-/* $OpenBSD: auth2.c,v 1.148 2018/07/09 21:35:50 markus Exp $ */
+/* $OpenBSD: auth2.c,v 1.149 2018/07/11 18:53:29 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include "misc.h"
#include "servconf.h"
#include "compat.h"
-#include "key.h"
+#include "sshkey.h"
#include "hostfile.h"
#include "auth.h"
#include "dispatch.h"
-/* $OpenBSD: channels.c,v 1.382 2018/06/25 22:28:33 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.383 2018/07/11 18:53:29 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include "channels.h"
#include "compat.h"
#include "canohost.h"
-#include "key.h"
+#include "sshkey.h"
#include "authfd.h"
#include "pathnames.h"
#include "match.h"
-/* $OpenBSD: clientloop.c,v 1.316 2018/07/09 21:20:26 markus Exp $ */
+/* $OpenBSD: clientloop.c,v 1.317 2018/07/11 18:53:29 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include "compat.h"
#include "channels.h"
#include "dispatch.h"
-#include "key.h"
+#include "sshkey.h"
#include "cipher.h"
#include "kex.h"
#include "myproposal.h"
-/* $OpenBSD: kex.h,v 1.90 2018/07/10 09:36:58 sf Exp $ */
+/* $OpenBSD: kex.h,v 1.91 2018/07/11 18:53:29 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
#define KEX_H
#include "mac.h"
-#include "key.h" /* XXX for typedef */
#ifdef WITH_LEAKMALLOC
#include "leakmalloc.h"
+++ /dev/null
-/* $OpenBSD: key.c,v 1.132 2017/12/18 02:25:15 djm Exp $ */
-/*
- * placed in the public domain
- */
-
-#include <sys/types.h>
-#include <errno.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <limits.h>
-
-#define SSH_KEY_NO_DEFINE
-#include "key.h"
-
-#include "compat.h"
-#include "sshkey.h"
-#include "ssherr.h"
-#include "log.h"
-#include "authfile.h"
-
-static void
-fatal_on_fatal_errors(int r, const char *func, int extra_fatal)
-{
- if (r == SSH_ERR_INTERNAL_ERROR ||
- r == SSH_ERR_ALLOC_FAIL ||
- (extra_fatal != 0 && r == extra_fatal))
- fatal("%s: %s", func, ssh_err(r));
-}
-
-Key *
-key_from_blob(const u_char *blob, u_int blen)
-{
- int r;
- Key *ret = NULL;
-
- if ((r = sshkey_from_blob(blob, blen, &ret)) != 0) {
- fatal_on_fatal_errors(r, __func__, 0);
- error("%s: %s", __func__, ssh_err(r));
- return NULL;
- }
- return ret;
-}
-
-int
-key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
-{
- u_char *blob;
- size_t blen;
- int r;
-
- if (blobp != NULL)
- *blobp = NULL;
- if (lenp != NULL)
- *lenp = 0;
- if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) {
- fatal_on_fatal_errors(r, __func__, 0);
- error("%s: %s", __func__, ssh_err(r));
- return 0;
- }
- if (blen > INT_MAX)
- fatal("%s: giant len %zu", __func__, blen);
- if (blobp != NULL)
- *blobp = blob;
- if (lenp != NULL)
- *lenp = blen;
- return blen;
-}
-
-int
-key_sign(const Key *key, u_char **sigp, u_int *lenp,
- const u_char *data, u_int datalen, const char *alg)
-{
- int r;
- u_char *sig;
- size_t siglen;
-
- if (sigp != NULL)
- *sigp = NULL;
- if (lenp != NULL)
- *lenp = 0;
- if ((r = sshkey_sign(key, &sig, &siglen,
- data, datalen, alg, datafellows)) != 0) {
- fatal_on_fatal_errors(r, __func__, 0);
- error("%s: %s", __func__, ssh_err(r));
- return -1;
- }
- if (siglen > INT_MAX)
- fatal("%s: giant len %zu", __func__, siglen);
- if (sigp != NULL)
- *sigp = sig;
- if (lenp != NULL)
- *lenp = siglen;
- return 0;
-}
-
-Key *
-key_demote(const Key *k)
-{
- int r;
- Key *ret = NULL;
-
- if ((r = sshkey_demote(k, &ret)) != 0)
- fatal("%s: %s", __func__, ssh_err(r));
- return ret;
-}
-
-int
-key_drop_cert(Key *k)
-{
- int r;
-
- if ((r = sshkey_drop_cert(k)) != 0) {
- fatal_on_fatal_errors(r, __func__, 0);
- error("%s: %s", __func__, ssh_err(r));
- return -1;
- }
- return 0;
-}
-
-int
