From 4d28fa78abce2890e136281950633fae2066cc29 Mon Sep 17 00:00:00 2001 From: "deraadt@openbsd.org" Date: Fri, 28 Jun 2019 13:35:04 +0000 Subject: upstream: When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075 --- authfile.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'authfile.c') diff --git a/authfile.c b/authfile.c index b1c92f4ad..2166c1689 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.131 2018/09/21 12:20:12 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.132 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -57,7 +57,7 @@ sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) { int fd, oerrno; - if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) + if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) == -1) return SSH_ERR_SYSTEM_ERROR; if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf), sshbuf_len(keybuf)) != sshbuf_len(keybuf)) { @@ -101,7 +101,7 @@ sshkey_load_file(int fd, struct sshbuf *blob) struct stat st; int r; - if (fstat(fd, &st) < 0) + if (fstat(fd, &st) == -1) return SSH_ERR_SYSTEM_ERROR; if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && st.st_size > MAX_KEY_FILE_SIZE) @@ -141,7 +141,7 @@ sshkey_perm_ok(int fd, const char *filename) { struct stat st; - if (fstat(fd, &st) < 0) + if (fstat(fd, &st) == -1) return SSH_ERR_SYSTEM_ERROR; /* * if a key owned by the user is accessed, then we check the @@ -176,7 +176,7 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase, if (commentp != NULL) *commentp = NULL; - if ((fd = open(filename, O_RDONLY)) < 0) { + if ((fd = open(filename, O_RDONLY)) == -1) { if (perm_ok != NULL) *perm_ok = 0; return SSH_ERR_SYSTEM_ERROR; @@ -236,7 +236,7 @@ sshkey_load_private(const char *filename, const char *passphrase, if (commentp != NULL) *commentp = NULL; - if ((fd = open(filename, O_RDONLY)) < 0) + if ((fd = open(filename, O_RDONLY)) == -1) return SSH_ERR_SYSTEM_ERROR; if (sshkey_perm_ok(fd, filename) != 0) { r = SSH_ERR_KEY_BAD_PERMISSIONS; -- cgit v1.2.3 From eb0d8e708a1f958aecd2d6e2ff2450af488d4c2a Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 15 Jul 2019 13:16:29 +0000 Subject: upstream: support PKCS8 as an optional format for storage of private keys, enabled via "ssh-keygen -m PKCS8" on operations that save private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less terrible KDF (IIRC PEM uses a single round of MD5 as a KDF). adapted from patch by Jakub Jelen via bz3013; ok markus OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1 --- authfile.c | 6 ++--- ssh-keygen.1 | 9 +++---- ssh-keygen.c | 25 ++++++++++--------- sshkey.c | 78 +++++++++++++++++++++++++++++++++++++++++++----------------- sshkey.h | 11 +++++++-- 5 files changed, 87 insertions(+), 42 deletions(-) (limited to 'authfile.c') diff --git a/authfile.c b/authfile.c index 2166c1689..851c1a8a1 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.132 2019/06/28 13:35:04 deraadt Exp $ */ +/* $OpenBSD: authfile.c,v 1.133 2019/07/15 13:16:29 djm Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -74,7 +74,7 @@ sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) int sshkey_save_private(struct sshkey *key, const char *filename, const char *passphrase, const char *comment, - int force_new_format, const char *new_format_cipher, int new_format_rounds) + int format, const char *openssh_format_cipher, int openssh_format_rounds) { struct sshbuf *keyblob = NULL; int r; @@ -82,7 +82,7 @@ sshkey_save_private(struct sshkey *key, const char *filename, if ((keyblob = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment, - force_new_format, new_format_cipher, new_format_rounds)) != 0) + format, openssh_format_cipher, openssh_format_rounds)) != 0) goto out; if ((r = sshkey_save_private_blob(keyblob, filename)) != 0) goto out; diff --git a/ssh-keygen.1 b/ssh-keygen.1 index f42127c60..8184a1797 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.160 2019/05/20 06:01:59 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.161 2019/07/15 13:16:29 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 20 2019 $ +.Dd $Mdocdate: July 15 2019 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -419,11 +419,12 @@ The supported key formats are: .Dq RFC4716 (RFC 