-/* $OpenBSD: key.c,v 1.130 2016/05/02 09:36:42 djm Exp $ */
+/* $OpenBSD: key.c,v 1.131 2017/05/30 14:16:41 markus Exp $ */
/*
* placed in the public domain
*/
#include "log.h"
#include "authfile.h"
-void
-key_add_private(Key *k)
-{
- int r;
-
- if ((r = sshkey_add_private(k)) != 0)
- fatal("%s: %s", __func__, ssh_err(r));
-}
-
-Key *
-key_new_private(int type)
-{
- Key *ret = NULL;
-
- if ((ret = sshkey_new_private(type)) == NULL)
- fatal("%s: failed", __func__);
- return ret;
-}
-
-int
-key_read(Key *ret, char **cpp)
-{
- return sshkey_read(ret, cpp) == 0 ? 1 : -1;
-}
-
-int
-key_write(const Key *key, FILE *f)
-{
- return sshkey_write(key, f) == 0 ? 1 : 0;
-}
-
-Key *
-key_generate(int type, u_int bits)
-{
- int r;
- Key *ret = NULL;
-
- if ((r = sshkey_generate(type, bits, &ret)) != 0)
- fatal("%s: %s", __func__, ssh_err(r));
- return ret;
-}
-
-void
-key_cert_copy(const Key *from_key, Key *to_key)
-{
- int r;
-
- if ((r = sshkey_cert_copy(from_key, to_key)) != 0)
- fatal("%s: %s", __func__, ssh_err(r));
-}
-
-Key *
-key_from_private(const Key *k)
-{
- int r;
- Key *ret = NULL;
-
- if ((r = sshkey_from_private(k, &ret)) != 0)
- fatal("%s: %s", __func__, ssh_err(r));
- return ret;
-}
-
static void
fatal_on_fatal_errors(int r, const char *func, int extra_fatal)
{
return ret;
}
-int
-key_to_certified(Key *k)
-{
- int r;
-
- if ((r = sshkey_to_certified(k)) != 0) {
- fatal_on_fatal_errors(r, __func__, 0);
- error("%s: %s", __func__, ssh_err(r));
- return -1;
- }
- return 0;
-}
-
int
key_drop_cert(Key *k)
{
return 0;
}
-int
-key_certify(Key *k, Key *ca)
-{
- int r;
-
- if ((r = sshkey_certify(k, ca, NULL)) != 0) {
- fatal_on_fatal_errors(r, __func__, 0);
- error("%s: %s", __func__, ssh_err(r));
- return -1;
- }
- return 0;
-}
-
int
key_cert_check_authority(const Key *k, int want_host, int require_principal,
const char *name, const char **reason)
return 0;
}
-#ifdef WITH_OPENSSL
-int
-key_ec_validate_public(const EC_GROUP *group, const EC_POINT *public)
-{
- int r;
-
- if ((r = sshkey_ec_validate_public(group, public)) != 0) {
- fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
- error("%s: %s", __func__, ssh_err(r));
- return -1;
- }
- return 0;
-}
-
-int
-key_ec_validate_private(const EC_KEY *key)
-{
- int r;
-
- if ((r = sshkey_ec_validate_private(key)) != 0) {
- fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
- error("%s: %s", __func__, ssh_err(r));
- return -1;
- }
- return 0;
-}
-#endif /* WITH_OPENSSL */
-
-void
-key_private_serialize(const Key *key, struct sshbuf *b)
-{
- int r;
-
- if ((r = sshkey_private_serialize(key, b)) != 0)
- fatal("%s: %s", __func__, ssh_err(r));
-}
-
-Key *
-key_private_deserialize(struct sshbuf *blob)
-{
- int r;
- Key *ret = NULL;
-
- if ((r = sshkey_private_deserialize(blob, &ret)) != 0) {
- fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
- error("%s: %s", __func__, ssh_err(r));
- return NULL;
- }
- return ret;
-}
-
/* authfile.c */
-int
-key_save_private(Key *key, const char *filename, const char *passphrase,
- const char *comment, int force_new_format, const char *new_format_cipher,
- int new_format_rounds)
-{
- int r;
-
- if ((r = sshkey_save_private(key, filename, passphrase, comment,
- force_new_format, new_format_cipher, new_format_rounds)) != 0) {
- fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
- error("%s: %s", __func__, ssh_err(r));
- return 0;
- }
- return 1;
-}
-
-int
-key_load_file(int fd, const char *filename, struct sshbuf *blob)
-{
- int r;
-
- if ((r = sshkey_load_file(fd, blob)) != 0) {
- fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
- error("%s: %s", __func__, ssh_err(r));
- return 0;
- }
- return 1;
-}
-
Key *
key_load_cert(const char *filename)
{
}
return ret;
}
-
-int
-key_perm_ok(int fd, const char *filename)
-{
- return sshkey_perm_ok(fd, filename) == 0 ? 1 : 0;
-}
-
-/* $OpenBSD: key.h,v 1.50 2016/09/12 23:31:27 djm Exp $ */
+/* $OpenBSD: key.h,v 1.51 2017/05/30 14:16:41 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
#define fp_rep sshkey_fp_rep
#ifndef SSH_KEY_NO_DEFINE
-#define key_new sshkey_new
#define key_free sshkey_free
#define key_equal_public sshkey_equal_public
#define key_equal sshkey_equal
#define key_type sshkey_type
-#define key_cert_type sshkey_cert_type
#define key_ssh_name sshkey_ssh_name
#define key_ssh_name_plain sshkey_ssh_name_plain
#define key_type_from_name sshkey_type_from_name
-#define key_ecdsa_nid_from_name sshkey_ecdsa_nid_from_name
-#define key_type_is_cert sshkey_type_is_cert
-#define key_size sshkey_size
-#define key_ecdsa_bits_to_nid sshkey_ecdsa_bits_to_nid
