upstream commit
deprecate key_load_private_pem() and
sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign
previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as
comment fields.
ok markus@
diff --git a/authfile.c b/authfile.c
index 95877e1..de97086 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.108 2014/12/04 02:24:32 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.109 2015/01/08 10:14:08 djm Exp $ */
/*
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
*
@@ -95,7 +95,7 @@
/* Load a key from a fd into a buffer */
int
-sshkey_load_file(int fd, const char *filename, struct sshbuf *blob)
+sshkey_load_file(int fd, struct sshbuf *blob)
{
u_char buf[1024];
size_t len;
@@ -142,8 +142,7 @@
* otherwise.
*/
static int
-sshkey_load_public_rsa1(int fd, const char *filename,
- struct sshkey **keyp, char **commentp)
+sshkey_load_public_rsa1(int fd, struct sshkey **keyp, char **commentp)
{
struct sshbuf *b = NULL;
int r;
@@ -154,7 +153,7 @@
if ((b = sshbuf_new()) == NULL)
return SSH_ERR_ALLOC_FAIL;
- if ((r = sshkey_load_file(fd, filename, b)) != 0)
+ if ((r = sshkey_load_file(fd, b)) != 0)
goto out;
if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0)
goto out;
@@ -165,33 +164,6 @@
}
#endif /* WITH_SSH1 */
-#ifdef WITH_OPENSSL
-/* XXX Deprecate? */
-int
-sshkey_load_private_pem(int fd, int type, const char *passphrase,
- struct sshkey **keyp, char **commentp)
-{
- struct sshbuf *buffer = NULL;
- int r;
-
- *keyp = NULL;
- if (commentp != NULL)
- *commentp = NULL;
-
- if ((buffer = sshbuf_new()) == NULL)
- return SSH_ERR_ALLOC_FAIL;
- if ((r = sshkey_load_file(fd, NULL, buffer)) != 0)
- goto out;
- if ((r = sshkey_parse_private_pem_fileblob(buffer, type, passphrase,
- keyp, commentp)) != 0)
- goto out;
- r = 0;
- out:
- sshbuf_free(buffer);
- return r;
-}
-#endif /* WITH_OPENSSL */
-
/* XXX remove error() calls from here? */
int
sshkey_perm_ok(int fd, const char *filename)
@@ -227,7 +199,6 @@
struct sshkey **keyp, char **commentp, int *perm_ok)
{
int fd, r;
- struct sshbuf *buffer = NULL;
*keyp = NULL;
if (commentp != NULL)
@@ -247,18 +218,31 @@
if (perm_ok != NULL)
*perm_ok = 1;
+ r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);
+ out:
+ close(fd);
+ return r;
+}
+
+int
+sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
+ struct sshkey **keyp, char **commentp)
+{
+ struct sshbuf *buffer = NULL;
+ int r;
+
if ((buffer = sshbuf_new()) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
- if ((r = sshkey_load_file(fd, filename, buffer)) != 0)
+ if ((r = sshkey_load_file(fd, buffer)) != 0 ||
+ (r = sshkey_parse_private_fileblob_type(buffer, type,
+ passphrase, keyp, commentp)) != 0)
goto out;
- if ((r = sshkey_parse_private_fileblob_type(buffer, type, passphrase,
- keyp, commentp)) != 0)
- goto out;
+
+ /* success */
r = 0;
out:
- close(fd);
if (buffer != NULL)
sshbuf_free(buffer);
return r;
@@ -287,7 +271,7 @@
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
- if ((r = sshkey_load_file(fd, filename, buffer)) != 0 ||
+ if ((r = sshkey_load_file(fd, buffer)) != 0 ||
(r = sshkey_parse_private_fileblob(buffer, passphrase, filename,
keyp, commentp)) != 0)
goto out;
@@ -363,7 +347,7 @@
goto skip;
#ifdef WITH_SSH1
/* try rsa1 private key */
- r = sshkey_load_public_rsa1(fd, filename, keyp, commentp);
+ r = sshkey_load_public_rsa1(fd, keyp, commentp);
close(fd);
switch (r) {
case SSH_ERR_INTERNAL_ERROR: