1/* $OpenBSD: sshkey.c,v 1.31 2015/12/11 04:21:12 mmcc Exp $ */ |
2/* 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved. 5 * Copyright (c) 2010,2011 Damien Miller. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: --- 68 unchanged lines hidden (view full) --- 78 79/* Supported key types */ 80struct keytype { 81 const char *name; 82 const char *shortname; 83 int type; 84 int nid; 85 int cert; |
86 int sigonly; |
87}; 88static const struct keytype keytypes[] = { |
89 { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0, 0 }, |
90 { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", |
91 KEY_ED25519_CERT, 0, 1, 0 }, |
92#ifdef WITH_OPENSSL |
93 { NULL, "RSA1", KEY_RSA1, 0, 0, 0 }, 94 { "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 }, 95 { "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 }, 96 { "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 }, 97 { "ssh-dss", "DSA", KEY_DSA, 0, 0, 0 }, |
98# ifdef OPENSSL_HAS_ECC |
99 { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0, 0 }, 100 { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0, 0 }, |
101# ifdef OPENSSL_HAS_NISTP521 |
102 { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0, 0 }, |
103# endif /* OPENSSL_HAS_NISTP521 */ 104# endif /* OPENSSL_HAS_ECC */ |
105 { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1, 0 }, 106 { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1, 0 }, |
107# ifdef OPENSSL_HAS_ECC 108 { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", |
109 KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1, 0 }, |
110 { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", |
111 KEY_ECDSA_CERT, NID_secp384r1, 1, 0 }, |
112# ifdef OPENSSL_HAS_NISTP521 113 { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", |
114 KEY_ECDSA_CERT, NID_secp521r1, 1, 0 }, |
115# endif /* OPENSSL_HAS_NISTP521 */ 116# endif /* OPENSSL_HAS_ECC */ 117#endif /* WITH_OPENSSL */ |
118 { NULL, NULL, -1, -1, 0, 0 } |
119}; 120 121const char * 122sshkey_type(const struct sshkey *k) 123{ 124 const struct keytype *kt; 125 126 for (kt = keytypes; kt->type != -1; kt++) { --- 71 unchanged lines hidden (view full) --- 198char * 199key_alg_list(int certs_only, int plain_only) 200{ 201 char *tmp, *ret = NULL; 202 size_t nlen, rlen = 0; 203 const struct keytype *kt; 204 205 for (kt = keytypes; kt->type != -1; kt++) { |
206 if (kt->name == NULL || kt->sigonly) |
207 continue; 208 if ((certs_only && !kt->cert) || (plain_only && kt->cert)) 209 continue; 210 if (ret != NULL) 211 ret[rlen++] = '\n'; 212 nlen = strlen(kt->name); 213 if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) { 214 free(ret); --- 200 unchanged lines hidden (view full) --- 415 416static void 417cert_free(struct sshkey_cert *cert) 418{ 419 u_int i; 420 421 if (cert == NULL) 422 return; |
423 sshbuf_free(cert->certblob); 424 sshbuf_free(cert->critical); 425 sshbuf_free(cert->extensions); 426 free(cert->key_id); |
427 for (i = 0; i < cert->nprincipals; i++) 428 free(cert->principals[i]); |
