1 files changed, 61 insertions, 1 deletions
diff --git a/authfile.c b/authfile.c
index 224c6aa80..2bd887845 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.80 2010/03/04 10:36:03 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.82 2010/08/04 05:49:22 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -693,6 +693,66 @@ key_load_public(const char *filename, char **commentp)
        return NULL;
 }
+/* Load the certificate associated with the named private key */
+Key *
+key_load_cert(const char *filename)
+{
+        Key *pub;
+        char *file;
+        pub = key_new(KEY_UNSPEC);
+        xasprintf(&file, "%s-cert.pub", filename);
+        if (key_try_load_public(pub, file, NULL) == 1) {
+                xfree(file);
+                return pub;
+        }
+        xfree(file);
+        key_free(pub);
+        return NULL;
+}
+/* Load private key and certificate */
+Key *
+key_load_private_cert(int type, const char *filename, const char *passphrase,
+    int *perm_ok)
+{
+        Key *key, *pub;
+        switch (type) {
+        case KEY_RSA:
+        case KEY_DSA:
+                break;
+        default:
+                error("%s: unsupported key type", __func__);
+                return NULL;
+        }
+        if ((key = key_load_private_type(type, filename, 
+            passphrase, NULL, perm_ok)) == NULL)
+                return NULL;
+        if ((pub = key_load_cert(filename)) == NULL) {
+                key_free(key);
+                return NULL;
+        }
+        /* Make sure the private key matches the certificate */
+        if (key_equal_public(key, pub) == 0) {
+                error("%s: certificate does not match private key %s",
+                    __func__, filename);
+        } else if (key_to_certified(key, key_cert_is_legacy(pub)) != 0) {
+                error("%s: key_to_certified failed", __func__);
+        } else {
+                key_cert_copy(pub, key);
+                key_free(pub);
+                return key;
+        }
+        key_free(key);
+        key_free(pub);
+        return NULL;
+}
 /*
 * Returns 1 if the specified "key" is listed in the file "filename",
 * 0 if the key is not listed or -1 on error.

diff --git a/authfile.c b/authfile.c index 224c6aa80..2bd887845 100644 --- a/authfile.c +++ b/authfile.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: authfile.c,v 1.80 2010/03/04 10:36:03 djm Exp $ */	1	/* $OpenBSD: authfile.c,v 1.82 2010/08/04 05:49:22 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -693,6 +693,66 @@ key_load_public(const char filename, char *commentp)
693	return NULL;	693	return NULL;
694	}	694	}
695		695
		696	/* Load the certificate associated with the named private key */
		697	Key *
		698	key_load_cert(const char *filename)
		699	{
		700	Key *pub;
		701	char *file;
		702
		703	pub = key_new(KEY_UNSPEC);
		704	xasprintf(&file, "%s-cert.pub", filename);
		705	if (key_try_load_public(pub, file, NULL) == 1) {
		706	xfree(file);
		707	return pub;
		708	}
		709	xfree(file);
		710	key_free(pub);
		711	return NULL;
		712	}
		713
		714	/* Load private key and certificate */
		715	Key *
		716	key_load_private_cert(int type, const char filename, const char passphrase,
		717	int *perm_ok)
		718	{
		719	Key key, pub;
		720
		721	switch (type) {
		722	case KEY_RSA:
		723	case KEY_DSA:
		724	break;
		725	default:
		726	error("%s: unsupported key type", __func__);
		727	return NULL;
		728	}
		729
		730	if ((key = key_load_private_type(type, filename,
		731	passphrase, NULL, perm_ok)) == NULL)
		732	return NULL;
		733
		734	if ((pub = key_load_cert(filename)) == NULL) {
		735	key_free(key);
		736	return NULL;
		737	}
		738
		739	/* Make sure the private key matches the certificate */
		740	if (key_equal_public(key, pub) == 0) {
		741	error("%s: certificate does not match private key %s",
		742	__func__, filename);
		743	} else if (key_to_certified(key, key_cert_is_legacy(pub)) != 0) {
		744	error("%s: key_to_certified failed", __func__);
		745	} else {
		746	key_cert_copy(pub, key);
		747	key_free(pub);
		748	return key;
		749	}
		750
		751	key_free(key);
		752	key_free(pub);
		753	return NULL;
		754	}
		755
696	/*	756	/*
697	* Returns 1 if the specified "key" is listed in the file "filename",	757	* Returns 1 if the specified "key" is listed in the file "filename",
698	* 0 if the key is not listed or -1 on error.	758	* 0 if the key is not listed or -1 on error.