4 files changed, 14 insertions, 223 deletions
diff --git a/key.c b/key.c
index 93f4ccb24..6e338c495 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.130 2016/05/02 09:36:42 djm Exp $ */
+/* $OpenBSD: key.c,v 1.131 2017/05/30 14:16:41 markus Exp $ */
 /*
 * placed in the public domain
 */
@@ -20,68 +20,6 @@
 #include "log.h"
 #include "authfile.h"
-void
-key_add_private(Key *k)
-{
-        int r;
-        if ((r = sshkey_add_private(k)) != 0)
-                fatal("%s: %s", __func__, ssh_err(r));
-}
-Key *
-key_new_private(int type)
-{
-        Key *ret = NULL;
-        if ((ret = sshkey_new_private(type)) == NULL)
-                fatal("%s: failed", __func__);
-        return ret;
-}
-int
-key_read(Key *ret, char **cpp)
-{
-        return sshkey_read(ret, cpp) == 0 ? 1 : -1;
-}
-int
-key_write(const Key *key, FILE *f)
-{
-        return sshkey_write(key, f) == 0 ? 1 : 0;
-}
-Key *
-key_generate(int type, u_int bits)
-{
-        int r;
-        Key *ret = NULL;
-        if ((r = sshkey_generate(type, bits, &ret)) != 0)
-                fatal("%s: %s", __func__, ssh_err(r));
-        return ret;
-}
-void
-key_cert_copy(const Key *from_key, Key *to_key)
-{
-        int r;
-        if ((r = sshkey_cert_copy(from_key, to_key)) != 0)
-                fatal("%s: %s", __func__, ssh_err(r));
-}
-Key *
-key_from_private(const Key *k)
-{
-        int r;
-        Key *ret = NULL;
-        if ((r = sshkey_from_private(k, &ret)) != 0)
-                fatal("%s: %s", __func__, ssh_err(r));
-        return ret;
-}
 static void
 fatal_on_fatal_errors(int r, const char *func, int extra_fatal)
 {
@@ -184,19 +122,6 @@ key_demote(const Key *k)
 }
 int
-key_to_certified(Key *k)
-{
-        int r;
-        if ((r = sshkey_to_certified(k)) != 0) {
-                fatal_on_fatal_errors(r, __func__, 0);
-                error("%s: %s", __func__, ssh_err(r));
-                return -1;
-        }
-        return 0;
-}
-int
 key_drop_cert(Key *k)
 {
        int r;
@@ -210,19 +135,6 @@ key_drop_cert(Key *k)
 }
 int
-key_certify(Key *k, Key *ca)
-{
-        int r;
-        if ((r = sshkey_certify(k, ca, NULL)) != 0) {
-                fatal_on_fatal_errors(r, __func__, 0);
-                error("%s: %s", __func__, ssh_err(r));
-                return -1;
-        }
-        return 0;
-}
-int
 key_cert_check_authority(const Key *k, int want_host, int require_principal,
    const char *name, const char **reason)
 {
@@ -237,88 +149,8 @@ key_cert_check_authority(const Key *k, int want_host, int require_principal,
        return 0;
 }
-#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
-int
-key_ec_validate_public(const EC_GROUP *group, const EC_POINT *public)
-{
-        int r;
-        if ((r = sshkey_ec_validate_public(group, public)) != 0) {
-                fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
-                error("%s: %s", __func__, ssh_err(r));
-                return -1;
-        }
-        return 0;
-}
-int
-key_ec_validate_private(const EC_KEY *key)
-{
-        int r;
-        if ((r = sshkey_ec_validate_private(key)) != 0) {
-                fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
-                error("%s: %s", __func__, ssh_err(r));
-                return -1;
-        }
-        return 0;
-}
-#endif /* WITH_OPENSSL */
-void
-key_private_serialize(const Key *key, struct sshbuf *b)
-{
-        int r;
-        if ((r = sshkey_private_serialize(key, b)) != 0)
-                fatal("%s: %s", __func__, ssh_err(r));
-}
