upstream commit
deprecate key_load_private_pem() and
sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
not require pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign
previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as
comment fields.
ok markus@
diff --git a/key.c b/key.c
index b821d9e..37eb676 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.124 2014/12/21 22:27:56 djm Exp $ */
+/* $OpenBSD: key.c,v 1.125 2015/01/08 10:14:08 djm Exp $ */
/*
* placed in the public domain
*/
@@ -328,7 +328,7 @@
{
int r;
- if ((r = sshkey_load_file(fd, filename, blob)) != 0) {
+ if ((r = sshkey_load_file(fd, blob)) != 0) {
fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
error("%s: %s", __func__, ssh_err(r));
return 0;
@@ -435,27 +435,6 @@
return ret;
}
-#ifdef WITH_OPENSSL
-Key *
-key_load_private_pem(int fd, int type, const char *passphrase,
- char **commentp)
-{
- int r;
- Key *ret = NULL;
-
- if ((r = sshkey_load_private_pem(fd, type, passphrase,
- &ret, commentp)) != 0) {
- fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
- if (r == SSH_ERR_KEY_WRONG_PASSPHRASE)
- debug("%s: %s", __func__, ssh_err(r));
- else
- error("%s: %s", __func__, ssh_err(r));
- return NULL;
- }
- return ret;
-}
-#endif /* WITH_OPENSSL */
-
int
key_perm_ok(int fd, const char *filename)
{