From a10abe9e4be4ca3b5da71c34c6f5f1844336958e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 12 Apr 2011 15:39:35 +1000 Subject: s/recommended/required in warning: "It is recommended that your private key files are NOT accessible by others." since there is no way to skip this check; bz#1878 --- authfile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'authfile.c') diff --git a/authfile.c b/authfile.c index f2aec267a..a49850c89 100644 --- a/authfile.c +++ b/authfile.c @@ -606,7 +606,7 @@ key_perm_ok(int fd, const char *filename) error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); error("Permissions 0%3.3o for '%s' are too open.", (u_int)st.st_mode & 0777, filename); - error("It is recommended that your private key files are NOT accessible by others."); + error("It is required that your private key files are NOT accessible by others."); error("This private key will be ignored."); return 0; } -- cgit v1.2.3 From 2ce12ef1ac96c47b386168459cf7264fdc6faf95 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 5 May 2011 14:17:18 +1000 Subject: - djm@cvs.openbsd.org 2011/05/04 21:15:29 [authfile.c authfile.h ssh-add.c] allow "ssh-add - < key"; feedback and ok markus@ --- ChangeLog | 3 ++ authfile.c | 100 ++++++++++++++++++++++++++++++++++++++--------------------- authfile.h | 4 ++- ssh-add.c | 33 +++++++++++++++----- ssh-keygen.c | 8 ++--- 5 files changed, 99 insertions(+), 49 deletions(-) (limited to 'authfile.c') diff --git a/ChangeLog b/ChangeLog index 7cc6a2345..6a324c716 100644 --- a/ChangeLog +++ b/ChangeLog @@ -65,6 +65,9 @@ certificate options are supposed to be packed in lexical order of option name (though we don't actually enforce this at present). Move one up that was out of sequence + - djm@cvs.openbsd.org 2011/05/04 21:15:29 + [authfile.c authfile.h ssh-add.c] + allow "ssh-add - < key"; feedback and ok markus@ 20110221 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the diff --git a/authfile.c b/authfile.c index a49850c89..608d1d06f 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.87 2010/11/29 18:57:04 markus Exp $ */ +/* $OpenBSD: authfile.c,v 1.88 2011/05/04 21:15:29 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -69,6 +69,8 @@ #include "misc.h" #include "atomicio.h" +#define MAX_KEY_FILE_SIZE (1024 * 1024) + /* Version identification string for SSH v1 identity files. */ static const char authfile_id_string[] = "SSH PRIVATE KEY FILE FORMAT 1.1\n"; @@ -312,12 +314,12 @@ key_parse_public_rsa1(Buffer *blob, char **commentp) return pub; } -/* Load the contents of a key file into a buffer */ -static int +/* Load a key from a fd into a buffer */ +int key_load_file(int fd, const char *filename, Buffer *blob) { + u_char buf[1024]; size_t len; - u_char *cp; struct stat st; if (fstat(fd, &st) < 0) { @@ -325,30 +327,45 @@ key_load_file(int fd, const char *filename, Buffer *blob) filename == NULL ? "" : filename, filename == NULL ? "" : " ", strerror(errno)); - close(fd); return 0; } - if (st.st_size > 1*1024*1024) { + if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && + st.st_size > MAX_KEY_FILE_SIZE) { + toobig: error("%s: key file %.200s%stoo large", __func__, filename == NULL ? "" : filename, filename == NULL ? "" : " "); - close(fd); return 0; } - len = (size_t)st.st_size; /* truncated */ - buffer_init(blob); - cp = buffer_append_space(blob, len); - - if (atomicio(read, fd, cp, len) != len) { - debug("%s: read from key file %.200s%sfailed: %.100s", __func__, - filename == NULL ? "" : filename, - filename == NULL ? "" : " ", - strerror(errno)); + for (;;) { + if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { + if (errno == EPIPE) + break; + debug("%s: read from key file %.200s%sfailed: %.100s", + __func__, filename == NULL ? "" : filename, + filename == NULL ? "" : " ", strerror(errno)); + buffer_clear(blob); + bzero(buf, sizeof(buf)); + return 0; + } + buffer_append(blob, buf, len); + if (buffer_len(blob) > MAX_KEY_FILE_SIZE) { + buffer_clear(blob); + bzero(buf, sizeof(buf)); + goto