto out; |
1455 | if ((uu = sshbuf_dtob64(bb)) == NULL) { | 1470 | if ((uu = sshbuf_dtob64(bb)) == NULL) { |
1456 | ret = SSH_ERR_ALLOC_FAIL; | 1471 | ret = SSH_ERR_ALLOC_FAIL; |
@@ -1827,17 +1842,17 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) | |||
1827 | } | 1842 | } |
1828 | 1843 | ||
1829 | static int | 1844 | static int |
1830 | cert_parse(struct sshbuf *b, struct sshkey *key, const u_char *blob, | 1845 | cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf) |
1831 | size_t blen) | ||
1832 | { | 1846 | { |
1833 | struct sshbuf *principals = NULL, *crit = NULL, *exts = NULL; | 1847 | struct sshbuf *principals = NULL, *crit = NULL; |
1834 | u_char *sig_key = NULL, *sig = NULL; | 1848 | struct sshbuf *exts = NULL, *ca = NULL; |
1835 | size_t signed_len = 0, sklen = 0, slen = 0, kidlen = 0; | 1849 | u_char *sig = NULL; |
1850 | size_t signed_len = 0, slen = 0, kidlen = 0; | ||
1836 | int ret = SSH_ERR_INTERNAL_ERROR; | 1851 | int ret = SSH_ERR_INTERNAL_ERROR; |
1837 | int v00 = sshkey_cert_is_legacy(key); | 1852 | int v00 = sshkey_cert_is_legacy(key); |
1838 | 1853 | ||
1839 | /* Copy the entire key blob for verification and later serialisation */ | 1854 | /* Copy the entire key blob for verification and later serialisation */ |
1840 | if ((ret = sshbuf_put(key->cert->certblob, blob, blen)) != 0) | 1855 | if ((ret = sshbuf_putb(key->cert->certblob, certbuf)) != 0) |
1841 | return ret; | 1856 | return ret; |
1842 | 1857 | ||
1843 | if ((!v00 && (ret = sshbuf_get_u64(b, &key->cert->serial)) != 0) || | 1858 | if ((!v00 && (ret = sshbuf_get_u64(b, &key->cert->serial)) != 0) || |
@@ -1850,7 +1865,7 @@ cert_parse(struct sshbuf *b, struct sshkey *key, const u_char *blob, | |||
1850 | (!v00 && (ret = sshbuf_froms(b, &exts)) != 0) || | 1865 | (!v00 && (ret = sshbuf_froms(b, &exts)) != 0) || |
1851 | (v00 && (ret = sshbuf_get_string_direct(b, NULL, NULL)) != 0) || | 1866 | (v00 && (ret = sshbuf_get_string_direct(b, NULL, NULL)) != 0) || |
1852 | (ret = sshbuf_get_string_direct(b, NULL, NULL)) != 0 || | 1867 | (ret = sshbuf_get_string_direct(b, NULL, NULL)) != 0 || |
1853 | (ret = sshbuf_get_string(b, &sig_key, &sklen)) != 0) { | 1868 | (ret = sshbuf_froms(b, &ca)) != 0) { |
1854 | /* XXX debug print error for ret */ | 1869 | /* XXX debug print error for ret */ |
1855 | ret = SSH_ERR_INVALID_FORMAT; | 1870 | ret = SSH_ERR_INVALID_FORMAT; |
1856 | goto out; | 1871 | goto out; |
@@ -1928,8 +1943,7 @@ cert_parse(struct sshbuf *b, struct sshkey *key, const u_char *blob, | |||
1928 | } | 1943 | } |
1929 | 1944 | ||
1930 | /* Parse CA key and check signature */ | 1945 | /* Parse CA key and check signature */ |
1931 | if (sshkey_from_blob_internal(sig_key, sklen, | 1946 | if (sshkey_from_blob_internal(ca, &key->cert->signature_key, 0) != 0) { |
1932 | &key->cert->signature_key, 0) != 0) { | ||
1933 | ret = SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; | 1947 | ret = SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; |
1934 | goto out; | 1948 | goto out; |
1935 | } | 1949 | } |
@@ -1944,34 +1958,36 @@ cert_parse(struct sshbuf *b, struct sshkey *key, const u_char *blob, | |||
1944 | /* Success */ | 1958 | /* Success */ |
1945 | ret = 0; | 1959 | ret = 0; |
1946 | out: | 1960 | out: |
1961 | sshbuf_free(ca); | ||
1947 | sshbuf_free(crit); | 1962 | sshbuf_free(crit); |
1948 | sshbuf_free(exts); | 1963 | sshbuf_free(exts); |
1949 | sshbuf_free(principals); | 1964 | sshbuf_free(principals); |
1950 | free(sig_key); | ||
1951 | free(sig); | 1965 | free(sig); |
1952 | return ret; | 1966 | return ret; |
1953 | } | 1967 | } |
1954 | 1968 | ||