429 free(cert->principals); 430 sshkey_free(cert->signature_key); |
431 explicit_bzero(cert, sizeof(*cert)); 432 free(cert); 433} 434 435static struct sshkey_cert * 436cert_new(void) 437{ 438 struct sshkey_cert *cert; --- 769 unchanged lines hidden (view full) --- 1208 cp++; 1209 e = strspn(cp, "0123456789"); 1210 if (e == 0) 1211 return SSH_ERR_INVALID_FORMAT; 1212 if (e > SSHBUF_MAX_BIGNUM * 3) 1213 return SSH_ERR_BIGNUM_TOO_LARGE; 1214 if (cp[e] == '\0') 1215 skip = 0; |
1216 else if (strchr(" \t\r\n", cp[e]) == NULL) |
1217 return SSH_ERR_INVALID_FORMAT; 1218 cp[e] = '\0'; 1219 if (BN_dec2bn(&v, cp) <= 0) 1220 return SSH_ERR_INVALID_FORMAT; 1221 *cpp = cp + e + skip; 1222 return 0; 1223} 1224#endif /* WITH_SSH1 */ 1225 1226/* returns 0 ok, and < 0 error */ 1227int 1228sshkey_read(struct sshkey *ret, char **cpp) 1229{ 1230 struct sshkey *k; 1231 int retval = SSH_ERR_INVALID_FORMAT; |
1232 char *ep, *cp, *space; |
1233 int r, type, curve_nid = -1; 1234 struct sshbuf *blob; 1235#ifdef WITH_SSH1 |
1236 u_long bits; 1237#endif /* WITH_SSH1 */ 1238 1239 cp = *cpp; 1240 1241 switch (ret->type) { 1242 case KEY_RSA1: 1243#ifdef WITH_SSH1 1244 /* Get number of bits. */ 1245 bits = strtoul(cp, &ep, 10); |
1246 if (*cp == '\0' || strchr(" \t\r\n", *ep) == NULL || |
1247 bits == 0 || bits > SSHBUF_MAX_BIGNUM * 8) 1248 return SSH_ERR_INVALID_FORMAT; /* Bad bit count... */ 1249 /* Get public exponent, public modulus. */ 1250 if ((r = read_decimal_bignum(&ep, ret->rsa->e)) < 0) 1251 return r; 1252 if ((r = read_decimal_bignum(&ep, ret->rsa->n)) < 0) 1253 return r; |
1254 /* validate the claimed number of bits */ 1255 if (BN_num_bits(ret->rsa->n) != (int)bits) 1256 return SSH_ERR_KEY_BITS_MISMATCH; |
1257 *cpp = ep; |
1258 retval = 0; 1259#endif /* WITH_SSH1 */ 1260 break; 1261 case KEY_UNSPEC: 1262 case KEY_RSA: 1263 case KEY_DSA: 1264 case KEY_ECDSA: 1265 case KEY_ED25519: --- 21 unchanged lines hidden (view full) --- 1287 return SSH_ERR_ALLOC_FAIL; 1288 /* trim comment */ 1289 space = strchr(cp, ' '); 1290 if (space) { 1291 /* advance 'space': skip whitespace */ 1292 *space++ = '\0'; 1293 while (*space == ' ' || *space == '\t') 1294 space++; |
1295 ep = space; |
1296 } else |
1297 ep = cp + strlen(cp); |
1298 if ((r = sshbuf_b64tod(blob, cp)) != 0) { 1299 sshbuf_free(blob); 1300 return r; 1301 } 1302 if ((r = sshkey_from_blob(sshbuf_ptr(blob), 1303 sshbuf_len(blob), &k)) != 0) { 1304 sshbuf_free(blob); 1305 return r; --- 14 unchanged lines hidden (view full) --- 1320 sshkey_free(k); 1321 return SSH_ERR_EXPECTED_CERT; 1322 } 1323 if (ret->cert != NULL) 1324 cert_free(ret->cert); 1325 ret->cert = k->cert; 1326 k->cert = NULL; 1327 } |
1328 switch (sshkey_type_plain(ret->type)) { |
1329#ifdef WITH_OPENSSL |
1330 case KEY_RSA: |
1331 if (ret->rsa != NULL) 1332 RSA_free(ret->rsa); 1333 ret->rsa = k->rsa; 1334 k->rsa = NULL; 1335#ifdef DEBUG_PK 1336 RSA_print_fp(stderr, ret->rsa, 8); 1337#endif |
1338 break; 1339 case KEY_DSA: |