-key_cert_check_authority(const Key *k, int want_host, int require_principal,
- const char *name, const char **reason)
-{
- int r;
-
- if ((r = sshkey_cert_check_authority(k, want_host, require_principal,
- name, reason)) != 0) {
- fatal_on_fatal_errors(r, __func__, 0);
- error("%s: %s", __func__, ssh_err(r));
- return -1;
- }
- return 0;
-}
-
-/* authfile.c */
-
-Key *
-key_load_cert(const char *filename)
-{
- int r;
- Key *ret = NULL;
-
- if ((r = sshkey_load_cert(filename, &ret)) != 0) {
- fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
- /* Old authfile.c ignored all file errors. */
- if (r == SSH_ERR_SYSTEM_ERROR)
- debug("%s: %s", __func__, ssh_err(r));
- else
- error("%s: %s", __func__, ssh_err(r));
- return NULL;
- }
- return ret;
-
-}
-
-Key *
-key_load_public(const char *filename, char **commentp)
-{
- int r;
- Key *ret = NULL;
-
- if ((r = sshkey_load_public(filename, &ret, commentp)) != 0) {
- fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
- /* Old authfile.c ignored all file errors. */
- if (r == SSH_ERR_SYSTEM_ERROR)
- debug("%s: %s", __func__, ssh_err(r));
- else
- error("%s: %s", __func__, ssh_err(r));
- return NULL;
- }
- return ret;
-}
-
-Key *
-key_load_private(const char *path, const char *passphrase,
- char **commentp)
-{
- int r;
- Key *ret = NULL;
-
- if ((r = sshkey_load_private(path, passphrase, &ret, commentp)) != 0) {
- fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
- /* Old authfile.c ignored all file errors. */
- if (r == SSH_ERR_SYSTEM_ERROR ||
- r == SSH_ERR_KEY_WRONG_PASSPHRASE)
- debug("%s: %s", __func__, ssh_err(r));
- else
- error("%s: %s", __func__, ssh_err(r));
- return NULL;
- }
- return ret;
-}
-
-Key *
-key_load_private_cert(int type, const char *filename, const char *passphrase,
- int *perm_ok)
-{
- int r;
- Key *ret = NULL;
-
- if ((r = sshkey_load_private_cert(type, filename, passphrase,
- &ret, perm_ok)) != 0) {
- fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
- /* Old authfile.c ignored all file errors. */
- if (r == SSH_ERR_SYSTEM_ERROR ||
- r == SSH_ERR_KEY_WRONG_PASSPHRASE)
- debug("%s: %s", __func__, ssh_err(r));
- else
- error("%s: %s", __func__, ssh_err(r));
- return NULL;
- }
- return ret;
-}
-
-Key *
-key_load_private_type(int type, const char *filename, const char *passphrase,
- char **commentp, int *perm_ok)
-{
- int r;
- Key *ret = NULL;
-
- if ((r = sshkey_load_private_type(type, filename, passphrase,
- &ret, commentp, perm_ok)) != 0) {
- fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
- /* Old authfile.c ignored all file errors. */
- if (r == SSH_ERR_SYSTEM_ERROR ||
- (r == SSH_ERR_KEY_WRONG_PASSPHRASE))
- debug("%s: %s", __func__, ssh_err(r));
- else
- error("%s: %s", __func__, ssh_err(r));
- return NULL;
- }
- return ret;
-}
+++ /dev/null
-/* $OpenBSD: key.h,v 1.52 2017/12/18 02:25:15 djm Exp $ */
-
-/*
- * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#ifndef KEY_H
-#define KEY_H
-
-#include "sshkey.h"
-
-typedef struct sshkey Key;
-
-#define types sshkey_types
-#define fp_type sshkey_fp_type
-#define fp_rep sshkey_fp_rep
-
-#ifndef SSH_KEY_NO_DEFINE
-#define key_free sshkey_free
-#define key_equal_public sshkey_equal_public
-#define key_equal sshkey_equal
-#define key_type sshkey_type
-#define key_ssh_name sshkey_ssh_name
-#define key_ssh_name_plain sshkey_ssh_name_plain
-#define key_type_from_name sshkey_type_from_name
-#define key_is_cert sshkey_is_cert
-#define key_type_plain sshkey_type_plain
-#endif
-
-void key_free(Key *);
-Key *key_demote(const Key *);
-
-int key_drop_cert(Key *);
-int key_cert_check_authority(const Key *, int, int, const char *,
- const char **);
-