1955 | static int | 1969 | static int |
1956 | sshkey_from_blob_internal(const u_char *blob, size_t blen, | 1970 | sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, |
1957 | struct sshkey **keyp, int allow_cert) | 1971 | int allow_cert) |
1958 | { | 1972 | { |
1959 | struct sshbuf *b = NULL; | ||
1960 | int type, ret = SSH_ERR_INTERNAL_ERROR; | 1973 | int type, ret = SSH_ERR_INTERNAL_ERROR; |
1961 | char *ktype = NULL, *curve = NULL; | 1974 | char *ktype = NULL, *curve = NULL; |
1962 | struct sshkey *key = NULL; | 1975 | struct sshkey *key = NULL; |
1963 | size_t len; | 1976 | size_t len; |
1964 | u_char *pk = NULL; | 1977 | u_char *pk = NULL; |
1978 | struct sshbuf *copy; | ||
1965 | #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) | 1979 | #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) |
1966 | EC_POINT *q = NULL; | 1980 | EC_POINT *q = NULL; |
1967 | #endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ | 1981 | #endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ |
1968 | 1982 | ||
1969 | #ifdef DEBUG_PK /* XXX */ | 1983 | #ifdef DEBUG_PK /* XXX */ |
1970 | dump_base64(stderr, blob, blen); | 1984 | sshbuf_dump(b, stderr); |
1971 | #endif | 1985 | #endif |
1972 | *keyp = NULL; | 1986 | *keyp = NULL; |
1973 | if ((b = sshbuf_from(blob, blen)) == NULL) | 1987 | if ((copy = sshbuf_fromb(b)) == NULL) { |
1974 | return SSH_ERR_ALLOC_FAIL; | 1988 | ret = SSH_ERR_ALLOC_FAIL; |
1989 | goto out; | ||
1990 | } | ||
1975 | if (sshbuf_get_cstring(b, &ktype, NULL) != 0) { | 1991 | if (sshbuf_get_cstring(b, &ktype, NULL) != 0) { |
1976 | ret = SSH_ERR_INVALID_FORMAT; | 1992 | ret = SSH_ERR_INVALID_FORMAT; |
1977 | goto out; | 1993 | goto out; |
@@ -1985,6 +2001,7 @@ sshkey_from_blob_internal(const u_char *blob, size_t blen, | |||
1985 | switch (type) { | 2001 | switch (type) { |
1986 | #ifdef WITH_OPENSSL | 2002 | #ifdef WITH_OPENSSL |
1987 | case KEY_RSA_CERT: | 2003 | case KEY_RSA_CERT: |
2004 | /* Skip nonce */ | ||
1988 | if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { | 2005 | if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { |
1989 | ret = SSH_ERR_INVALID_FORMAT; | 2006 | ret = SSH_ERR_INVALID_FORMAT; |
1990 | goto out; | 2007 | goto out; |
@@ -2006,6 +2023,7 @@ sshkey_from_blob_internal(const u_char *blob, size_t blen, | |||
2006 | #endif | 2023 | #endif |
2007 | break; | 2024 | break; |
2008 | case KEY_DSA_CERT: | 2025 | case KEY_DSA_CERT: |
2026 | /* Skip nonce */ | ||
2009 | if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { | 2027 | if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { |
2010 | ret = SSH_ERR_INVALID_FORMAT; | 2028 | ret = SSH_ERR_INVALID_FORMAT; |
2011 | goto out; | 2029 | goto out; |
@@ -2029,6 +2047,7 @@ sshkey_from_blob_internal(const u_char *blob, size_t blen, | |||
2029 | #endif | 2047 | #endif |
2030 | break; | 2048 | break; |
2031 | case KEY_ECDSA_CERT: | 2049 | case KEY_ECDSA_CERT: |
2050 | /* Skip nonce */ | ||
2032 | if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { | 2051 | if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { |
2033 | ret = SSH_ERR_INVALID_FORMAT; | 2052 | ret = SSH_ERR_INVALID_FORMAT; |
2034 | goto out; | 2053 | goto out; |
@@ -2081,6 +2100,7 @@ sshkey_from_blob_internal(const u_char *blob, size_t blen, | |||
2081 | # endif /* OPENSSL_HAS_ECC */ | 2100 | # endif /* OPENSSL_HAS_ECC */ |
2082 | #endif /* WITH_OPENSSL */ | 2101 | #endif /* WITH_OPENSSL */ |
2083 | case KEY_ED25519_CERT: | 2102 | case KEY_ED25519_CERT: |
2103 | /* Skip nonce */ | ||
2084 | if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { | 2104 | if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { |
2085 | ret = SSH_ERR_INVALID_FORMAT; | 2105 | ret = SSH_ERR_INVALID_FORMAT; |
2086 | goto out; | 2106 | goto out; |
@@ -2112,8 +2132,7 @@ sshkey_from_blob_internal(const u_char *blob, size_t blen, | |||
2112 | } | 2132 | } |
2113 | 2133 | ||
2114 | /* Parse certificate potion */ | 2134 | /* Parse certificate potion */ |
2115 | if (sshkey_is_cert(key) && | 2135 | if (sshkey_is_cert(key) && (ret = cert_parse(b, key, copy)) != 0) |
2116 | (ret = cert_parse(b, key, blob, blen)) != 0) | ||
2117 | goto out; | 2136 | goto out; |
2118 | 2137 | ||
2119 | if (key != NULL && sshbuf_len(b) != 0) { | 2138 | if (key != NULL && sshbuf_len(b) != 0) { |
@@ -2124,7 +2143,7 @@ sshkey_from_blob_internal(const u_char *blob, size_t blen, | |||
2124 | *keyp = key; | 2143 | *keyp = key; |
2125 | key = NULL; | 2144 | key = NULL; |
2126 | out: | 2145 | out: |
2127 | sshbuf_free(b); | 2146 | sshbuf_free(copy); |
2128 | sshkey_free(key); | 2147 | sshkey_free(key); |
2129 | free(ktype); | 2148 | free(ktype); |
2130 | free(curve); | 2149 | free(curve); |
@@ -2139,7 +2158,33 @@ sshkey_from_blob_internal(const u_char *blob, size_t blen, | |||
2139 | int | 2158 | int |
2140 | sshkey_from_blob(const u_char *blob, size_t blen, struct sshkey **keyp) | 2159 | sshkey_from_blob(const u_char *blob, size_t blen, struct sshkey **keyp) |
2141 | { | 2160 | { |
2142 | return sshkey_from_blob_internal(blob, blen, keyp, 1); | 2161 | struct sshbuf *b; |
2162 | int r; | ||
2163 | |||
2164 | if ((b = sshbuf_from(blob, blen)) == NULL) | ||
2165 | return SSH_ERR_ALLOC_FAIL; | ||
2166 | r = sshkey_from_blob_internal(b, keyp, 1); | ||
2167 | sshbuf_free(b); | ||
2168 | return r; | ||
2169 | } | ||
2170 | |||
2171 | int | ||
2172 | sshkey_fromb(struct sshbuf *b, struct sshkey **keyp) | ||
2173 | { | ||
2174 | return sshkey_from_blob_internal(b, keyp, 1); | ||
2175 | } | ||
2176 | |||
2177 | int | ||
2178 | sshkey_froms(struct sshbuf *buf, struct sshkey **keyp) | ||
2179 | { | ||
2180 | struct sshbuf *b; | ||
2181 | int r; | ||
2182 | |||
2183 | if ((r = sshbuf_froms(buf, &b)) != 0) | ||
2184 | return r; | ||
2185 | r = sshkey_from_blob_internal(b, keyp, 1); | ||
2186 | sshbuf_free(b); | ||
2187 | return r; | ||
2143 | } | 2188 | } |
2144 | 2189 | ||
2145 | int | 2190 | int |
@@ -2644,8 +2689,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |||
2644 | { | 2689 | { |
2645 | char *tname = NULL, *curve = NULL; | 2690 | char *tname = NULL, *curve = NULL; |
2646 | struct sshkey *k = NULL; | 2691 | struct sshkey *k = NULL; |
2647 | const u_char *cert; | 2692 | size_t pklen = 0, sklen = 0; |
2648 | size_t len, pklen = 0, sklen = 0; | ||
2649 | int type, r = SSH_ERR_INTERNAL_ERROR; | 2693 | int type, r = SSH_ERR_INTERNAL_ERROR; |
2650 | u_char *ed25519_pk = NULL, *ed25519_sk = NULL; | 2694 | u_char *ed25519_pk = NULL, *ed25519_sk = NULL; |
2651 | #ifdef WITH_OPENSSL | 2695 | #ifdef WITH_OPENSSL |
@@ -2673,8 +2717,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |||
2673 | break; | 2717 | break; |
2674 | case KEY_DSA_CERT_V00: | 2718 | case KEY_DSA_CERT_V00: |
2675 | case KEY_DSA_CERT: | 2719 | case KEY_DSA_CERT: |
2676 | if ((r = sshbuf_get_string_direct(buf, &cert, &len)) != 0 || | 2720 | if ((r = sshkey_froms(buf, &k)) != 0 || |
2677 | (r = sshkey_from_blob(cert, len, &k)) != 0 || | ||
2678 | (r = sshkey_add_private(k)) != 0 || | 2721 | (r = sshkey_add_private(k)) != 0 || |
2679 | (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) | 2722 | (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) |
2680 | goto out; | 2723 | goto out; |