1340 if (ret->dsa != NULL) 1341 DSA_free(ret->dsa); 1342 ret->dsa = k->dsa; 1343 k->dsa = NULL; 1344#ifdef DEBUG_PK 1345 DSA_print_fp(stderr, ret->dsa, 8); 1346#endif |
1347 break; |
1348# ifdef OPENSSL_HAS_ECC |
1349 case KEY_ECDSA: |
1350 if (ret->ecdsa != NULL) 1351 EC_KEY_free(ret->ecdsa); 1352 ret->ecdsa = k->ecdsa; 1353 ret->ecdsa_nid = k->ecdsa_nid; 1354 k->ecdsa = NULL; 1355 k->ecdsa_nid = -1; 1356#ifdef DEBUG_PK 1357 sshkey_dump_ec_key(ret->ecdsa); 1358#endif |
1359 break; |
1360# endif /* OPENSSL_HAS_ECC */ 1361#endif /* WITH_OPENSSL */ |
1362 case KEY_ED25519: |
1363 free(ret->ed25519_pk); 1364 ret->ed25519_pk = k->ed25519_pk; 1365 k->ed25519_pk = NULL; 1366#ifdef DEBUG_PK 1367 /* XXX */ 1368#endif |
1369 break; |
1370 } |
1371 *cpp = ep; |
1372 retval = 0; 1373/*XXXX*/ 1374 sshkey_free(k); 1375 if (retval != 0) 1376 break; 1377 break; 1378 default: 1379 return SSH_ERR_INVALID_ARGUMENT; --- 331 unchanged lines hidden (view full) --- 1711 if ((from = from_key->cert) == NULL) 1712 return SSH_ERR_INVALID_ARGUMENT; 1713 1714 if ((to = to_key->cert = cert_new()) == NULL) 1715 return SSH_ERR_ALLOC_FAIL; 1716 1717 if ((ret = sshbuf_putb(to->certblob, from->certblob)) != 0 || 1718 (ret = sshbuf_putb(to->critical, from->critical)) != 0 || |
1719 (ret = sshbuf_putb(to->extensions, from->extensions)) != 0) |
1720 return ret; 1721 1722 to->serial = from->serial; 1723 to->type = from->type; 1724 if (from->key_id == NULL) 1725 to->key_id = NULL; 1726 else if ((to->key_id = strdup(from->key_id)) == NULL) 1727 return SSH_ERR_ALLOC_FAIL; --- 24 unchanged lines hidden (view full) --- 1752} 1753 1754int 1755sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) 1756{ 1757 struct sshkey *n = NULL; 1758 int ret = SSH_ERR_INTERNAL_ERROR; 1759 |
1760 *pkp = NULL; |
1761 switch (k->type) { 1762#ifdef WITH_OPENSSL 1763 case KEY_DSA: 1764 case KEY_DSA_CERT: 1765 if ((n = sshkey_new(k->type)) == NULL) 1766 return SSH_ERR_ALLOC_FAIL; 1767 if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || 1768 (BN_copy(n->dsa->q, k->dsa->q) == NULL) || --- 397 unchanged lines hidden (view full) --- 2166 r = sshkey_from_blob_internal(b, keyp, 1); 2167 sshbuf_free(b); 2168 return r; 2169} 2170 2171int 2172sshkey_sign(const struct sshkey *key, 2173 u_char **sigp, size_t *lenp, |
2174 const u_char *data, size_t datalen, const char *alg, u_int compat) |
2175{ 2176 if (sigp != NULL) 2177 *sigp = NULL; 2178 if (lenp != NULL) 2179 *lenp = 0; 2180 if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE) 2181 return SSH_ERR_INVALID_ARGUMENT; 2182 switch (key->type) { 2183#ifdef WITH_OPENSSL 2184 case KEY_DSA_CERT: 2185 case KEY_DSA: 2186 return ssh_dss_sign(key, sigp, lenp, data, datalen, compat); 2187# ifdef OPENSSL_HAS_ECC 2188 case KEY_ECDSA_CERT: 2189 case KEY_ECDSA: 2190 return ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); 2191# endif /* OPENSSL_HAS_ECC */ 2192 case KEY_RSA_CERT: 2193 case KEY_RSA: |
2194 return ssh_rsa_sign(key, sigp, lenp, data, datalen, alg); |
