-/* $OpenBSD: auth2-hostbased.c,v 1.20 2014/12/23 22:42:48 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.21 2015/01/08 10:14:08 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
buffer_dump(&b);
buffer_free(&b);
#endif
+ /* XXX provide some way to allow admin to specify key types accepted */
pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) {
/* this is perfectly legal */
-/* $OpenBSD: authfile.c,v 1.108 2014/12/04 02:24:32 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.109 2015/01/08 10:14:08 djm Exp $ */
/*
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
*
/* Load a key from a fd into a buffer */
int
-sshkey_load_file(int fd, const char *filename, struct sshbuf *blob)
+sshkey_load_file(int fd, struct sshbuf *blob)
{
u_char buf[1024];
size_t len;
* otherwise.
*/
static int
-sshkey_load_public_rsa1(int fd, const char *filename,
- struct sshkey **keyp, char **commentp)
+sshkey_load_public_rsa1(int fd, struct sshkey **keyp, char **commentp)
{
struct sshbuf *b = NULL;
int r;
if ((b = sshbuf_new()) == NULL)
return SSH_ERR_ALLOC_FAIL;
- if ((r = sshkey_load_file(fd, filename, b)) != 0)
+ if ((r = sshkey_load_file(fd, b)) != 0)
goto out;
if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0)
goto out;
}
#endif /* WITH_SSH1 */
-#ifdef WITH_OPENSSL
-/* XXX Deprecate? */
-int
-sshkey_load_private_pem(int fd, int type, const char *passphrase,
- struct sshkey **keyp, char **commentp)
-{
- struct sshbuf *buffer = NULL;
- int r;
-
- *keyp = NULL;
- if (commentp != NULL)
- *commentp = NULL;
-
- if ((buffer = sshbuf_new()) == NULL)
- return SSH_ERR_ALLOC_FAIL;
- if ((r = sshkey_load_file(fd, NULL, buffer)) != 0)
- goto out;
- if ((r = sshkey_parse_private_pem_fileblob(buffer, type, passphrase,
- keyp, commentp)) != 0)
- goto out;
- r = 0;
- out:
- sshbuf_free(buffer);
- return r;
-}
-#endif /* WITH_OPENSSL */
-
/* XXX remove error() calls from here? */
int
sshkey_perm_ok(int fd, const char *filename)
struct sshkey **keyp, char **commentp, int *perm_ok)
{
int fd, r;
- struct sshbuf *buffer = NULL;
*keyp = NULL;
if (commentp != NULL)
if (perm_ok != NULL)
*perm_ok = 1;
+ r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);
+ out:
+ close(fd);
+ return r;
+}
+
+int
+sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
+ struct sshkey **keyp, char **commentp)
+{
+ struct sshbuf *buffer = NULL;
+ int r;
+
if ((buffer = sshbuf_new()) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
- if ((r = sshkey_load_file(fd, filename, buffer)) != 0)
- goto out;
- if ((r = sshkey_parse_private_fileblob_type(buffer, type, passphrase,
- keyp, commentp)) != 0)
+ if ((r = sshkey_load_file(fd, buffer)) != 0 ||
+ (r = sshkey_parse_private_fileblob_type(buffer, type,
+ passphrase, keyp, commentp)) != 0)
goto out;
+
+ /* success */
r = 0;
out:
- close(fd);
if (buffer != NULL)
sshbuf_free(buffer);
return r;
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
- if ((r = sshkey_load_file(fd, filename, buffer)) != 0 ||
+ if ((r = sshkey_load_file(fd, buffer)) != 0 ||
(r = sshkey_parse_private_fileblob(buffer, passphrase, filename,
keyp, commentp)) != 0)
goto out;
goto skip;
#ifdef WITH_SSH1
/* try rsa1 private key */
- r = sshkey_load_public_rsa1(fd, filename, keyp, commentp);
+ r = sshkey_load_public_rsa1(fd, keyp, commentp);
close(fd);
switch (r) {
case SSH_ERR_INTERNAL_ERROR:
-/* $OpenBSD: authfile.h,v 1.20 2014/12/04 02:24:32 djm Exp $ */
+/* $OpenBSD: authfile.h,v 1.21 2015/01/08 10:14:08 djm Exp $ */
/*