-Key *key_from_blob(const u_char *, u_int);
-int key_to_blob(const Key *, u_char **, u_int *);
-
-int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int,
- const char *);
-
-/* authfile.c */
-Key *key_load_cert(const char *);
-Key *key_load_public(const char *, char **);
-Key *key_load_private(const char *, const char *, char **);
-Key *key_load_private_cert(int, const char *, const char *, int *);
-Key *key_load_private_type(int, const char *, const char *, char **, int *);
-
-#endif
-/* $OpenBSD: monitor.c,v 1.184 2018/07/10 09:13:30 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.185 2018/07/11 18:53:29 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
#include "atomicio.h"
#include "xmalloc.h"
#include "ssh.h"
-#include "key.h"
+#include "sshkey.h"
#include "sshbuf.h"
#include "hostfile.h"
#include "auth.h"
char *alg = NULL;
size_t datlen, siglen, alglen;
int r, is_proof = 0;
- u_int keyid;
+ u_int keyid, compat;
const char proof_req[] = "hostkeys-prove-00@openssh.com";
debug3("%s", __func__);
if ((r = sshbuf_get_u32(m, &keyid)) != 0 ||
(r = sshbuf_get_string(m, &p, &datlen)) != 0 ||
- (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0)
+ (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0 ||
+ (r = sshbuf_get_u32(m, &compat)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (keyid > INT_MAX)
fatal("%s: invalid key ID", __func__);
if ((key = get_hostkey_by_index(keyid)) != NULL) {
if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg,
- datafellows)) != 0)
+ compat)) != 0)
fatal("%s: sshkey_sign failed: %s",
__func__, ssh_err(r));
} else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL &&
auth_sock > 0) {
if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen,
- p, datlen, alg, datafellows)) != 0) {
+ p, datlen, alg, compat)) != 0) {
fatal("%s: ssh_agent_sign failed: %s",
__func__, ssh_err(r));
}
if (key != NULL && authctxt->valid) {
/* These should not make it past the privsep child */
- if (key_type_plain(key->type) == KEY_RSA &&
+ if (sshkey_type_plain(key->type) == KEY_RSA &&
(datafellows & SSH_BUG_RSASIGMD5) != 0)
fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__);
-/* $OpenBSD: monitor_wrap.c,v 1.105 2018/07/10 09:36:58 sf Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.106 2018/07/11 18:53:29 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
#include "dh.h"
#endif
#include "sshbuf.h"
-#include "key.h"
+#include "sshkey.h"
#include "cipher.h"
#include "kex.h"
#include "hostfile.h"
#endif
int
-mm_key_sign(struct sshkey *key, u_char **sigp, u_int *lenp,
- const u_char *data, u_int datalen, const char *hostkey_alg)
+mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp,
+ const u_char *data, size_t datalen, const char *hostkey_alg, u_int compat)
{
struct kex *kex = *pmonitor->m_pkex;
struct sshbuf *m;
- size_t xxxlen;
u_int ndx = kex->host_key_index(key, 0, active_state);
int r;
fatal("%s: sshbuf_new failed", __func__);
if ((r = sshbuf_put_u32(m, ndx)) != 0 ||
(r = sshbuf_put_string(m, data, datalen)) != 0 ||
- (r = sshbuf_put_cstring(m, hostkey_alg)) != 0)
+ (r = sshbuf_put_cstring(m, hostkey_alg)) != 0 ||
+ (r = sshbuf_put_u32(m, compat)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, m);
debug3("%s: waiting for MONITOR_ANS_SIGN", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, m);
- if ((r = sshbuf_get_string(m, sigp, &xxxlen)) != 0)
+ if ((r = sshbuf_get_string(m, sigp, lenp)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
- if (xxxlen > 0xffffffff)
- fatal("%s: bad length %zu", __func__, xxxlen);
- *lenp = xxxlen; /* XXX fix API: size_t vs u_int */
sshbuf_free(m);
return (0);