toobig; + } + } + bzero(buf, sizeof(buf)); + if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && + st.st_size != buffer_len(blob)) { + debug("%s: key file %.200s%schanged size while reading", + __func__, filename == NULL ? "" : filename, + filename == NULL ? "" : " "); buffer_clear(blob); - close(fd); return 0; } + return 1; } @@ -669,12 +686,39 @@ key_load_private_type(int type, const char *filename, const char *passphrase, return ret; } +Key * +key_parse_private(Buffer *buffer, const char *filename, + const char *passphrase, char **commentp) +{ + Key *pub, *prv; + Buffer pubcopy; + + buffer_init(&pubcopy); + buffer_append(&pubcopy, buffer_ptr(buffer), buffer_len(buffer)); + /* it's a SSH v1 key if the public key part is readable */ + pub = key_parse_public_rsa1(&pubcopy, commentp); + buffer_free(&pubcopy); + if (pub == NULL) { + prv = key_parse_private_type(buffer, KEY_UNSPEC, + passphrase, NULL); + /* use the filename as a comment for PEM */ + if (commentp && prv) + *commentp = xstrdup(filename); + } else { + key_free(pub); + /* key_parse_public_rsa1() has already loaded the comment */ + prv = key_parse_private_type(buffer, KEY_RSA1, passphrase, + NULL); + } + return prv; +} + Key * key_load_private(const char *filename, const char *passphrase, char **commentp) { - Key *pub, *prv; - Buffer buffer, pubcopy; + Key *prv; + Buffer buffer; int fd; fd = open(filename, O_RDONLY); @@ -697,23 +741,7 @@ key_load_private(const char *filename, const char *passphrase, } close(fd); - buffer_init(&pubcopy); - buffer_append(&pubcopy, buffer_ptr(&buffer), buffer_len(&buffer)); - /* it's a SSH v1 key if the public key part is readable */ - pub = key_parse_public_rsa1(&pubcopy, commentp); - buffer_free(&pubcopy); - if (pub == NULL) { - prv = key_parse_private_type(&buffer, KEY_UNSPEC, - passphrase, NULL); - /* use the filename as a comment for PEM */ - if (commentp && prv) - *commentp = xstrdup(filename); - } else { - key_free(pub); - /* key_parse_public_rsa1() has already loaded the comment */ - prv = key_parse_private_type(&buffer, KEY_RSA1, passphrase, - NULL); - } + prv = key_parse_private(&buffer, filename, passphrase, commentp); buffer_free(&buffer); return prv; } diff --git a/authfile.h b/authfile.h index 6745dc062..78349beb5 100644 --- a/authfile.h +++ b/authfile.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.h,v 1.15 2010/08/04 05:42:47 djm Exp $ */ +/* $OpenBSD: authfile.h,v 1.16 2011/05/04 21:15:29 djm Exp $ */ /* * Author: Tatu Ylonen @@ -16,9 +16,11 @@ #define AUTHFILE_H int key_save_private(Key *, const char *, const char *, const char *); +int key_load_file(int, const char *, Buffer *); Key *key_load_cert(const char *); Key *key_load_public(const char *, char **); Key *key_load_public_type(int, const char *, char **); +Key *key_parse_private(Buffer *, const char *, const char *, char **); Key *key_load_private(const char *, const char *, char **); Key *key_load_private_cert(int, const char *, const char *, int *); Key *key_load_private_type(int, const char *, const char *, char **, int *); diff --git a/ssh-add.c b/ssh-add.c index 94b68ac18..6d5e2a957 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.100 2010/08/31 12:33:38 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.101 2011/05/04 21:15:29 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -145,8 +145,12 @@ add_file(AuthenticationConnection *ac, const char *filename) char *comment = NULL; char msg[1024], *certpath; int fd, perms_ok, ret = -1; + Buffer keyblob; - if ((fd = open(filename, O_RDONLY)) < 0) { + if (strcmp(filename, "-") == 0) { + fd = STDIN_FILENO; + filename = "(stdin)"; + } else if ((fd = open(filename, O_RDONLY)) < 0) { perror(filename); return -1; } @@ -155,18 +159,28 @@ add_file(AuthenticationConnection *ac, const char *filename) * Since we'll try to load a keyfile multiple times, permission errors * will occur multiple times, so check perms first and bail if wrong. */ - perms_ok = key_perm_ok(fd, filename); - close(fd); - if (!perms_ok) + if (fd != STDIN_FILENO) { + perms_ok = key_perm_ok(fd, filename); + if (!perms_ok) { + close(fd); + return -1; + } + } + buffer_init(&keyblob); + if (!key_load_file(fd, filename, &keyblob)) { + buffer_free(&keyblob); + close(fd); return -1; + } + close(fd); /* At first, try empty passphrase */ - private = key_load_private(filename, "", &comment); + private = key_parse_private(&keyblob, filename, "", &comment); if (comment == NULL) comment = xstrdup(filename); /* try last */ if (private == NULL && pass != NULL) - private = key_load_private(filename, pass, NULL); + private = key_parse_private(&keyblob, filename, pass, NULL); if (private == NULL) { /* clear passphrase since it did not work */ clear_pass(); @@ -177,9 +191,11 @@ add_file(AuthenticationConnection *ac, const char *filename) if (strcmp(pass, "") == 0) { clear_pass(); xfree(comment); + buffer_free(&keyblob); return -1; } - private = key_load_private(filename, pass, &comment); + private = key_parse_private(&keyblob, filename, pass, + &comment); if (private != NULL) break; clear_pass(); @@ -187,6 +203,7 @@ add_file(AuthenticationConnection *ac, const char *filename) "Bad passphrase, try again for %.200s: ", comment); } } + buffer_free(&keyblob); if (ssh_add_identity_constrained(ac, private, comment, lifetime, confirm)) { diff --git a/ssh-keygen.c b/ssh-keygen.c index b52fc39cf..49e4eee10 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.209 2011/04/12 04:23:50 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.210 2011/04/18 00:46:05 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1453,6 +1453,9 @@ prepare_options_buf(Buffer *c, int which) if ((which & OPTIONS_CRITICAL) != 0 && certflags_command != NULL) add_string_option(c, "force-command", certflags_command); + if ((which & OPTIONS_EXTENSIONS) != 0 && + (certflags_flags & CERTOPT_X_FWD) != 0) + add_flag_option(c, "permit-X11-forwarding"); if ((which & OPTIONS_EXTENSIONS) != 0 && (certflags_flags & CERTOPT_AGENT_FWD) != 0) add_flag_option(c, "permit-agent-forwarding"); @@ -1465,9 +1468,6 @@ prepare_options_buf(Buffer *c, int which) if ((which & OPTIONS_EXTENSIONS) != 0 && (certflags_flags & CERTOPT_USER_RC) != 0) add_flag_option(c, "permit-user-rc"); - if ((which & OPTIONS_EXTENSIONS) != 0 && - (certflags_flags & CERTOPT_X_FWD) != 0) - add_flag_option(c, "permit-X11-forwarding"); if ((which & OPTIONS_CRITICAL) != 0 && certflags_src_addr != NULL) add_string_option(c, "source-address", certflags_src_addr); -- cgit v1.2.3 From 3219824f2d8b0ea1711818745b046931ffcd3918 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 15 May 2011 08:50:32 +1000 Subject: - djm@cvs.openbsd.org 2011/05/10 05:46:46 [authfile.c] despam debug() logs by detecting that we are trying to load a private key in key_try_load_public() and returning early; ok markus@ --- ChangeLog | 4 ++++ authfile.c | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'authfile.c') diff --git a/ChangeLog b/ChangeLog index 713798cbb..92aff179b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -62,6 +62,10 @@ a TTY is fatal. ok markus@ + - djm@cvs.openbsd.org 2011/05/10 05:46:46 + [authfile.c] + despam debug() logs by detecting that we are trying to load a private key + in key_try_load_public() and returning early; ok markus@ 20110510 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix diff --git a/authfile.c b/authfile.c index 608d1d06f..7a5b65142 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.88 2011/05/04 21:15:29 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.89 2011/05/10 05:46:46 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -765,6 +765,9 @@ key_try_load_public(Key *k, const char *filename, char **commentp) case '\0': continue; } + /* Abort loading if this looks like a private key */ + if (strncmp(cp, "-----BEGIN", 10) == 0) + break; /* Skip leading whitespace. */ for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) ; -- cgit v1.2.3 From 9d276b8d689b4dc878fa6154e7b449c1c0c85290 