-Key *
-key_private_deserialize(struct sshbuf *blob)
-{
-        int r;
-        Key *ret = NULL;
-        if ((r = sshkey_private_deserialize(blob, &ret)) != 0) {
-                fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
-                error("%s: %s", __func__, ssh_err(r));
-                return NULL;
-        }
-        return ret;
-}
 /* authfile.c */
-int
-key_save_private(Key *key, const char *filename, const char *passphrase,
-    const char *comment, int force_new_format, const char *new_format_cipher,
-    int new_format_rounds)
-{
-        int r;
-        if ((r = sshkey_save_private(key, filename, passphrase, comment,
-            force_new_format, new_format_cipher, new_format_rounds)) != 0) {
-                fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
-                error("%s: %s", __func__, ssh_err(r));
-                return 0;
-        }
-        return 1;
-}
-int
-key_load_file(int fd, const char *filename, struct sshbuf *blob)
-{
-        int r;
-        if ((r = sshkey_load_file(fd, blob)) != 0) {
-                fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
-                error("%s: %s", __func__, ssh_err(r));
-                return 0;
-        }
-        return 1;
-}
 Key *
 key_load_cert(const char *filename)
 {
@@ -417,10 +249,3 @@ key_load_private_type(int type, const char *filename, const char *passphrase,
        }
        return ret;
 }
-int
-key_perm_ok(int fd, const char *filename)
-{
-        return sshkey_perm_ok(fd, filename) == 0 ? 1 : 0;
-}
diff --git a/key.h b/key.h
index 2e501a9f4..a14f37037 100644
--- a/key.h
+++ b/key.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.h,v 1.50 2016/09/12 23:31:27 djm Exp $ */
+/* $OpenBSD: key.h,v 1.51 2017/05/30 14:16:41 markus Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -35,51 +35,24 @@ typedef struct sshkey Key;
 #define fp_rep sshkey_fp_rep
 #ifndef SSH_KEY_NO_DEFINE
-#define key_new                 sshkey_new
 #define key_free                sshkey_free
 #define key_equal_public        sshkey_equal_public
 #define key_equal               sshkey_equal
 #define key_type                sshkey_type
-#define key_cert_type           sshkey_cert_type
 #define key_ssh_name            sshkey_ssh_name
 #define key_ssh_name_plain      sshkey_ssh_name_plain
 #define key_type_from_name      sshkey_type_from_name
-#define key_ecdsa_nid_from_name sshkey_ecdsa_nid_from_name
-#define key_type_is_cert        sshkey_type_is_cert
-#define key_size                sshkey_size
-#define key_ecdsa_bits_to_nid   sshkey_ecdsa_bits_to_nid
-#define key_ecdsa_key_to_nid    sshkey_ecdsa_key_to_nid
 #define key_is_cert             sshkey_is_cert
 #define key_type_plain          sshkey_type_plain
-#define key_curve_name_to_nid   sshkey_curve_name_to_nid
-#define key_curve_nid_to_bits   sshkey_curve_nid_to_bits
-#define key_curve_nid_to_name   sshkey_curve_nid_to_name
-#define key_ec_nid_to_hash_alg  sshkey_ec_nid_to_hash_alg
-#define key_dump_ec_point       sshkey_dump_ec_point
-#define key_dump_ec_key         sshkey_dump_ec_key
 #endif
-void     key_add_private(Key *);
-Key     *key_new_private(int);
 void     key_free(Key *);
 Key     *key_demote(const Key *);
-int      key_write(const Key *, FILE *);
-int      key_read(Key *, char **);
-Key     *key_generate(int, u_int);
-Key     *key_from_private(const Key *);
-int      key_to_certified(Key *);
 int      key_drop_cert(Key *);
-int      key_certify(Key *, Key *);
-void     key_cert_copy(const Key *, Key *);