2195#endif /* WITH_OPENSSL */ 2196 case KEY_ED25519: 2197 case KEY_ED25519_CERT: 2198 return ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); 2199 default: 2200 return SSH_ERR_KEY_TYPE_UNKNOWN; 2201 } 2202} --- 15 unchanged lines hidden (view full) --- 2218 return ssh_dss_verify(key, sig, siglen, data, dlen, compat); 2219# ifdef OPENSSL_HAS_ECC 2220 case KEY_ECDSA_CERT: 2221 case KEY_ECDSA: 2222 return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); 2223# endif /* OPENSSL_HAS_ECC */ 2224 case KEY_RSA_CERT: 2225 case KEY_RSA: |
2226 return ssh_rsa_verify(key, sig, siglen, data, dlen); |
2227#endif /* WITH_OPENSSL */ 2228 case KEY_ED25519: 2229 case KEY_ED25519_CERT: 2230 return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat); 2231 default: 2232 return SSH_ERR_KEY_TYPE_UNKNOWN; 2233 } 2234} 2235 2236/* Converts a private to a public key */ 2237int 2238sshkey_demote(const struct sshkey *k, struct sshkey **dkp) 2239{ 2240 struct sshkey *pk; 2241 int ret = SSH_ERR_INTERNAL_ERROR; 2242 |
2243 *dkp = NULL; |
2244 if ((pk = calloc(1, sizeof(*pk))) == NULL) 2245 return SSH_ERR_ALLOC_FAIL; 2246 pk->type = k->type; 2247 pk->flags = k->flags; 2248 pk->ecdsa_nid = k->ecdsa_nid; 2249 pk->dsa = NULL; 2250 pk->ecdsa = NULL; 2251 pk->rsa = NULL; --- 200 unchanged lines hidden (view full) --- 2452 (ret = sshbuf_put_stringb(cert, k->cert->critical)) != 0 || 2453 (ret = sshbuf_put_stringb(cert, k->cert->extensions)) != 0 || 2454 (ret = sshbuf_put_string(cert, NULL, 0)) != 0 || /* Reserved */ 2455 (ret = sshbuf_put_string(cert, ca_blob, ca_len)) != 0) 2456 goto out; 2457 2458 /* Sign the whole mess */ 2459 if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), |
2460 sshbuf_len(cert), NULL, 0)) != 0) |
2461 goto out; 2462 2463 /* Append signature and we are done */ 2464 if ((ret = sshbuf_put_string(cert, sig_blob, sig_len)) != 0) 2465 goto out; 2466 ret = 0; 2467 out: 2468 if (ret != 0) 2469 sshbuf_reset(cert); |
2470 free(sig_blob); 2471 free(ca_blob); 2472 sshbuf_free(principals); |
2473 return ret; 2474} 2475 2476int 2477sshkey_cert_check_authority(const struct sshkey *k, 2478 int want_host, int require_principal, 2479 const char *name, const char **reason) 2480{ --- 44 unchanged lines hidden (view full) --- 2525 *reason = "Certificate invalid: name is not a listed " 2526 "principal"; 2527 return SSH_ERR_KEY_CERT_INVALID; 2528 } 2529 } 2530 return 0; 2531} 2532 |
2533size_t 2534sshkey_format_cert_validity(const struct sshkey_cert *cert, char *s, size_t l) 2535{ 2536 char from[32], to[32], ret[64]; 2537 time_t tt; 2538 struct tm *tm; 2539 2540 *from = *to = '\0'; 2541 if (cert->valid_after == 0 && 2542 cert->valid_before == 0xffffffffffffffffULL) 2543 return strlcpy(s, "forever", l); 2544 2545 if (cert->valid_after != 0) { 2546 /* XXX revisit INT_MAX in 2038 :) */ 2547 tt = cert->valid_after > INT_MAX ? 2548 INT_MAX : cert->valid_after; 2549 tm = localtime(&tt); 2550 strftime(from, sizeof(from), "%Y-%m-%dT%H:%M:%S", tm); 2551 } 2552 if (cert->valid_before != 0xffffffffffffffffULL) { 2553 /* XXX revisit INT_MAX in 2038 :) */ 2554 tt = cert->valid_before > INT_MAX ? 