summaryrefslogtreecommitdiff
path: root/authfile.c
diff options
context:
space:
mode:
Diffstat (limited to 'authfile.c')
-rw-r--r--authfile.c62
1 files changed, 61 insertions, 1 deletions
diff --git a/authfile.c b/authfile.c
index 224c6aa80..2bd887845 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfile.c,v 1.80 2010/03/04 10:36:03 djm Exp $ */ 1/* $OpenBSD: authfile.c,v 1.82 2010/08/04 05:49:22 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -693,6 +693,66 @@ key_load_public(const char *filename, char **commentp)
693 return NULL; 693 return NULL;
694} 694}
695 695
696/* Load the certificate associated with the named private key */
697Key *
698key_load_cert(const char *filename)
699{
700 Key *pub;
701 char *file;
702
703 pub = key_new(KEY_UNSPEC);
704 xasprintf(&file, "%s-cert.pub", filename);
705 if (key_try_load_public(pub, file, NULL) == 1) {
706 xfree(file);
707 return pub;
708 }
709 xfree(file);
710 key_free(pub);
711 return NULL;
712}
713
714/* Load private key and certificate */
715Key *
716key_load_private_cert(int type, const char *filename, const char *passphrase,
717 int *perm_ok)
718{
719 Key *key, *pub;
720
721 switch (type) {
722 case KEY_RSA:
723 case KEY_DSA:
724 break;
725 default:
726 error("%s: unsupported key type", __func__);
727 return NULL;
728 }
729
730 if ((key = key_load_private_type(type, filename,
731 passphrase, NULL, perm_ok)) == NULL)
732 return NULL;
733
734 if ((pub = key_load_cert(filename)) == NULL) {
735 key_free(key);
736 return NULL;
737 }
738
739 /* Make sure the private key matches the certificate */
740 if (key_equal_public(key, pub) == 0) {
741 error("%s: certificate does not match private key %s",
742 __func__, filename);
743 } else if (key_to_certified(key, key_cert_is_legacy(pub)) != 0) {
744 error("%s: key_to_certified failed", __func__);
745 } else {
746 key_cert_copy(pub, key);
747 key_free(pub);
748 return key;
749 }
750
751 key_free(key);
752 key_free(pub);
753 return NULL;
754}
755
696/* 756/*
697 * Returns 1 if the specified "key" is listed in the file "filename", 757 * Returns 1 if the specified "key" is listed in the file "filename",
698 * 0 if the key is not listed or -1 on error. 758 * 0 if the key is not listed or -1 on error.