 int      key_cert_check_authority(const Key *, int, int, const char *,
            const char **);
-#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
-int      key_ec_validate_public(const EC_GROUP *, const EC_POINT *);
-int      key_ec_validate_private(const EC_KEY *);
-#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */
 Key     *key_from_blob(const u_char *, u_int);
 int      key_to_blob(const Key *, u_char **, u_int *);
@@ -87,18 +60,11 @@ int	 key_sign(const Key *, u_char **, u_int *, const u_char *, u_int,
    const char *);
 int      key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
-void     key_private_serialize(const Key *, struct sshbuf *);
-Key     *key_private_deserialize(struct sshbuf *);
 /* authfile.c */
-int      key_save_private(Key *, const char *, const char *, const char *,
-    int, const char *, int);
-int      key_load_file(int, const char *, struct sshbuf *);
 Key     *key_load_cert(const char *);
 Key     *key_load_public(const char *, char **);
 Key     *key_load_private(const char *, const char *, char **);
 Key     *key_load_private_cert(int, const char *, const char *, int *);
 Key     *key_load_private_type(int, const char *, const char *, char **, int *);
-int      key_perm_ok(int, const char *);
 #endif
diff --git a/ssh-add.c b/ssh-add.c
index a1e0d464b..438c1c25a 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.131 2017/05/05 10:42:49 naddy Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.132 2017/05/30 14:16:41 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -306,7 +306,7 @@ add_file(int agent_fd, const char *filename, int key_only)
                goto out;
        }
        if ((r = sshkey_cert_copy(cert, private)) != 0) {
-                error("%s: key_cert_copy: %s", __func__, ssh_err(r));
+                error("%s: sshkey_cert_copy: %s", __func__, ssh_err(r));
                sshkey_free(cert);
                goto out;
        }
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 7886582d7..cc3a7df18 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.303 2017/05/07 23:15:59 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.304 2017/05/30 14:16:41 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -488,7 +488,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
                return NULL;
        }
        if ((key = sshkey_new_private(ktype)) == NULL)
-                fatal("key_new_private failed");
+                fatal("sshkey_new_private failed");
        free(type);
        switch (key->type) {
@@ -770,7 +770,7 @@ do_print_public(struct passwd *pw)
                fatal("%s: %s", identity_file, strerror(errno));
        prv = load_identity(identity_file);
        if ((r = sshkey_write(prv, stdout)) != 0)
-                error("key_write failed: %s", ssh_err(r));
+                error("sshkey_write failed: %s", ssh_err(r));
        sshkey_free(prv);
        fprintf(stdout, "\n");
        exit(0);
@@ -1019,7 +1019,7 @@ do_gen_all_hostkeys(struct passwd *pw)
                bits = 0;
                type_bits_valid(type, NULL, &bits);
                if ((r = sshkey_generate(type, bits, &private)) != 0) {
-                        error("key_generate failed: %s", ssh_err(r));
+                        error("sshkey_generate failed: %s", ssh_err(r));
                        first = 0;
                        continue;
                }
@@ -1475,7 +1475,7 @@ do_change_comment(struct passwd *pw)
        explicit_bzero(passphrase, strlen(passphrase));