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
struct sshbuf;
struct sshkey;
+/* XXX document these */
+/* XXX some of these could probably be merged/retired */
+
int sshkey_save_private(struct sshkey *, const char *,
const char *, const char *, int, const char *, int);
-int sshkey_load_file(int, const char *, struct sshbuf *);
+int sshkey_load_file(int, struct sshbuf *);
int sshkey_load_cert(const char *, struct sshkey **);
int sshkey_load_public(const char *, struct sshkey **, char **);
int sshkey_load_private(const char *, const char *, struct sshkey **, char **);
struct sshkey **, int *);
int sshkey_load_private_type(int, const char *, const char *,
struct sshkey **, char **, int *);
-int sshkey_load_private_pem(int, int, const char *, struct sshkey **, char **);
+int sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
+ struct sshkey **keyp, char **commentp);
int sshkey_perm_ok(int, const char *);
int sshkey_in_file(struct sshkey *, const char *, int, int);
int sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file);
-/* $OpenBSD: key.c,v 1.124 2014/12/21 22:27:56 djm Exp $ */
+/* $OpenBSD: key.c,v 1.125 2015/01/08 10:14:08 djm Exp $ */
/*
* placed in the public domain
*/
{
int r;
- if ((r = sshkey_load_file(fd, filename, blob)) != 0) {
+ if ((r = sshkey_load_file(fd, blob)) != 0) {
fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
error("%s: %s", __func__, ssh_err(r));
return 0;
return ret;
}
-#ifdef WITH_OPENSSL
-Key *
-key_load_private_pem(int fd, int type, const char *passphrase,
- char **commentp)
-{
- int r;
- Key *ret = NULL;
-
- if ((r = sshkey_load_private_pem(fd, type, passphrase,
- &ret, commentp)) != 0) {
- fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
- if (r == SSH_ERR_KEY_WRONG_PASSPHRASE)
- debug("%s: %s", __func__, ssh_err(r));
- else
- error("%s: %s", __func__, ssh_err(r));
- return NULL;
- }
- return ret;
-}
-#endif /* WITH_OPENSSL */
-
int
key_perm_ok(int fd, const char *filename)
{
-/* $OpenBSD: key.h,v 1.44 2014/12/21 22:27:56 djm Exp $ */
+/* $OpenBSD: key.h,v 1.45 2015/01/08 10:14:08 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
Key *key_load_private(const char *, const char *, char **);
Key *key_load_private_cert(int, const char *, const char *, int *);
Key *key_load_private_type(int, const char *, const char *, char **, int *);
-Key *key_load_private_pem(int, int, const char *, char **);
int key_perm_ok(int, const char *);
#endif
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $OpenBSD: krl.c,v 1.21 2014/12/21 22:27:56 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.22 2015/01/08 10:14:08 djm Exp $ */
#include <sys/types.h>
#include <sys/param.h>
oerrno = errno;
goto out;
}
- if ((r = sshkey_load_file(fd, path, krlbuf)) != 0) {
+ if ((r = sshkey_load_file(fd, krlbuf)) != 0) {
oerrno = errno;
goto out;
}
-/* $OpenBSD: ssh-keysign.c,v 1.44 2014/12/21 22:27:56 djm Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.45 2015/01/08 10:14:08 djm Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*
#include "pathnames.h"
#include "readconf.h"
#include "uidswap.h"
+#include "sshkey.h"
+#include "ssherr.h"
/* XXX readconf.c needs these */
uid_t original_real_uid;
char *pkalg, *p;
int pktype, fail;
+ if (ret != NULL)
+ *ret = NULL;
fail = 0;
buffer_init(&b);
#define NUM_KEYTYPES 4
Key *keys[NUM_KEYTYPES], *key = NULL;
struct passwd *pw;
- int key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
+ int r, key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