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 15 May 2011 08:51:43 +1000 Subject: - djm@cvs.openbsd.org 2011/05/13 00:05:36 [authfile.c] warn on unexpected key type in key_parse_private_type() --- ChangeLog | 3 +++ authfile.c | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'authfile.c') diff --git a/ChangeLog b/ChangeLog index 288a202cf..af1fd1c8e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -71,6 +71,9 @@ remove support for authorized_keys2; it is a relic from the early days of protocol v.2 support and has been undocumented for many years; ok markus@ + - djm@cvs.openbsd.org 2011/05/13 00:05:36 + [authfile.c] + warn on unexpected key type in key_parse_private_type() 20110510 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix diff --git a/authfile.c b/authfile.c index 7a5b65142..734d657e9 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.89 2011/05/10 05:46:46 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.90 2011/05/13 00:05:36 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -643,6 +643,7 @@ key_parse_private_type(Buffer *blob, int type, const char *passphrase, case KEY_UNSPEC: return key_parse_private_pem(blob, type, passphrase, commentp); default: + error("%s: cannot parse key type %d", __func__, type); break; } return NULL; -- cgit v1.2.3 From 04bb56ef10bca3219010fdb191f1f9941353174b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 29 May 2011 21:42:08 +1000 Subject: - djm@cvs.openbsd.org 2011/05/23 07:24:57 [authfile.c] read in key comments for v.2 keys (though note that these are not passed over the agent protocol); bz#439, based on patch from binder AT arago.de; ok markus@ --- ChangeLog | 5 +++++ authfile.c | 9 ++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) (limited to 'authfile.c') diff --git a/ChangeLog b/ChangeLog index acf4ea270..f3f43a13f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,11 @@ - jmc@cvs.openbsd.org 2011/05/23 07:10:21 [sshd.8 sshd_config.5] tweak previous; ok djm + - djm@cvs.openbsd.org 2011/05/23 07:24:57 + [authfile.c] + read in key comments for v.2 keys (though note that these are not + passed over the agent protocol); bz#439, based on patch from binder + AT arago.de; ok markus@ 20110520 - (djm) [session.c] call setexeccon() before executing passwd for pw diff --git a/authfile.c b/authfile.c index 734d657e9..96d2bf338 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.90 2011/05/13 00:05:36 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.91 2011/05/23 07:24:57 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -774,8 +774,11 @@ key_try_load_public(Key *k, const char *filename, char **commentp) ; if (*cp) { if (key_read(k, &cp) == 1) { - if (commentp) - *commentp=xstrdup(filename); + cp[strcspn(cp, "\r\n")] = '\0'; + if (commentp) { + *commentp = xstrdup(*cp ? + cp : filename); + } fclose(f); return 1; } -- cgit v1.2.3 From e7ac2bd42ad16c2e2485331641befedebaebdb46 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 20 Jun 2011 14:23:25 +1000 Subject: - markus@cvs.openbsd.org 2011/06/14 22:49:18 [authfile.c] make sure key_parse_public/private_rsa1() no longer consumes its input buffer. fixes ssh-add for passphrase-protected ssh1-keys; noted by naddy@; ok djm@ --- ChangeLog | 5 +++++ authfile.c | 53 ++++++++++++++++++++++++++++------------------------- 2 files changed, 33 insertions(+), 25 deletions(-) (limited to 'authfile.c') diff --git a/ChangeLog b/ChangeLog index e34289124..5dae2a859 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,11 @@ [ssh_config.5] explain IdentifyFile's semantics a little better, prompted by bz#1898 ok dtucker jmc + - markus@cvs.openbsd.org 2011/06/14 22:49:18 + [authfile.c] + make sure key_parse_public/private_rsa1() no longer consumes its input + buffer. fixes ssh-add for passphrase-protected ssh1-keys; + noted by naddy@; ok djm@ 20110603 - (dtucker) [README version.h contrib/caldera/openssh.spec diff --git a/authfile.c b/authfile.c index 96d2bf338..1d7e53cd1 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.91 