        free(passphrase);
        if ((r = sshkey_from_private(private, &public)) != 0)
-                fatal("key_from_private failed: %s", ssh_err(r));
+                fatal("sshkey_from_private failed: %s", ssh_err(r));
        sshkey_free(private);
        strlcat(identity_file, ".pub", sizeof(identity_file));
@@ -1662,7 +1662,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
                    OPTIONS_EXTENSIONS);
                if ((r = sshkey_from_private(ca,
                    &public->cert->signature_key)) != 0)
-                        fatal("key_from_private (ca key): %s", ssh_err(r));
+                        fatal("sshkey_from_private (ca key): %s", ssh_err(r));
                if ((r = sshkey_certify(public, ca, key_type_name)) != 0)
                        fatal("Couldn't certify key %s: %s", tmp, ssh_err(r));
@@ -1980,7 +1980,7 @@ do_show_cert(struct passwd *pw)
                if (*cp == '#' || *cp == '\0')
                        continue;
                if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
-                        fatal("key_new");
+                        fatal("sshkey_new");
                if ((r = sshkey_read(key, &cp)) != 0) {
                        error("%s:%lu: invalid key: %s", path,
                            lnum, ssh_err(r));
@@ -2126,7 +2126,7 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca,
                                 */
                        }
                        if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
-                                fatal("key_new");
+                                fatal("sshkey_new");
                        if ((r = sshkey_read(key, &cp)) != 0)
                                fatal("%s:%lu: invalid key: %s",
                                    path, lnum, ssh_err(r));
@@ -2667,9 +2667,9 @@ main(int argc, char **argv)
                printf("Generating public/private %s key pair.\n",
                    key_type_name);
        if ((r = sshkey_generate(type, bits, &private)) != 0)
-                fatal("key_generate failed");
+                fatal("sshkey_generate failed");
        if ((r = sshkey_from_private(private, &public)) != 0)
-                fatal("key_from_private failed: %s\n", ssh_err(r));
+                fatal("sshkey_from_private failed: %s\n", ssh_err(r));
        if (!have_identity)
                ask_filename(pw, "Enter file in which to save the key");

diff --git a/key.c b/key.c index 93f4ccb24..6e338c495 100644 --- a/key.c +++ b/key.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: key.c,v 1.130 2016/05/02 09:36:42 djm Exp $ */	1	/* $OpenBSD: key.c,v 1.131 2017/05/30 14:16:41 markus Exp $ */
2	/*	2	/*
3	* placed in the public domain	3	* placed in the public domain
4	*/	4	*/
@@ -20,68 +20,6 @@
20	#include "log.h"	20	#include "log.h"
21	#include "authfile.h"	21	#include "authfile.h"
22		22
23	void
24	key_add_private(Key *k)
25	{
26	int r;
27
28	if ((r = sshkey_add_private(k)) != 0)
29	fatal("%s: %s", __func__, ssh_err(r));
30	}
31
32	Key *
33	key_new_private(int type)
34	{
35	Key *ret = NULL;
36
37	if ((ret = sshkey_new_private(type)) == NULL)
38	fatal("%s: failed", __func__);
39	return ret;
40	}
41
42	int
43	key_read(Key ret, char *cpp)
44	{
45	return sshkey_read(ret, cpp) == 0 ? 1 : -1;
46	}
47
48	int
49	key_write(const Key key, FILE f)
50	{
51	return sshkey_write(key, f) == 0 ? 1 : 0;
52	}
53
54	Key *
55	key_generate(int type, u_int bits)
56	{
57	int r;
58	Key *ret = NULL;
59