-/* $OpenBSD: monitor_wrap.h,v 1.37 2018/03/03 03:15:51 djm Exp $ */
+/* $OpenBSD: monitor_wrap.h,v 1.38 2018/07/11 18:53:29 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
void mm_log_handler(LogLevel, const char *, void *);
int mm_is_monitor(void);
DH *mm_choose_dh(int, int, int);
-int mm_key_sign(struct sshkey *, u_char **, u_int *, const u_char *, u_int,
- const char *);
+int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t,
+ const char *, u_int compat);
void mm_inform_authserv(char *, char *);
struct passwd *mm_getpwnamallow(const char *);
char *mm_auth2_read_banner(void);
-/* $OpenBSD: mux.c,v 1.73 2018/07/09 21:18:10 markus Exp $ */
+/* $OpenBSD: mux.c,v 1.74 2018/07/11 18:53:29 markus Exp $ */
/*
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
*
#include "packet.h"
#include "monitor_fdpass.h"
#include "sshpty.h"
-#include "key.h"
+#include "sshkey.h"
#include "readconf.h"
#include "clientloop.h"
#include "ssherr.h"
-/* $OpenBSD: servconf.c,v 1.338 2018/07/09 21:29:36 markus Exp $ */
+/* $OpenBSD: servconf.c,v 1.339 2018/07/11 18:53:29 markus Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
#include "compat.h"
#include "pathnames.h"
#include "cipher.h"
-#include "key.h"
+#include "sshkey.h"
#include "kex.h"
#include "mac.h"
#include "match.h"
-/* $OpenBSD: serverloop.c,v 1.207 2018/07/09 21:29:36 markus Exp $ */
+/* $OpenBSD: serverloop.c,v 1.208 2018/07/11 18:53:29 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include "channels.h"
#include "compat.h"
#include "ssh2.h"
-#include "key.h"
+#include "sshkey.h"
#include "cipher.h"
#include "kex.h"
#include "hostfile.h"
-/* $OpenBSD: session.c,v 1.303 2018/07/09 21:26:02 markus Exp $ */
+/* $OpenBSD: session.c,v 1.304 2018/07/11 18:53:29 markus Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
#include "uidswap.h"
#include "compat.h"
#include "channels.h"
-#include "key.h"
+#include "sshkey.h"
#include "cipher.h"
#include "kex.h"
#include "hostfile.h"
-# $OpenBSD: Makefile,v 1.29 2018/07/09 21:56:06 markus Exp $
+# $OpenBSD: Makefile,v 1.30 2018/07/11 18:53:29 markus Exp $
.PATH: ${.CURDIR}/..
SRCS= ssh-agent.c ssh-pkcs11-client.c
-SRCS+= atomicio.c compat.c fatal.c key.c readpass.c
+SRCS+= atomicio.c compat.c fatal.c readpass.c
SRCS+= ${SRCS_BASE} ${SRCS_KEY} ${SRCS_KEYP} ${SRCS_KRL} ${SRCS_UTL}
PROG= ssh-agent
BINOWN= root
-/* $OpenBSD: ssh.c,v 1.482 2018/07/09 21:03:30 markus Exp $ */
+/* $OpenBSD: ssh.c,v 1.483 2018/07/11 18:53:29 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include "packet.h"
#include "sshbuf.h"
#include "channels.h"
-#include "key.h"
+#include "sshkey.h"
#include "authfd.h"
#include "authfile.h"
#include "pathnames.h"
return NULL;
}
+/*
+ * Check the result of hostkey loading, ignoring some errors and
+ * fatal()ing for others.
+ */
+static void
+check_load(int r, const char *path, const char *message)
+{
+ switch (r) {
+ case 0:
+ break;
+ case SSH_ERR_INTERNAL_ERROR:
+ case SSH_ERR_ALLOC_FAIL:
+ fatal("load %s \"%s\": %s", message, path, ssh_err(r));
+ case SSH_ERR_SYSTEM_ERROR:
+ /* Ignore missing files */
+ if (errno == ENOENT)
+ break;
+ /* FALLTHROUGH */
+ default:
+ error("load %s \"%s\": %s", message, path, ssh_err(r));
+ break;
+ }
+}
+
/*
* Read per-user configuration file. Ignore the system wide config
* file if the user specifies a config file on the command line.
/*
* If we successfully made the connection, load the host private key
- * in case we will need it later for combined rsa-rhosts
+ * in case we will need it later for hostbased
* authentication. This must be done before releasing extra
* privileges, because the file is only readable by root.
