diff options
Diffstat (limited to 'authfile.c')
-rw-r--r-- | authfile.c | 60 |
1 files changed, 59 insertions, 1 deletions
diff --git a/authfile.c b/authfile.c index 224c6aa80..6bf41db9a 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfile.c,v 1.80 2010/03/04 10:36:03 djm Exp $ */ | 1 | /* $OpenBSD: authfile.c,v 1.81 2010/08/04 05:42:47 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -693,6 +693,64 @@ key_load_public(const char *filename, char **commentp) | |||
693 | return NULL; | 693 | return NULL; |
694 | } | 694 | } |
695 | 695 | ||
696 | /* Load the certificate associated with the named private key */ | ||
697 | Key * | ||
698 | key_load_cert(const char *filename) | ||
699 | { | ||
700 | Key *pub; | ||
701 | char file[MAXPATHLEN]; | ||
702 | |||
703 | pub = key_new(KEY_UNSPEC); | ||
704 | if ((strlcpy(file, filename, sizeof file) < sizeof(file)) && | ||
705 | (strlcat(file, "-cert.pub", sizeof file) < sizeof(file)) && | ||
706 | (key_try_load_public(pub, file, NULL) == 1)) | ||
707 | return pub; | ||
708 | key_free(pub); | ||
709 | return NULL; | ||
710 | } | ||
711 | |||
712 | /* Load private key and certificate */ | ||
713 | Key * | ||
714 | key_load_private_cert(int type, const char *filename, const char *passphrase, | ||
715 | int *perm_ok) | ||
716 | { | ||
717 | Key *key, *pub; | ||
718 | |||
719 | switch (type) { | ||
720 | case KEY_RSA: | ||
721 | case KEY_DSA: | ||
722 | break; | ||
723 | default: | ||
724 | error("%s: unsupported key type", __func__); | ||
725 | return NULL; | ||
726 | } | ||
727 | |||
728 | if ((key = key_load_private_type(type, filename, | ||
729 | passphrase, NULL, perm_ok)) == NULL) | ||
730 | return NULL; | ||
731 | |||
732 | if ((pub = key_load_cert(filename)) == NULL) { | ||
733 | key_free(key); | ||
734 | return NULL; | ||
735 | } | ||
736 | |||
737 | /* Make sure the private key matches the certificate */ | ||
738 | if (key_equal_public(key, pub) == 0) { | ||
739 | error("%s: certificate does not match private key %s", | ||
740 | __func__, filename); | ||
741 | } else if (key_to_certified(key, key_cert_is_legacy(pub)) != 0) { | ||
742 | error("%s: key_to_certified failed", __func__); | ||
743 | } else { | ||
744 | key_cert_copy(pub, key); | ||
745 | key_free(pub); | ||
746 | return key; | ||
747 | } | ||
748 | |||
749 | key_free(key); | ||
750 | key_free(pub); | ||
751 | return NULL; | ||
752 | } | ||
753 | |||
696 | /* | 754 | /* |
697 | * Returns 1 if the specified "key" is listed in the file "filename", | 755 | * Returns 1 if the specified "key" is listed in the file "filename", |
698 | * 0 if the key is not listed or -1 on error. | 756 | * 0 if the key is not listed or -1 on error. |