4716/SSH2 public or private key), .Dq PKCS8 -(PEM PKCS8 public key) +(PKCS8 public or private key) or .Dq PEM (PEM public key). -The default conversion format is +By default OpenSSH will write newly-generated private keys in its own +format, but when converting public keys for export the default format is .Dq RFC4716 . Setting a format of .Dq PEM diff --git a/ssh-keygen.c b/ssh-keygen.c index b019a02ff..5dcad1f61 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.335 2019/07/05 07:32:01 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.336 2019/07/15 13:16:29 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -147,11 +147,11 @@ static char *key_type_name = NULL; /* Load key from this PKCS#11 provider */ static char *pkcs11provider = NULL; -/* Use new OpenSSH private key format when writing SSH2 keys instead of PEM */ -static int use_new_format = 1; +/* Format for writing private keys */ +static int private_key_format = SSHKEY_PRIVATE_OPENSSH; /* Cipher for new-format private keys */ -static char *new_format_cipher = NULL; +static char *openssh_format_cipher = NULL; /* * Number of KDF rounds to derive new format keys / @@ -1048,7 +1048,8 @@ do_gen_all_hostkeys(struct passwd *pw) snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname); if ((r = sshkey_save_private(private, prv_tmp, "", - comment, use_new_format, new_format_cipher, rounds)) != 0) { + comment, private_key_format, openssh_format_cipher, + rounds)) != 0) { error("Saving key \"%s\" failed: %s", prv_tmp, ssh_err(r)); goto failnext; @@ -1391,7 +1392,7 @@ do_change_passphrase(struct passwd *pw) /* Save the file using the new passphrase. */ if ((r = sshkey_save_private(private, identity_file, passphrase1, - comment, use_new_format, new_format_cipher, rounds)) != 0) { + comment, private_key_format, openssh_format_cipher, rounds)) != 0) { error("Saving key \"%s\" failed: %s.", identity_file, ssh_err(r)); explicit_bzero(passphrase1, strlen(passphrase1)); @@ -1480,7 +1481,7 @@ do_change_comment(struct passwd *pw, const char *identity_comment) } if (private->type != KEY_ED25519 && private->type != KEY_XMSS && - !use_new_format) { + private_key_format != SSHKEY_PRIVATE_OPENSSH) { error("Comments are only supported for keys stored in " "the new format (-o)."); explicit_bzero(passphrase, strlen(passphrase)); @@ -1514,7 +1515,8 @@ do_change_comment(struct passwd *pw, const char *identity_comment) /* Save the file using the new passphrase. */ if ((r = sshkey_save_private(private, identity_file, passphrase, - new_comment, use_new_format, new_format_cipher, rounds)) != 0) { + new_comment, private_key_format, openssh_format_cipher, + rounds)) != 0) { error("Saving key \"%s\" failed: %s", identity_file, ssh_err(r)); explicit_bzero(passphrase, strlen(passphrase)); @@ -2525,11 +2527,12 @@ main(int argc, char **argv) } if (strcasecmp(optarg, "PKCS8") == 0) { convert_format = FMT_PKCS8; + private_key_format = SSHKEY_PRIVATE_PKCS8; break; } if (strcasecmp(optarg, "PEM") == 0) { convert_format = FMT_PEM; - use_new_format = 0; + private_key_format = SSHKEY_PRIVATE_PEM; break; } fatal("Unsupported conversion format \"%s\"", optarg); @@ -2567,7 +2570,7 @@ main(int argc, char **argv) add_cert_option(optarg); break; case 'Z': - new_format_cipher = optarg; + openssh_format_cipher = optarg; break; case 'C': identity_comment = optarg; @@ -2912,7 +2915,7 @@ passphrase_again: /* Save the key with the given passphrase and comment. */ if ((r = sshkey_save_private(private, identity_file, passphrase1, - comment, use_new_format, new_format_cipher, rounds)) != 0) { + comment, private_key_format, openssh_format_cipher, rounds)) != 0) { error("Saving key \"%s\" failed: %s", identity_file, ssh_err(r)); explicit_bzero(passphrase1, strlen(passphrase1)); diff --git a/sshkey.c b/sshkey.c index 6b5ff0485..a0cea9257 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.79 2019/07/07 01:05:00 dtucker Exp $ */ +/* $OpenBSD: sshkey.c,v 1.80 2019/07/15 13:16:29 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -3975,10 +3975,10 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, #ifdef WITH_OPENSSL -/* convert SSH v2 key in OpenSSL PEM format */ +/* convert SSH v2 key to PEM or PKCS#8 format */ static int -sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *buf, - const char *_passphrase, const char *comment) +sshkey_private_to_blob_pem_pkcs8(struct sshkey *key, struct sshbuf *buf, + int format, const char *_passphrase, const char *comment) { int was_shielded = sshkey_is_shielded(key); int success, r; @@ -3988,32 +3988,49 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *buf, char *bptr; BIO *bio = NULL; struct sshbuf *blob; + EVP_PKEY *pkey = NULL; if (len > 0 && len <= 4) return SSH_ERR_PASSPHRASE_TOO_SHORT; if ((blob = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((bio = BIO_new(BIO_s_mem())) == NULL) { - sshbuf_free(blob); - return SSH_ERR_ALLOC_FAIL; + if ((bio = BIO_new(BIO_s_mem())) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; } + if (format == SSHKEY_PRIVATE_PKCS8 && (pkey = EVP_PKEY_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } if ((r = sshkey_unshield_private(key)) != 0) goto out; switch (key->type) { case KEY_DSA: - success = PEM_write_bio_DSAPrivateKey(bio, key->dsa, - cipher, passphrase, len, NULL, NULL); + if (format == SSHKEY_PRIVATE_PEM) { + success = PEM_write_bio_DSAPrivateKey(bio, key->dsa, + cipher, passphrase, len, NULL, NULL); + } else { + success = EVP_PKEY_set1_DSA(pkey, key->dsa); + } break; #ifdef OPENSSL_HAS_ECC case KEY_ECDSA: - success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa, - cipher, passphrase, len, NULL, NULL); + if (format == SSHKEY_PRIVATE_PEM) { + success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa, + cipher, passphrase, len, NULL, NULL); + } else { + success = EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa); + } break; #endif case KEY_RSA: - success = PEM_write_bio_RSAPrivateKey(bio, key->rsa, - cipher, passphrase, len, NULL, NULL); + if (format == SSHKEY_PRIVATE_PEM) { + success = PEM_write_bio_RSAPrivateKey(bio, key->rsa, + cipher, passphrase, len, NULL, NULL); + } else { + success = EVP_PKEY_set1_RSA(pkey, key->rsa); + } break; default: success = 0; @@ -4023,6 +4040,13 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *buf, r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } + if (format == SSHKEY_PRIVATE_PKCS8) { + if ((success = PEM_write_bio_PrivateKey(bio, pkey, cipher, + passphrase, len, NULL, NULL)) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + } if ((blen = BIO_get_mem_data(bio, &bptr)) <= 0) { r = SSH_ERR_INTERNAL_ERROR; goto out; @@ -4035,8 +4059,9 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *buf, r = sshkey_shield_private(key); if (r == 0) r = sshbuf_putb(buf, blob); - sshbuf_free(blob); + EVP_PKEY_free(pkey); + sshbuf_free(blob); BIO_free(bio); return r; } @@ -4046,29 +4071,38 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *buf, int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, const char *passphrase, const char *comment, - int force_new_format, const char *new_format_cipher, int new_format_rounds) + int format, const char *openssh_format_cipher, int openssh_format_rounds) { switch (key->type) { #ifdef WITH_OPENSSL case KEY_DSA: case KEY_ECDSA: case KEY_RSA: - if (force_new_format) { - return sshkey_private_to_blob2(key, blob, passphrase, - comment, new_format_cipher, new_format_rounds); - } - return sshkey_private_pem_to_blob(key, blob, - passphrase, comment); + break; /* see below */ #endif /* WITH_OPENSSL */ case KEY_ED25519: #ifdef WITH_XMSS case KEY_XMSS: #endif /* WITH_XMSS */ return sshkey_private_to_blob2(key, blob, passphrase, - comment, new_format_cipher, new_format_rounds); + comment, openssh_format_cipher, openssh_format_rounds); default: return SSH_ERR_KEY_TYPE_UNKNOWN; } + +#ifdef WITH_OPENSSL + switch (format) { + case SSHKEY_PRIVATE_OPENSSH: + return sshkey_private_to_blob2(key, blob, passphrase, + comment, openssh_format_cipher, openssh_format_rounds); + case SSHKEY_PRIVATE_PEM: + case SSHKEY_PRIVATE_PKCS8: + return sshkey_private_to_blob_pem_pkcs8(key, blob, + format, passphrase, comment); + default: + return SSH_ERR_INVALID_ARGUMENT; + } +#endif /* WITH_OPENSSL */ } diff --git a/sshkey.h b/sshkey.h index 41d159a1b..d30a69cc9 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.32 2019/06/21 04:21:05 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.33 