60	if ((r = sshkey_generate(type, bits, &ret)) != 0)
61	fatal("%s: %s", __func__, ssh_err(r));
62	return ret;
63	}
64
65	void
66	key_cert_copy(const Key from_key, Key to_key)
67	{
68	int r;
69
70	if ((r = sshkey_cert_copy(from_key, to_key)) != 0)
71	fatal("%s: %s", __func__, ssh_err(r));
72	}
73
74	Key *
75	key_from_private(const Key *k)
76	{
77	int r;
78	Key *ret = NULL;
79
80	if ((r = sshkey_from_private(k, &ret)) != 0)
81	fatal("%s: %s", __func__, ssh_err(r));
82	return ret;
83	}
84
85	static void	23	static void
86	fatal_on_fatal_errors(int r, const char *func, int extra_fatal)	24	fatal_on_fatal_errors(int r, const char *func, int extra_fatal)
87	{	25	{
@@ -184,19 +122,6 @@ key_demote(const Key *k)
184	}	122	}
185		123
186	int	124	int
187	key_to_certified(Key *k)
188	{
189	int r;
190
191	if ((r = sshkey_to_certified(k)) != 0) {
192	fatal_on_fatal_errors(r, __func__, 0);
193	error("%s: %s", __func__, ssh_err(r));
194	return -1;
195	}
196	return 0;
197	}
198
199	int
200	key_drop_cert(Key *k)	125	key_drop_cert(Key *k)
201	{	126	{
202	int r;	127	int r;
@@ -210,19 +135,6 @@ key_drop_cert(Key *k)
210	}	135	}
211		136
212	int	137	int
213	key_certify(Key k, Key ca)
214	{
215	int r;
216
217	if ((r = sshkey_certify(k, ca, NULL)) != 0) {
218	fatal_on_fatal_errors(r, __func__, 0);
219	error("%s: %s", __func__, ssh_err(r));
220	return -1;
221	}
222	return 0;
223	}
224
225	int
226	key_cert_check_authority(const Key *k, int want_host, int require_principal,	138	key_cert_check_authority(const Key *k, int want_host, int require_principal,
227	const char name, const char *reason)	139	const char name, const char *reason)
228	{	140	{
@@ -237,88 +149,8 @@ key_cert_check_authority(const Key *k, int want_host, int require_principal,
237	return 0;	149	return 0;
238	}	150	}
239		151
240	#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
241	int
242	key_ec_validate_public(const EC_GROUP group, const EC_POINT public)
243	{
244	int r;
245
246	if ((r = sshkey_ec_validate_public(group, public)) != 0) {
247	fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
248	error("%s: %s", __func__, ssh_err(r));
249	return -1;
250	}
251	return 0;
252	}
253
254	int
255	key_ec_validate_private(const EC_KEY *key)
256	{
257	int r;
258
259	if ((r = sshkey_ec_validate_private(key)) != 0) {
260	fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
261	error("%s: %s", __func__, ssh_err(r));
262	return -1;
263	}
264	return 0;
265	}
266	#endif /* WITH_OPENSSL */
267
268	void
269	key_private_serialize(const Key key, struct sshbuf b)
270	{
271	int r;
272
273	if ((r = sshkey_private_serialize(key, b)) != 0)
274	fatal("%s: %s", __func__, ssh_err(r));
275	}
276
277	Key *
278	key_private_deserialize(struct sshbuf *blob)
279	{
280	int r;
281	Key *ret = NULL;
282
283	if ((r = sshkey_private_deserialize(blob, &ret)) != 0) {
284	fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
285	error("%s: %s", __func__, ssh_err(r));
286	return NULL;
287	}
288	return ret;
289	}
290
291	/* authfile.c */	152	/* authfile.c */
292		153
293	int
294	key_save_private(Key key, const char filename, const char *passphrase,
295	const char comment, int force_new_format, const char new_format_cipher,
296	int new_format_rounds)
297	{
298	int r;
299
300	if ((r = sshkey_save_private(key, filename, passphrase, comment,
301	force_new_format, new_format_cipher, new_format_rounds)) != 0) {
302	fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
303	error("%s: %s", __func__, ssh_err(r));
304	return 0;
305	}
306	return 1;
307	}
308
309	int