* If we cannot access the private keys, load the public keys
if (options.hostbased_authentication) {
sensitive_data.nkeys = 11;
sensitive_data.keys = xcalloc(sensitive_data.nkeys,
- sizeof(struct sshkey)); /* XXX */
+ sizeof(struct sshkey));
+
+ /* XXX check errors? */
+#define L_KEY(t,p,o) \
+ check_load(sshkey_load_private_type(t, p, "", \
+ &(sensitive_data.keys[o]), NULL, NULL), p, "key")
+#define L_KEYCERT(t,p,o) \
+ check_load(sshkey_load_private_cert(t, p, "", \
+ &(sensitive_data.keys[o]), NULL), p, "cert and key")
+#define L_PUBKEY(p,o) \
+ check_load(sshkey_load_public(p, &(sensitive_data.keys[o]), NULL), \
+ p, "pubkey")
+#define L_CERT(p,o) \
+ check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert")
PRIV_START;
- sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA,
- _PATH_HOST_ECDSA_KEY_FILE, "", NULL);
- sensitive_data.keys[2] = key_load_private_cert(KEY_ED25519,
- _PATH_HOST_ED25519_KEY_FILE, "", NULL);
- sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
- _PATH_HOST_RSA_KEY_FILE, "", NULL);
- sensitive_data.keys[4] = key_load_private_cert(KEY_DSA,
- _PATH_HOST_DSA_KEY_FILE, "", NULL);
- sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA,
- _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL);
- sensitive_data.keys[6] = key_load_private_type(KEY_ED25519,
- _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL);
- sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
- _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
- sensitive_data.keys[8] = key_load_private_type(KEY_DSA,
- _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
- sensitive_data.keys[9] = key_load_private_cert(KEY_XMSS,
- _PATH_HOST_XMSS_KEY_FILE, "", NULL);
- sensitive_data.keys[10] = key_load_private_type(KEY_XMSS,
- _PATH_HOST_XMSS_KEY_FILE, "", NULL, NULL);
+ L_KEYCERT(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, 1);
+ L_KEYCERT(KEY_ED25519, _PATH_HOST_ED25519_KEY_FILE, 2);
+ L_KEYCERT(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, 3);
+ L_KEYCERT(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, 4);
+ L_KEY(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, 5);
+ L_KEY(KEY_ED25519, _PATH_HOST_ED25519_KEY_FILE, 6);
+ L_KEY(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, 7);
+ L_KEY(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, 8);
+ L_KEYCERT(KEY_XMSS, _PATH_HOST_XMSS_KEY_FILE, 9);
+ L_KEY(KEY_XMSS, _PATH_HOST_XMSS_KEY_FILE, 10);
PRIV_END;
if (options.hostbased_authentication == 1 &&
sensitive_data.keys[6] == NULL &&
sensitive_data.keys[7] == NULL &&
sensitive_data.keys[8] == NULL &&
- sensitive_data.keys[9] == NULL) {
- sensitive_data.keys[1] = key_load_cert(
- _PATH_HOST_ECDSA_KEY_FILE);
- sensitive_data.keys[2] = key_load_cert(
- _PATH_HOST_ED25519_KEY_FILE);
- sensitive_data.keys[3] = key_load_cert(
- _PATH_HOST_RSA_KEY_FILE);
- sensitive_data.keys[4] = key_load_cert(
- _PATH_HOST_DSA_KEY_FILE);
- sensitive_data.keys[5] = key_load_public(
- _PATH_HOST_ECDSA_KEY_FILE, NULL);
- sensitive_data.keys[6] = key_load_public(
- _PATH_HOST_ED25519_KEY_FILE, NULL);
- sensitive_data.keys[7] = key_load_public(