2019/07/15 13:16:29 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -88,6 +88,13 @@ enum sshkey_serialize_rep { SSHKEY_SERIALIZE_INFO = 254, }; +/* Private key disk formats */ +enum sshkey_private_format { + SSHKEY_PRIVATE_OPENSSH = 0, + SSHKEY_PRIVATE_PEM = 1, + SSHKEY_PRIVATE_PKCS8 = 2, +}; + /* key is stored in external hardware */ #define SSHKEY_FLAG_EXT 0x0001 @@ -221,7 +228,7 @@ int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); /* private key file format parsing and serialisation */ int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, const char *passphrase, const char *comment, - int force_new_format, const char *new_format_cipher, int new_format_rounds); + int format, const char *openssh_format_cipher, int openssh_format_rounds); int sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, struct sshkey **keyp, char **commentp); int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, -- cgit v1.2.3 From 6b39a7b49ebacec4e70e24bfc8ea2f11057aac22 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Mon, 5 Aug 2019 11:50:33 +0000 Subject: upstream: Remove now-redundant perm_ok arg since sshkey_load_private_type will now return SSH_ERR_KEY_BAD_PERMISSIONS in that case. Patch from jitendra.sharma at intel.com, ok djm@ OpenBSD-Commit-ID: 07916a17ed0a252591b71e7fb4be2599cb5b0c77 --- authfile.c | 24 ++++++++---------------- authfile.h | 6 +++--- sshconnect2.c | 6 +++--- 3 files changed, 14 insertions(+), 22 deletions(-) (limited to 'authfile.c') diff --git a/authfile.c b/authfile.c index 851c1a8a1..5e335ce43 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.133 2019/07/15 13:16:29 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.134 2019/08/05 11:50:33 dtucker Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -164,10 +164,9 @@ sshkey_perm_ok(int fd, const char *filename) return 0; } -/* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */ int sshkey_load_private_type(int type, const char *filename, const char *passphrase, - struct sshkey **keyp, char **commentp, int *perm_ok) + struct sshkey **keyp, char **commentp) { int fd, r; @@ -176,19 +175,12 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase, if (commentp != NULL) *commentp = NULL; - if ((fd = open(filename, O_RDONLY)) == -1) { - if (perm_ok != NULL) - *perm_ok = 0; + if ((fd = open(filename, O_RDONLY)) == -1) return SSH_ERR_SYSTEM_ERROR; - } - if (sshkey_perm_ok(fd, filename) != 0) { - if (perm_ok != NULL) - *perm_ok = 0; - r = SSH_ERR_KEY_BAD_PERMISSIONS; + + r = sshkey_perm_ok(fd, filename); + if (r != 0) goto out; - } - if (perm_ok != NULL) - *perm_ok = 1; r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp); if (r == 0 && keyp && *keyp) @@ -387,7 +379,7 @@ sshkey_load_cert(const char *filename, struct sshkey **keyp) /* Load private key and certificate */ int sshkey_load_private_cert(int type, const char *filename, const char *passphrase, - struct sshkey **keyp, int *perm_ok) + struct sshkey **keyp) { struct sshkey *key = NULL, *cert = NULL; int r; @@ -410,7 +402,7 @@ sshkey_load_private_cert(int type, const char *filename, const char *passphrase, } if ((r = sshkey_load_private_type(type, filename, - passphrase, &key, NULL, perm_ok)) != 0 || + passphrase, &key, NULL)) != 0 || (r = sshkey_load_cert(filename, &cert)) != 0) goto out; diff --git a/authfile.h b/authfile.h index 624d269f1..54df169b3 100644 --- a/authfile.h +++ b/authfile.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.h,v 1.21 2015/01/08 10:14:08 djm Exp $ */ +/* $OpenBSD: authfile.h,v 1.22 2019/08/05 11:50:33 dtucker Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. @@ -40,9 +40,9 @@ int sshkey_load_cert(const char *, struct sshkey **); int sshkey_load_public(const char *, struct sshkey **, char **); int sshkey_load_private(const char *, const char *, struct sshkey **, char **); int sshkey_load_private_cert(int, const char *, const char *, - struct sshkey **, int *); + struct sshkey **); int sshkey_load_private_type(int, const char *, const char *, - struct sshkey **, char **, int *); + struct sshkey **, char **); int sshkey_load_private_type_fd(int fd, int type, const char *passphrase, struct sshkey **keyp, char **commentp); int