310	key_load_file(int fd, const char filename, struct sshbuf blob)
311	{
312	int r;
313
314	if ((r = sshkey_load_file(fd, blob)) != 0) {
315	fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
316	error("%s: %s", __func__, ssh_err(r));
317	return 0;
318	}
319	return 1;
320	}
321
322	Key *	154	Key *
323	key_load_cert(const char *filename)	155	key_load_cert(const char *filename)
324	{	156	{
@@ -417,10 +249,3 @@ key_load_private_type(int type, const char filename, const char passphrase,
417	}	249	}
418	return ret;	250	return ret;
419	}	251	}
420
421	int
422	key_perm_ok(int fd, const char *filename)
423	{
424	return sshkey_perm_ok(fd, filename) == 0 ? 1 : 0;
425	}
426


diff --git a/key.h b/key.h index 2e501a9f4..a14f37037 100644 --- a/key.h +++ b/key.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: key.h,v 1.50 2016/09/12 23:31:27 djm Exp $ */	1	/* $OpenBSD: key.h,v 1.51 2017/05/30 14:16:41 markus Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.	4	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -35,51 +35,24 @@ typedef struct sshkey Key;
35	#define fp_rep sshkey_fp_rep	35	#define fp_rep sshkey_fp_rep
36		36
37	#ifndef SSH_KEY_NO_DEFINE	37	#ifndef SSH_KEY_NO_DEFINE
38	#define key_new sshkey_new
39	#define key_free sshkey_free	38	#define key_free sshkey_free
40	#define key_equal_public sshkey_equal_public	39	#define key_equal_public sshkey_equal_public
41	#define key_equal sshkey_equal	40	#define key_equal sshkey_equal
42	#define key_type sshkey_type	41	#define key_type sshkey_type
43	#define key_cert_type sshkey_cert_type
44	#define key_ssh_name sshkey_ssh_name	42	#define key_ssh_name sshkey_ssh_name
45	#define key_ssh_name_plain sshkey_ssh_name_plain	43	#define key_ssh_name_plain sshkey_ssh_name_plain
46	#define key_type_from_name sshkey_type_from_name	44	#define key_type_from_name sshkey_type_from_name
47	#define key_ecdsa_nid_from_name sshkey_ecdsa_nid_from_name
48	#define key_type_is_cert sshkey_type_is_cert
49	#define key_size sshkey_size
50	#define key_ecdsa_bits_to_nid sshkey_ecdsa_bits_to_nid
51	#define key_ecdsa_key_to_nid sshkey_ecdsa_key_to_nid
52	#define key_is_cert sshkey_is_cert	45	#define key_is_cert sshkey_is_cert
53	#define key_type_plain sshkey_type_plain	46	#define key_type_plain sshkey_type_plain
54	#define key_curve_name_to_nid sshkey_curve_name_to_nid
55	#define key_curve_nid_to_bits sshkey_curve_nid_to_bits
56	#define key_curve_nid_to_name sshkey_curve_nid_to_name
57	#define key_ec_nid_to_hash_alg sshkey_ec_nid_to_hash_alg
58	#define key_dump_ec_point sshkey_dump_ec_point
59	#define key_dump_ec_key sshkey_dump_ec_key
60	#endif	47	#endif
61		48
62	void key_add_private(Key *);
63	Key *key_new_private(int);
64	void key_free(Key *);	49	void key_free(Key *);
65	Key key_demote(const Key );	50	Key key_demote(const Key );
66	int key_write(const Key , FILE );
67	int key_read(Key , char *);
68		51
69	Key *key_generate(int, u_int);
70	Key key_from_private(const Key );
71	int key_to_certified(Key *);
72	int key_drop_cert(Key *);	52	int key_drop_cert(Key *);
73	int key_certify(Key , Key );
74	void key_cert_copy(const Key , Key );
75	int key_cert_check_authority(const Key , int, int, const char ,	53	int key_cert_check_authority(const Key , int, int, const char ,
76	const char **);	54	const char **);
77		55
78	#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
79	int key_ec_validate_public(const EC_GROUP , const EC_POINT );
80	int key_ec_validate_private(const EC_KEY *);
81	#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */
82
83	Key key_from_blob(const u_char , u_int);	56	Key key_from_blob(const u_char , u_int);
84	int key_to_blob(const Key , u_char , u_int );	57	int key_to_blob(const Key , u_char , u_int );
85		58
@@ -87,18 +60,11 @@ int key_sign(const Key , u_char , u_int , const u_char *, u_int,
87	const char *);	60	const char *);
88	int key_verify(const Key , const u_char , u_int, const u_char *, u_int);	61	int key_verify(const Key , const u_char , u_int, const u_char *, u_int);
89		62
90	void key_private_serialize(const Key , struct sshbuf );
91	Key key_private_deserialize(struct sshbuf );
92
93	/* authfile.c */	63	/* authfile.c */
94	int key_save_private(Key , const char , const char , const char ,
95	int, const char *, int);
96	int key_load_file(int, const char , struct sshbuf );
97	Key key_load_cert(const char );	64	Key key_load_cert(const char );
98	Key key_load_public(const char , char **);	65	Key key_load_public(const char , char **);
99	Key key_load_private(const char , const char , char *);	66	Key key_load_private(const char , const char , char *);
100	Key key_load_private_cert(int, const char , const char , int );	67	Key key_load_private_cert(int, const char , const char , int );
101	Key key_load_private_type(int, const char , const char , char , int );	68	Key key_load_private_type(int, const char , const char , char , int );
102	int key_perm_ok(int, const char *);
103		69
104	#endif	70	#endif


diff --git a/ssh-add.c b/ssh-add.c index a1e0d464b..438c1c25a 100644 --- a/ssh-add.c +++ b/ssh-add.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-add.c,v 1.131 2017/05/05 10:42:49 naddy Exp $ */	1	/* $OpenBSD: ssh-add.c,v 1.132 2017/05/30 14:16:41 markus Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -306,7 +306,7 @@ add_file(int agent_fd, const char *filename, int key_only)
306	goto out;	306	goto out;
307	}	307	}
308	if ((r = sshkey_cert_copy(cert, private)) != 0) {	308	if ((r = sshkey_cert_copy(cert, private)) != 0) {
309	error("%s: key_cert_copy: %s", __func__, ssh_err(r));	309	error("%s: sshkey_cert_copy: %s", __func__, ssh_err(r));
310	sshkey_free(cert);	310	sshkey_free(cert);
311	goto out;	311	goto out;
312	}	312	}


diff --git a/ssh-keygen.c b/ssh-keygen.c index 7886582d7..cc3a7df18 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-keygen.c,v 1.303 2017/05/07 23:15:59 djm Exp $ */	1	/* $OpenBSD: ssh-keygen.c,v 1.304 2017/05/30 14:16:41 markus Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -488,7 +488,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
488	return NULL;	488	return NULL;
489	}	489	}
490	if ((key = sshkey_new_private(ktype)) == NULL)	490	if ((key = sshkey_new_private(ktype)) == NULL)
491	fatal("key_new_private failed");	491	fatal("sshkey_new_private failed");
492	free(type);	492	free(type);
493		493
494	switch (key->type) {	494	switch (key->type) {
@@ -770,7 +770,7 @@ do_print_public(struct passwd *pw)
770	fatal("%s: %s", identity_file, strerror(errno));	770	fatal("%s: %s", identity_file, strerror(errno));
771	prv = load_identity(identity_file);	771	prv = load_identity(identity_file);
772	if ((r = sshkey_write(prv, stdout)) != 0)	772	if ((r = sshkey_write(prv, stdout)) != 0)
773	error("key_write failed: %s", ssh_err(r));	773	error("sshkey_write failed: %s", ssh_err(r));
774	sshkey_free(prv);	774	sshkey_free(prv);
775	fprintf(stdout, "\n");	775	fprintf(stdout, "\n");
776	exit(0);	776	exit(0);
@@ -1019,7 +1019,7 @@ do_gen_all_hostkeys(struct passwd *pw)
1019	bits = 0;	1019	bits = 0;
