From 8668706d0f52654fe64c0ca41a96113aeab8d2b8 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Wed, 2 Jul 2014 15:28:02 +1000
Subject:    - djm@cvs.openbsd.org 2014/06/24 01:13:21      [Makefile.in
 auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c      [auth2-none.c
 auth2-pubkey.c authfile.c authfile.h cipher-3des1.c      [cipher-chachapoly.c
 cipher-chachapoly.h cipher.c cipher.h      [digest-libc.c digest-openssl.c
 digest.h dns.c entropy.c hmac.h      [hostfile.c key.c key.h krl.c monitor.c
 packet.c rsa.c rsa.h      [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c
 ssh-ed25519.c      [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c
 ssh-pkcs11.c      [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c
 sshconnect1.c      [sshconnect2.c sshd.c sshkey.c sshkey.h     
 [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]      New
 key API: refactor key-related functions to be more library-like,     
 existing API is offered as a set of wrappers.

     with and ok markus@

     Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
     Dempsky and Ron Bowes for a detailed review a few months ago.

     NB. This commit also removes portable OpenSSH support for OpenSSL
     <0.9.8e.
---
 ssh-add.c | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

(limited to 'ssh-add.c')

diff --git a/ssh-add.c b/ssh-add.c
index 3421452af..46b91cbde 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.109 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.110 2014/06/24 01:13:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -62,6 +62,7 @@
 #include "authfile.h"
 #include "pathnames.h"
 #include "misc.h"
+#include "ssherr.h"
 
 /* argv0 */
 extern char *__progname;
@@ -170,7 +171,7 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only)
 	Key *private, *cert;
 	char *comment = NULL;
 	char msg[1024], *certpath = NULL;
-	int fd, perms_ok, ret = -1;
+	int r, fd, perms_ok, ret = -1;
 	Buffer keyblob;
 
 	if (strcmp(filename, "-") == 0) {
@@ -201,12 +202,18 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only)
 	close(fd);
 
 	/* At first, try empty passphrase */
-	private = key_parse_private(&keyblob, filename, "", &comment);
+	if ((r = sshkey_parse_private_fileblob(&keyblob, filename, "",
+	    &private, &comment)) != 0 && r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+			fatal("Cannot parse %s: %s", filename, ssh_err(r));
 	if (comment == NULL)
 		comment = xstrdup(filename);
 	/* try last */
-	if (private == NULL && pass != NULL)
-		private = key_parse_private(&keyblob, filename, pass, NULL);
+	if (private == NULL && pass != NULL) {
+		if ((r = sshkey_parse_private_fileblob(&keyblob, filename, pass,
+		    &private, &comment)) != 0 &&
+		    r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+			fatal("Cannot parse %s: %s", filename, ssh_err(r));
+	}
 	if (private == NULL) {
 		/* clear passphrase since it did not work */
 		clear_pass();
@@ -220,8 +227,11 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only)
 				buffer_free(&keyblob);
 				return -1;
 			}
-			private = key_parse_private(&keyblob, filename, pass,
-			    &comment);
+			if ((r = sshkey_parse_private_fileblob(&keyblob,
+			     filename, pass, &private, &comment)) != 0 &&
+			    r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+				fatal("Cannot parse %s: %s",
+					    filename, ssh_err(r));
 			if (private != NULL)
 				break;
 			clear_pass();
-- 
cgit v1.2.3