sshkey_perm_ok(int, const char *); diff --git a/sshconnect2.c b/sshconnect2.c index cb8d2193d..87fa70a40 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.307 2019/07/07 01:05:00 dtucker Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.308 2019/08/05 11:50:33 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1404,7 +1404,7 @@ load_identity_file(Identity *id) { struct sshkey *private = NULL; char prompt[300], *passphrase, *comment; - int r, perm_ok = 0, quit = 0, i; + int r, quit = 0, i; struct stat st; if (stat(id->filename, &st) == -1) { @@ -1426,7 +1426,7 @@ load_identity_file(Identity *id) } } switch ((r = sshkey_load_private_type(KEY_UNSPEC, id->filename, - passphrase, &private, &comment, &perm_ok))) { + passphrase, &private, &comment))) { case 0: break; case SSH_ERR_KEY_WRONG_PASSPHRASE: -- cgit v1.2.3 From dd8002fbe63d903ffea5be7b7f5fc2714acab4a0 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 3 Sep 2019 08:30:47 +0000 Subject: upstream: move advance_past_options to authfile.c and make it public; ok markus@ OpenBSD-Commit-ID: edda2fbba2c5b1f48e60f857a2010479e80c5f3c --- auth2-pubkey.c | 26 ++------------------------ authfile.c | 24 +++++++++++++++++++++++- authfile.h | 3 ++- 3 files changed, 27 insertions(+), 26 deletions(-) (limited to 'authfile.c') diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 65db116ed..d567f527c 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.92 2019/09/03 08:29:58 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.93 2019/09/03 08:30:47 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -538,28 +538,6 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw, return found_principal; } -/* - * Advanced *cpp past the end of key options, defined as the first unquoted - * whitespace character. Returns 0 on success or -1 on failure (e.g. - * unterminated quotes). - */ -static int -advance_past_options(char **cpp) -{ - char *cp = *cpp; - int quoted = 0; - - for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { - if (*cp == '\\' && cp[1] == '"') - cp++; /* Skip both */ - else if (*cp == '"') - quoted = !quoted; - } - *cpp = cp; - /* return failure for unterminated quotes */ - return (*cp == '\0' && quoted) ? -1 : 0; -} - /* * Check a single line of an authorized_keys-format file. Returns 0 if key * matches, -1 otherwise. Will return key/cert options via *authoptsp @@ -590,7 +568,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key, /* no key? check for options */ debug2("%s: check options: '%s'", loc, cp); key_options = cp; - if (advance_past_options(&cp) != 0) { + if (sshkey_advance_past_options(&cp) != 0) { reason = "invalid key option string"; goto fail_reason; } diff --git a/authfile.c b/authfile.c index 5e335ce43..37341189c 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.134 2019/08/05 11:50:33 dtucker Exp $ */ +/* $OpenBSD: authfile.c,v 1.135 2019/09/03 08:30:47 djm Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -528,3 +528,25 @@ sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file) } } +/* + * Advanced *cpp past the end of key options, defined as the first unquoted + * whitespace character. Returns 0 on success or -1 on failure (e.g. + * unterminated quotes). + */ +int +sshkey_advance_past_options(char **cpp) +{ + char *cp = *cpp; + int quoted = 0; + + for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { + if (*cp == '\\' && cp[1] == '"') + cp++; /* Skip both */ + else if (*cp == '"') + quoted = !quoted; + } + *cpp = cp; + /* return failure for unterminated quotes */ + return (*cp == '\0' && quoted) ? -1 : 0; +} + diff --git a/authfile.h b/authfile.h index 54df169b3..9c8a95a01 100644 --- a/authfile.h +++ b/authfile.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.h,v 1.22 2019/08/05 11:50:33 dtucker Exp $ */ +/* $OpenBSD: authfile.h,v 1.23 2019/09/03 08:30:47 djm Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. @@ -48,5 +48,6 @@ int sshkey_load_private_type_fd(int fd, int type, const char *passphrase, int sshkey_perm_ok(int, const char *); int sshkey_in_file(struct sshkey *, const char *, int, int); int sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file); +int sshkey_advance_past_options(char **cpp); #endif -- cgit v1.2.3