1020	type_bits_valid(type, NULL, &bits);	1020	type_bits_valid(type, NULL, &bits);
1021	if ((r = sshkey_generate(type, bits, &private)) != 0) {	1021	if ((r = sshkey_generate(type, bits, &private)) != 0) {
1022	error("key_generate failed: %s", ssh_err(r));	1022	error("sshkey_generate failed: %s", ssh_err(r));
1023	first = 0;	1023	first = 0;
1024	continue;	1024	continue;
1025	}	1025	}
@@ -1475,7 +1475,7 @@ do_change_comment(struct passwd *pw)
1475	explicit_bzero(passphrase, strlen(passphrase));	1475	explicit_bzero(passphrase, strlen(passphrase));
1476	free(passphrase);	1476	free(passphrase);
1477	if ((r = sshkey_from_private(private, &public)) != 0)	1477	if ((r = sshkey_from_private(private, &public)) != 0)
1478	fatal("key_from_private failed: %s", ssh_err(r));	1478	fatal("sshkey_from_private failed: %s", ssh_err(r));
1479	sshkey_free(private);	1479	sshkey_free(private);
1480		1480
1481	strlcat(identity_file, ".pub", sizeof(identity_file));	1481	strlcat(identity_file, ".pub", sizeof(identity_file));
@@ -1662,7 +1662,7 @@ do_ca_sign(struct passwd pw, int argc, char *argv)
1662	OPTIONS_EXTENSIONS);	1662	OPTIONS_EXTENSIONS);
1663	if ((r = sshkey_from_private(ca,	1663	if ((r = sshkey_from_private(ca,
1664	&public->cert->signature_key)) != 0)	1664	&public->cert->signature_key)) != 0)
1665	fatal("key_from_private (ca key): %s", ssh_err(r));	1665	fatal("sshkey_from_private (ca key): %s", ssh_err(r));
1666		1666
1667	if ((r = sshkey_certify(public, ca, key_type_name)) != 0)	1667	if ((r = sshkey_certify(public, ca, key_type_name)) != 0)
1668	fatal("Couldn't certify key %s: %s", tmp, ssh_err(r));	1668	fatal("Couldn't certify key %s: %s", tmp, ssh_err(r));
@@ -1980,7 +1980,7 @@ do_show_cert(struct passwd *pw)
1980	if (cp == '#' \|\| cp == '\0')	1980	if (cp == '#' \|\| cp == '\0')
1981	continue;	1981	continue;
1982	if ((key = sshkey_new(KEY_UNSPEC)) == NULL)	1982	if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
1983	fatal("key_new");	1983	fatal("sshkey_new");
1984	if ((r = sshkey_read(key, &cp)) != 0) {	1984	if ((r = sshkey_read(key, &cp)) != 0) {
1985	error("%s:%lu: invalid key: %s", path,	1985	error("%s:%lu: invalid key: %s", path,
1986	lnum, ssh_err(r));	1986	lnum, ssh_err(r));
@@ -2126,7 +2126,7 @@ update_krl_from_file(struct passwd pw, const char file, int wild_ca,
2126	*/	2126	*/
2127	}	2127	}
2128	if ((key = sshkey_new(KEY_UNSPEC)) == NULL)	2128	if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
2129	fatal("key_new");	2129	fatal("sshkey_new");
2130	if ((r = sshkey_read(key, &cp)) != 0)	2130	if ((r = sshkey_read(key, &cp)) != 0)
2131	fatal("%s:%lu: invalid key: %s",	2131	fatal("%s:%lu: invalid key: %s",
2132	path, lnum, ssh_err(r));	2132	path, lnum, ssh_err(r));
@@ -2667,9 +2667,9 @@ main(int argc, char **argv)
2667	printf("Generating public/private %s key pair.\n",	2667	printf("Generating public/private %s key pair.\n",
2668	key_type_name);	2668	key_type_name);
2669	if ((r = sshkey_generate(type, bits, &private)) != 0)	2669	if ((r = sshkey_generate(type, bits, &private)) != 0)
2670	fatal("key_generate failed");	2670	fatal("sshkey_generate failed");
2671	if ((r = sshkey_from_private(private, &public)) != 0)	2671	if ((r = sshkey_from_private(private, &public)) != 0)
2672	fatal("key_from_private failed: %s\n", ssh_err(r));	2672	fatal("sshkey_from_private failed: %s\n", ssh_err(r));
2673		2673
2674	if (!have_identity)	2674	if (!have_identity)
2675	ask_filename(pw, "Enter file in which to save the key");	2675	ask_filename(pw, "Enter file in which to save the key");