@@ -2717,8 +2760,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |||
2717 | r = SSH_ERR_LIBCRYPTO_ERROR; | 2760 | r = SSH_ERR_LIBCRYPTO_ERROR; |
2718 | goto out; | 2761 | goto out; |
2719 | } | 2762 | } |
2720 | if ((r = sshbuf_get_string_direct(buf, &cert, &len)) != 0 || | 2763 | if ((r = sshkey_froms(buf, &k)) != 0 || |
2721 | (r = sshkey_from_blob(cert, len, &k)) != 0 || | ||
2722 | (r = sshkey_add_private(k)) != 0 || | 2764 | (r = sshkey_add_private(k)) != 0 || |
2723 | (r = sshbuf_get_bignum2(buf, exponent)) != 0) | 2765 | (r = sshbuf_get_bignum2(buf, exponent)) != 0) |
2724 | goto out; | 2766 | goto out; |
@@ -2748,8 +2790,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |||
2748 | break; | 2790 | break; |
2749 | case KEY_RSA_CERT_V00: | 2791 | case KEY_RSA_CERT_V00: |
2750 | case KEY_RSA_CERT: | 2792 | case KEY_RSA_CERT: |
2751 | if ((r = sshbuf_get_string_direct(buf, &cert, &len)) != 0 || | 2793 | if ((r = sshkey_froms(buf, &k)) != 0 || |
2752 | (r = sshkey_from_blob(cert, len, &k)) != 0 || | ||
2753 | (r = sshkey_add_private(k)) != 0 || | 2794 | (r = sshkey_add_private(k)) != 0 || |
2754 | (r = sshbuf_get_bignum2(buf, k->rsa->d) != 0) || | 2795 | (r = sshbuf_get_bignum2(buf, k->rsa->d) != 0) || |
2755 | (r = sshbuf_get_bignum2(buf, k->rsa->iqmp) != 0) || | 2796 | (r = sshbuf_get_bignum2(buf, k->rsa->iqmp) != 0) || |
@@ -2776,8 +2817,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |||
2776 | ed25519_pk = ed25519_sk = NULL; | 2817 | ed25519_pk = ed25519_sk = NULL; |
2777 | break; | 2818 | break; |
2778 | case KEY_ED25519_CERT: | 2819 | case KEY_ED25519_CERT: |
2779 | if ((r = sshbuf_get_string_direct(buf, &cert, &len)) != 0 || | 2820 | if ((r = sshkey_froms(buf, &k)) != 0 || |
2780 | (r = sshkey_from_blob(cert, len, &k)) != 0 || | ||
2781 | (r = sshkey_add_private(k)) != 0 || | 2821 | (r = sshkey_add_private(k)) != 0 || |
2782 | (r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 || | 2822 | (r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 || |
2783 | (r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0) | 2823 | (r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0) |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey.h,v 1.4 2015/01/13 07:39:19 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.h,v 1.5 2015/01/26 02:59:11 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -160,10 +160,13 @@ int sshkey_names_valid2(const char *, int); | |||
160 | char *key_alg_list(int, int); | 160 | char *key_alg_list(int, int); |
161 | 161 | ||
162 | int sshkey_from_blob(const u_char *, size_t, struct sshkey **); | 162 | int sshkey_from_blob(const u_char *, size_t, struct sshkey **); |
163 | int sshkey_to_blob_buf(const struct sshkey *, struct sshbuf *); | 163 | int sshkey_fromb(struct sshbuf *, struct sshkey **); |
164 | int sshkey_froms(struct sshbuf *, struct sshkey **); | ||
164 | int sshkey_to_blob(const struct sshkey *, u_char **, size_t *); | 165 | int sshkey_to_blob(const struct sshkey *, u_char **, size_t *); |
165 | int sshkey_plain_to_blob_buf(const struct sshkey *, struct sshbuf *); | 166 | int sshkey_putb(const struct sshkey *, struct sshbuf *); |
167 | int sshkey_puts(const struct sshkey *, struct sshbuf *); | ||
166 | int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); | 168 | int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); |
169 | int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); | ||
167 | 170 | ||
168 | int sshkey_sign(const struct sshkey *, u_char **, size_t *, | 171 | int sshkey_sign(const struct sshkey *, u_char **, size_t *, |
169 | const u_char *, size_t, u_int); | 172 | const u_char *, size_t, u_int); |