-#define key_ecdsa_key_to_nid sshkey_ecdsa_key_to_nid
#define key_is_cert sshkey_is_cert
#define key_type_plain sshkey_type_plain
-#define key_curve_name_to_nid sshkey_curve_name_to_nid
-#define key_curve_nid_to_bits sshkey_curve_nid_to_bits
-#define key_curve_nid_to_name sshkey_curve_nid_to_name
-#define key_ec_nid_to_hash_alg sshkey_ec_nid_to_hash_alg
-#define key_dump_ec_point sshkey_dump_ec_point
-#define key_dump_ec_key sshkey_dump_ec_key
#endif
-void key_add_private(Key *);
-Key *key_new_private(int);
void key_free(Key *);
Key *key_demote(const Key *);
-int key_write(const Key *, FILE *);
-int key_read(Key *, char **);
-Key *key_generate(int, u_int);
-Key *key_from_private(const Key *);
-int key_to_certified(Key *);
int key_drop_cert(Key *);
-int key_certify(Key *, Key *);
-void key_cert_copy(const Key *, Key *);
int key_cert_check_authority(const Key *, int, int, const char *,
const char **);
-#ifdef WITH_OPENSSL
-int key_ec_validate_public(const EC_GROUP *, const EC_POINT *);
-int key_ec_validate_private(const EC_KEY *);
-#endif /* WITH_OPENSSL */
-
Key *key_from_blob(const u_char *, u_int);
int key_to_blob(const Key *, u_char **, u_int *);
const char *);
int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
-void key_private_serialize(const Key *, struct sshbuf *);
-Key *key_private_deserialize(struct sshbuf *);
-
/* authfile.c */
-int key_save_private(Key *, const char *, const char *, const char *,
- int, const char *, int);
-int key_load_file(int, const char *, struct sshbuf *);
Key *key_load_cert(const char *);
Key *key_load_public(const char *, char **);
Key *key_load_private(const char *, const char *, char **);
Key *key_load_private_cert(int, const char *, const char *, int *);
Key *key_load_private_type(int, const char *, const char *, char **, int *);
-int key_perm_ok(int, const char *);
#endif
-/* $OpenBSD: ssh-add.c,v 1.131 2017/05/05 10:42:49 naddy Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.132 2017/05/30 14:16:41 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
goto out;
}
if ((r = sshkey_cert_copy(cert, private)) != 0) {
- error("%s: key_cert_copy: %s", __func__, ssh_err(r));
+ error("%s: sshkey_cert_copy: %s", __func__, ssh_err(r));
sshkey_free(cert);
goto out;
}
-/* $OpenBSD: ssh-keygen.c,v 1.303 2017/05/07 23:15:59 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.304 2017/05/30 14:16:41 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
return NULL;
}
if ((key = sshkey_new_private(ktype)) == NULL)
- fatal("key_new_private failed");
+ fatal("sshkey_new_private failed");
free(type);
switch (key->type) {
fatal("%s: %s", identity_file, strerror(errno));
prv = load_identity(identity_file);
if ((r = sshkey_write(prv, stdout)) != 0)
- error("key_write failed: %s", ssh_err(r));
+ error("sshkey_write failed: %s", ssh_err(r));
sshkey_free(prv);
fprintf(stdout, "\n");
exit(0);
bits = 0;
type_bits_valid(type, NULL, &bits);
if ((r = sshkey_generate(type, bits, &private)) != 0) {
- error("key_generate failed: %s", ssh_err(r));
+ error("sshkey_generate failed: %s", ssh_err(r));
first = 0;
continue;
}
explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
if ((r = sshkey_from_private(private, &public)) != 0)
- fatal("key_from_private failed: %s", ssh_err(r));
+ fatal("sshkey_from_private failed: %s", ssh_err(r));
sshkey_free(private);
strlcat(identity_file, ".pub", sizeof(identity_file));
OPTIONS_EXTENSIONS);
if ((r = sshkey_from_private(ca,
&public->cert->signature_key)) != 0)
- fatal("key_from_private (ca key): %s", ssh_err(r));
+ fatal("sshkey_from_private (ca key): %s", ssh_err(r));
if ((r = sshkey_certify(public, ca, key_type_name)) != 0)
fatal("Couldn't certify key %s: %s", tmp, ssh_err(r));
if (*cp == '#' || *cp == '\0')
continue;
if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
- fatal("key_new");
+ fatal("sshkey_new");
if ((r = sshkey_read(key, &cp)) != 0) {
error("%s:%lu: invalid key: %s", path,
lnum, ssh_err(r));
*/
}
if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
- fatal("key_new");
+ fatal("sshkey_new");
if ((r = sshkey_read(key, &cp)) != 0)
fatal("%s:%lu: invalid key: %s",
path, lnum, ssh_err(r));
printf("Generating public/private %s key pair.\n",
key_type_name);
if ((r = sshkey_generate(type, bits, &private)) != 0)
- fatal("key_generate failed");
+ fatal("sshkey_generate failed");
if ((r = sshkey_from_private(private, &public)) != 0)
- fatal("key_from_private failed: %s\n", ssh_err(r));
+ fatal("sshkey_from_private failed: %s\n", ssh_err(r));
if (!have_identity)
ask_filename(pw, "Enter file in which to save the key");
projects / openbsd / commitdiff