- _PATH_HOST_RSA_KEY_FILE, NULL);
- sensitive_data.keys[8] = key_load_public(
- _PATH_HOST_DSA_KEY_FILE, NULL);
- sensitive_data.keys[9] = key_load_cert(
- _PATH_HOST_XMSS_KEY_FILE);
- sensitive_data.keys[10] = key_load_public(
- _PATH_HOST_XMSS_KEY_FILE, NULL);
+ sensitive_data.keys[9] == NULL &&
+ sensitive_data.keys[10] == NULL) {
+ L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 1);
+ L_CERT(_PATH_HOST_ED25519_KEY_FILE, 2);
+ L_CERT(_PATH_HOST_RSA_KEY_FILE, 3);
+ L_CERT(_PATH_HOST_DSA_KEY_FILE, 4);
+ L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 5);
+ L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 6);
+ L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 7);
+ L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 8);
+ L_CERT(_PATH_HOST_XMSS_KEY_FILE, 9);
+ L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 10);
sensitive_data.external_keysign = 1;
}
}
if (sensitive_data.keys[i] != NULL) {
/* Destroys contents safely */
debug3("clear hostkey %d", i);
- key_free(sensitive_data.keys[i]);
+ sshkey_free(sensitive_data.keys[i]);
sensitive_data.keys[i] = NULL;
}
}
free(options.identity_files[i]);
options.identity_files[i] = NULL;
if (options.identity_keys[i]) {
- key_free(options.identity_keys[i]);
+ sshkey_free(options.identity_keys[i]);
options.identity_keys[i] = NULL;
}
}
&keys)) > 0) {
for (i = 0; i < nkeys; i++) {
if (n_ids >= SSH_MAX_IDENTITY_FILES) {
- key_free(keys[i]);
+ sshkey_free(keys[i]);
continue;
}
identity_keys[n_ids] = keys[i];
"u", pw->pw_name, "l", thishost, "h", host,
"r", options.user, (char *)NULL);
free(cp);
- public = key_load_public(filename, NULL);
+ check_load(sshkey_load_public(filename, &public, NULL),
+ filename, "pubkey");
debug("identity file %s type %d", filename,
public ? public->type : -1);
free(options.identity_files[i]);
if (options.num_certificate_files != 0)
continue;
xasprintf(&cp, "%s-cert", filename);
- public = key_load_public(cp, NULL);
+ check_load(sshkey_load_public(cp, &public, NULL),
+ filename, "pubkey");
debug("identity file %s type %d", cp,
public ? public->type : -1);
if (public == NULL) {
free(cp);
continue;
}
- if (!key_is_cert(public)) {
+ if (!sshkey_is_cert(public)) {
debug("%s: key %s type %s is not a certificate",
- __func__, cp, key_type(public));
- key_free(public);
+ __func__, cp, sshkey_type(public));
+ sshkey_free(public);
free(cp);
continue;
}
(char *)NULL);
free(cp);
- public = key_load_public(filename, NULL);
+ check_load(sshkey_load_public(filename, &public, NULL),
+ filename, "certificate");
debug("certificate file %s type %d", filename,
public ? public->type : -1);
free(options.certificate_files[i]);
free(filename);
continue;
}
- if (!key_is_cert(public)) {
+ if (!sshkey_is_cert(public)) {
debug("%s: key %s type %s is not a certificate",
- __func__, filename, key_type(public));
- key_free(public);
+ __func__, filename, sshkey_type(public));
+ sshkey_free(public);
free(filename);
continue;
}
-# $OpenBSD: Makefile,v 1.73 2018/07/09 21:56:06 markus Exp $
+# $OpenBSD: Makefile,v 1.74 2018/07/11 18:53:29 markus Exp $
.PATH: ${.CURDIR}/..