2011/05/23 07:24:57 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.92 2011/06/14 22:49:18 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -279,6 +279,7 @@ static Key * key_parse_public_rsa1(Buffer *blob, char **commentp) { Key *pub; + Buffer copy; /* Check that it is at least big enough to contain the ID string. */ if (buffer_len(blob) < sizeof(authfile_id_string)) { @@ -295,21 +296,23 @@ key_parse_public_rsa1(Buffer *blob, char **commentp) debug3("Incorrect RSA1 identifier"); return NULL; } - buffer_consume(blob, sizeof(authfile_id_string)); + buffer_init(©); + buffer_append(©, buffer_ptr(blob), buffer_len(blob)); + buffer_consume(©, sizeof(authfile_id_string)); /* Skip cipher type and reserved data. */ - (void) buffer_get_char(blob); /* cipher type */ - (void) buffer_get_int(blob); /* reserved */ + (void) buffer_get_char(©); /* cipher type */ + (void) buffer_get_int(©); /* reserved */ /* Read the public key from the buffer. */ - (void) buffer_get_int(blob); + (void) buffer_get_int(©); pub = key_new(KEY_RSA1); - buffer_get_bignum(blob, pub->rsa->n); - buffer_get_bignum(blob, pub->rsa->e); + buffer_get_bignum(©, pub->rsa->n); + buffer_get_bignum(©, pub->rsa->e); if (commentp) - *commentp = buffer_get_string(blob, NULL); + *commentp = buffer_get_string(©, NULL); /* The encrypted private part is not parsed by this function. */ - buffer_clear(blob); + buffer_free(©); return pub; } @@ -420,6 +423,7 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp) CipherContext ciphercontext; Cipher *cipher; Key *prv = NULL; + Buffer copy; /* Check that it is at least big enough to contain the ID string. */ if (buffer_len(blob) < sizeof(authfile_id_string)) { @@ -436,41 +440,44 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp) debug3("Incorrect RSA1 identifier"); return NULL; } - buffer_consume(blob, sizeof(authfile_id_string)); + buffer_init(©); + buffer_append(©, buffer_ptr(blob), buffer_len(blob)); + buffer_consume(©, sizeof(authfile_id_string)); /* Read cipher type. */ - cipher_type = buffer_get_char(blob); - (void) buffer_get_int(blob); /* Reserved data. */ + cipher_type = buffer_get_char(©); + (void) buffer_get_int(©); /* Reserved data. */ /* Read the public key from the buffer. */ - (void) buffer_get_int(blob); + (void) buffer_get_int(©); prv = key_new_private(KEY_RSA1); - buffer_get_bignum(blob, prv->rsa->n); - buffer_get_bignum(blob, prv->rsa->e); + buffer_get_bignum(©, prv->rsa->n); + buffer_get_bignum(©, prv->rsa->e); if (commentp) - *commentp = buffer_get_string(blob, NULL); + *commentp = buffer_get_string(©, NULL); else - (void)buffer_get_string_ptr(blob, NULL); + (void)buffer_get_string_ptr(©, NULL); /* Check that it is a supported cipher. */ cipher = cipher_by_number(cipher_type); if (cipher == NULL) { debug("Unsupported RSA1 cipher %d", cipher_type); + buffer_free(©); goto fail; } /* Initialize space for decrypted data. */ buffer_init(&decrypted); - cp = buffer_append_space(&decrypted, buffer_len(blob)); + cp = buffer_append_space(&decrypted, buffer_len(©)); /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */ cipher_set_key_string(&ciphercontext, cipher, passphrase, CIPHER_DECRYPT); cipher_crypt(&ciphercontext, cp, - buffer_ptr(blob), buffer_len(blob)); + buffer_ptr(©), buffer_len(©)); cipher_cleanup(&ciphercontext); memset(&ciphercontext, 0, sizeof(ciphercontext)); - buffer_clear(blob); + buffer_free(©); check1 = buffer_get_char(&decrypted); check2 = buffer_get_char(&decrypted); @@ -692,13 +699,9 @@ key_parse_private(Buffer *buffer, const char *filename, const char *passphrase, char **commentp) { Key *pub, *prv; - Buffer pubcopy; - buffer_init(&pubcopy); - buffer_append(&pubcopy, buffer_ptr(buffer), buffer_len(buffer)); /* it's a SSH v1 key if the public key part is readable */ - pub = key_parse_public_rsa1(&pubcopy, commentp); - buffer_free(&pubcopy); + pub = key_parse_public_rsa1(buffer, commentp); if (pub == NULL) { prv = key_parse_private_type(buffer, KEY_UNSPEC, passphrase, NULL); -- cgit v1.2.3