u_char *signature, *data;
char *host, *fp;
u_int slen, dlen;
keys[i] = NULL;
if (key_fd[i] == -1)
continue;
-#ifdef WITH_OPENSSL
-/* XXX wrong api */
- keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
- NULL, NULL);
-#endif
+ r = sshkey_load_private_type_fd(key_fd[i], KEY_UNSPEC,
+ NULL, &key, NULL);
close(key_fd[i]);
- if (keys[i] != NULL)
+ if (r != 0)
+ debug("parse key %d: %s", i, ssh_err(r));
+ else if (key != NULL) {
+ keys[i] = key;
found = 1;
+ }
}
if (!found)
fatal("no hostkey found");
-/* $OpenBSD: sshconnect2.c,v 1.212 2014/12/21 22:27:56 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.213 2015/01/08 10:14:08 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
u_int blen, slen;
int ok, i, found = 0;
+ /* XXX provide some way to allow user to specify key types attempted */
+
/* check for a useful key */
for (i = 0; i < sensitive->nkeys; i++) {
private = sensitive->keys[i];
-/* $OpenBSD: sshkey.c,v 1.7 2014/12/21 22:27:55 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.8 2015/01/08 10:14:08 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
#endif /* WITH_SSH1 */
#ifdef WITH_OPENSSL
-/* XXX make private once ssh-keysign.c fixed */
-int
+static int
sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
- const char *passphrase, struct sshkey **keyp, char **commentp)
+ const char *passphrase, struct sshkey **keyp)
{
EVP_PKEY *pk = NULL;
struct sshkey *prv = NULL;
- char *name = "<no key>";
BIO *bio = NULL;
int r;
*keyp = NULL;
- if (commentp != NULL)
- *commentp = NULL;
if ((bio = BIO_new(BIO_s_mem())) == NULL || sshbuf_len(blob) > INT_MAX)
return SSH_ERR_ALLOC_FAIL;
}
prv->rsa = EVP_PKEY_get1_RSA(pk);
prv->type = KEY_RSA;
- name = "rsa w/o comment";
#ifdef DEBUG_PK
RSA_print_fp(stderr, prv->rsa, 8);
#endif
}
prv->dsa = EVP_PKEY_get1_DSA(pk);
prv->type = KEY_DSA;
- name = "dsa w/o comment";
#ifdef DEBUG_PK
DSA_print_fp(stderr, prv->dsa, 8);
#endif
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
- name = "ecdsa w/o comment";
#ifdef DEBUG_PK
if (prv != NULL && prv->ecdsa != NULL)
sshkey_dump_ec_key(prv->ecdsa);
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
- if (commentp != NULL &&
- (*commentp = strdup(name)) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
r = 0;
*keyp = prv;
prv = NULL;
case KEY_DSA:
case KEY_ECDSA:
case KEY_RSA:
- return sshkey_parse_private_pem_fileblob(blob, type, passphrase,
- keyp, commentp);
+ return sshkey_parse_private_pem_fileblob(blob, type,
+ passphrase, keyp);
#endif /* WITH_OPENSSL */
case KEY_ED25519:
return sshkey_parse_private2(blob, type, passphrase,
commentp)) == 0)
return 0;
#ifdef WITH_OPENSSL
- return sshkey_parse_private_pem_fileblob(blob, type, passphrase,
- keyp, commentp);
+ return sshkey_parse_private_pem_fileblob(blob, type,
+ passphrase, keyp);
#else
return SSH_ERR_INVALID_FORMAT;
#endif /* WITH_OPENSSL */
-/* $OpenBSD: sshkey.h,v 1.2 2014/12/21 22:27:55 djm Exp $ */
+/* $OpenBSD: sshkey.h,v 1.3 2015/01/08 10:14:08 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
int force_new_format, const char *new_format_cipher, int new_format_rounds);
int sshkey_parse_public_rsa1_fileblob(struct sshbuf *blob,
struct sshkey **keyp, char **commentp);
-int sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
- const char *passphrase, struct sshkey **keyp, char **commentp);
int sshkey_parse_private_fileblob(struct sshbuf *buffer,
const char *passphrase, const char *filename, struct sshkey **keyp,
char **commentp);
projects / openbsd / commitdiff