SRCS= ssh.c readconf.c clientloop.c sshtty.c sshconnect.c sshconnect2.c mux.c
SRCS+= atomicio.c authfd.c compat.c dns.c fatal.c \
- hostfile.c key.c msg.c readpass.c utf8.c
+ hostfile.c msg.c readpass.c utf8.c
SRCS+= ${SRCS_BASE} ${SRCS_KEX} ${SRCS_KEXC} ${SRCS_KEY} ${SRCS_KEYP} \
${SRCS_KRL} ${SRCS_PROT} ${SRCS_PKT} ${SRCS_UTL} ${SRCS_PKCS11}
-/* $OpenBSD: sshconnect.c,v 1.299 2018/07/09 21:03:30 markus Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.300 2018/07/11 18:53:29 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include "packet.h"
#include "uidswap.h"
#include "compat.h"
-#include "key.h"
+#include "sshkey.h"
#include "sshconnect.h"
#include "hostfile.h"
#include "log.h"
{
const char *reason;
- if (key_cert_check_authority(host_key, 1, 0, host, &reason) != 0) {
+ if (sshkey_cert_check_authority(host_key, 1, 0, host, &reason) != 0) {
error("%s", reason);
return 0;
}
logit("WARNING: %s key found for host %s\n"
"in %s:%lu\n"
"%s key fingerprint %s.",
- key_type(found->key),
+ sshkey_type(found->key),
found->host, found->file, found->line,
- key_type(found->key), fp);
+ sshkey_type(found->key), fp);
if (options.visual_host_key)
logit("%s", ra);
free(ra);
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
error("It is also possible that a host key has just been changed.");
error("The fingerprint for the %s key sent by the remote host is\n%s.",
- key_type(host_key), fp);
+ sshkey_type(host_key), fp);
error("Please contact your system administrator.");
free(fp);
-/* $OpenBSD: sshconnect2.c,v 1.278 2018/07/09 21:03:30 markus Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.279 2018/07/11 18:53:29 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
if (ssh == NULL || ssh->kex->server_sig_algs == NULL ||
(key->type != KEY_RSA && key->type != KEY_RSA_CERT)) {
/* Filter base key signature alg against our configuration */
- return match_list(key_ssh_name(key),
+ return match_list(sshkey_ssh_name(key),
options.pubkey_key_types, NULL);
}
{
if (!id->key)
return (0);
- if (key_type_plain(id->key->type) == KEY_RSA &&
+ if (sshkey_type_plain(id->key->type) == KEY_RSA &&
(datafellows & SSH_BUG_RSASIGMD5) != 0) {
debug("Skipped %s key %s for RSA/MD5 server",
- key_type(id->key), id->filename);
+ sshkey_type(id->key), id->filename);
return (0);
}
return 1;
(r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 ||
(r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
(r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 ||
- (r = sshbuf_put_cstring(b, key_ssh_name(private))) != 0 ||
+ (r = sshbuf_put_cstring(b, sshkey_ssh_name(private))) != 0 ||
(r = sshbuf_put_string(b, keyblob, keylen)) != 0 ||
(r = sshbuf_put_cstring(b, chost)) != 0 ||
(r = sshbuf_put_cstring(b, authctxt->local_user)) != 0) {
(r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
(r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
(r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
- (r = sshpkt_put_cstring(ssh, key_ssh_name(private))) != 0 ||
+ (r = sshpkt_put_cstring(ssh, sshkey_ssh_name(private))) != 0 ||
(r = sshpkt_put_string(ssh, keyblob, keylen)) != 0 ||
(r = sshpkt_put_cstring(ssh, chost)) != 0 ||
(r = sshpkt_put_cstring(ssh, authctxt->local_user)) != 0 ||
-/* $OpenBSD: sshd.c,v 1.511 2018/07/09 21:29:36 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.512 2018/07/11 18:53:29 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include "compat.h"
#include "cipher.h"
#include "digest.h"
-#include "key.h"
+#include "sshkey.h"
#include "kex.h"
#include "myproposal.h"
#include "authfile.h"
for (i = 0; i < options.num_host_key_files; i++) {
if (sensitive_data.host_keys[i]) {
- key_free(sensitive_data.host_keys[i]);
+ sshkey_free(sensitive_data.host_keys[i]);
sensitive_data.host_keys[i] = NULL;
}
if (sensitive_data.host_certificates[i]) {
- key_free(sensitive_data.host_certificates[i]);
+ sshkey_free(sensitive_data.host_certificates[i]);
sensitive_data.host_certificates[i] = NULL;
}
}
{
struct sshkey *tmp;
u_int i;
+ int r;
for (i = 0; i < options.num_host_key_files; i++) {
if (sensitive_data.host_keys[i]) {
- tmp = key_demote(sensitive_data.host_keys[i]);
- key_free(sensitive_data.host_keys[i]);
+ if ((r = sshkey_demote(sensitive_data.host_keys[i],
+ &tmp)) != 0)
+ fatal("could not demote host %s key: %s",
+ sshkey_type(sensitive_data.host_keys[i]),
+ ssh_err(r));
+ sshkey_free(sensitive_data.host_keys[i]);
sensitive_data.host_keys[i] = tmp;
}
/* Certs do not need demotion */
u_int i;
for (i = 0; i < options.num_host_key_files; i++) {
- if (key_is_cert(key)) {
+ if (sshkey_is_cert(key)) {
if (key == sensitive_data.host_certificates[i] ||
(compare && sensitive_data.host_certificates[i] &&
sshkey_equal(key,
for (i = 0; i < options.num_host_key_files; i++) {
if (options.host_key_files[i] == NULL)
continue;
- key = key_load_private(options.host_key_files[i], "", NULL);
- pubkey = key_load_public(options.host_key_files[i], NULL);
-
+ if ((r = sshkey_load_private(options.host_key_files[i], "",
+ &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
+ error("Error loading host key \"%s\": %s",
+ options.host_key_files[i], ssh_err(r));
+ if ((r = sshkey_load_public(options.host_key_files[i],
+ &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
+ error("Error loading host key \"%s\": %s",
+ options.host_key_files[i], ssh_err(r));
if (pubkey == NULL && key != NULL)
- pubkey = key_demote(key);
+ if ((r = sshkey_demote(key, &pubkey)) != 0)
+ fatal("Could not demote key: \"%s\": %s",
+ options.host_key_files[i], ssh_err(r));
sensitive_data.host_keys[i] = key;
sensitive_data.host_pubkeys[i] = pubkey;
for (i = 0; i < options.num_host_cert_files; i++) {
if (options.host_cert_files[i] == NULL)
continue;
- key = key_load_public(options.host_cert_files[i], NULL);
- if (key == NULL) {
- error("Could not load host certificate: %s",
- options.host_cert_files[i]);
+ if ((r = sshkey_load_public(options.host_cert_files[i],
+ &key, NULL)) != 0) {
+ error("Could not load host certificate \"%s\": %s",
+ options.host_cert_files[i], ssh_err(r));
continue;
}
- if (!key_is_cert(key)) {
+ if (!sshkey_is_cert(key)) {
error("Certificate file is not a certificate: %s",
options.host_cert_files[i]);
- key_free(key);
+ sshkey_free(key);
continue;
}
/* Find matching private key */
for (j = 0; j < options.num_host_key_files; j++) {
- if (key_equal_public(key,
+ if (sshkey_equal_public(key,
sensitive_data.host_keys[j])) {
sensitive_data.host_certificates[j] = key;
break;
if (j >= options.num_host_key_files) {
error("No matching private key for certificate: %s",
options.host_cert_files[i]);
- key_free(key);
+ sshkey_free(key);
continue;
}
sensitive_data.host_certificates[j] = key;
debug("host certificate: #%u type %d %s", j, key->type,
- key_type(key));
+ sshkey_type(key));
}
if (use_privsep) {
int
sshd_hostkey_sign(struct sshkey *privkey, struct sshkey *pubkey,
- u_char **signature, size_t *slen, const u_char *data, size_t dlen,
+ u_char **signature, size_t *slenp, const u_char *data, size_t dlen,
const char *alg, u_int flag)
{
int r;
- u_int xxx_slen, xxx_dlen = dlen;
if (privkey) {
- if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen,
- alg) < 0))
+ if (PRIVSEP(sshkey_sign(privkey, signature, slenp, data, dlen,
+ alg, datafellows)) < 0)
fatal("%s: key_sign failed", __func__);
- if (slen)
- *slen = xxx_slen;
} else if (use_privsep) {
- if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen,
- alg) < 0)
+ if (mm_sshkey_sign(pubkey, signature, slenp, data, dlen,
+ alg, datafellows) < 0)
fatal("%s: pubkey_sign failed", __func__);
- if (slen)
- *slen = xxx_slen;
} else {
- if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slen,
+ if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slenp,
data, dlen, alg, datafellows)) != 0)
fatal("%s: ssh_agent_sign failed: %s",
__func__, ssh_err(r));
-# $OpenBSD: Makefile,v 1.96 2018/07/09 21:56:06 markus Exp $
+# $OpenBSD: Makefile,v 1.97 2018/07/11 18:53:29 markus Exp $
.PATH: ${.CURDIR}/..
auth2-none.c auth2-passwd.c auth2-pubkey.c monitor.c monitor_wrap.c \
sftp-server.c sftp-common.c sandbox-pledge.c
SRCS+= atomicio.c authfd.c compat.c dns.c fatal.c \
- hostfile.c key.c msg.c readpass.c utf8.c
+ hostfile.c msg.c readpass.c utf8.c
SRCS+= ${SRCS_BASE} ${SRCS_KEX} ${SRCS_KEXS} ${SRCS_KEY} ${SRCS_KEYP} \
${SRCS_KRL} ${SRCS_PROT} ${SRCS_PKT} ${SRCS_UTL} ${SRCS_PKCS11}
projects / openbsd / commitdiff