2555 INT_MAX : cert->valid_before; 2556 tm = localtime(&tt); 2557 strftime(to, sizeof(to), "%Y-%m-%dT%H:%M:%S", tm); 2558 } 2559 2560 if (cert->valid_after == 0) 2561 snprintf(ret, sizeof(ret), "before %s", to); 2562 else if (cert->valid_before == 0xffffffffffffffffULL) 2563 snprintf(ret, sizeof(ret), "after %s", from); 2564 else 2565 snprintf(ret, sizeof(ret), "from %s to %s", from, to); 2566 2567 return strlcpy(s, ret, l); 2568} 2569 |
2570int 2571sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) 2572{ 2573 int r = SSH_ERR_INTERNAL_ERROR; 2574 2575 if ((r = sshbuf_put_cstring(b, sshkey_ssh_name(key))) != 0) 2576 goto out; 2577 switch (key->type) { --- 147 unchanged lines hidden (view full) --- 2725 if ((r = sshbuf_get_eckey(buf, k->ecdsa)) != 0 || 2726 (r = sshbuf_get_bignum2(buf, exponent))) 2727 goto out; 2728 if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { 2729 r = SSH_ERR_LIBCRYPTO_ERROR; 2730 goto out; 2731 } 2732 if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), |
2733 EC_KEY_get0_public_key(k->ecdsa))) != 0 || |
2734 (r = sshkey_ec_validate_private(k->ecdsa)) != 0) 2735 goto out; 2736 break; 2737 case KEY_ECDSA_CERT: 2738 if ((exponent = BN_new()) == NULL) { 2739 r = SSH_ERR_LIBCRYPTO_ERROR; 2740 goto out; 2741 } 2742 if ((r = sshkey_froms(buf, &k)) != 0 || 2743 (r = sshkey_add_private(k)) != 0 || 2744 (r = sshbuf_get_bignum2(buf, exponent)) != 0) 2745 goto out; 2746 if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { 2747 r = SSH_ERR_LIBCRYPTO_ERROR; 2748 goto out; 2749 } 2750 if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), |
2751 EC_KEY_get0_public_key(k->ecdsa))) != 0 || |
2752 (r = sshkey_ec_validate_private(k->ecdsa)) != 0) 2753 goto out; 2754 break; 2755# endif /* OPENSSL_HAS_ECC */ 2756 case KEY_RSA: 2757 if ((k = sshkey_new_private(type)) == NULL) { 2758 r = SSH_ERR_ALLOC_FAIL; 2759 goto out; --- 5 unchanged lines hidden (view full) --- 2765 (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || 2766 (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || 2767 (r = rsa_generate_additional_parameters(k->rsa)) != 0) 2768 goto out; 2769 break; 2770 case KEY_RSA_CERT: 2771 if ((r = sshkey_froms(buf, &k)) != 0 || 2772 (r = sshkey_add_private(k)) != 0 || |
2773 (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || 2774 (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || 2775 (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || 2776 (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || |
2777 (r = rsa_generate_additional_parameters(k->rsa)) != 0) 2778 goto out; 2779 break; 2780#endif /* WITH_OPENSSL */ 2781 case KEY_ED25519: 2782 if ((k = sshkey_new_private(type)) == NULL) { 2783 r = SSH_ERR_ALLOC_FAIL; 2784 goto out; --- 670 unchanged lines hidden (view full) --- 3455 3456 /* Store cipher type and "reserved" field. */ 3457 if ((r = sshbuf_put_u8(encrypted, cipher_num)) != 0 || 3458 (r = sshbuf_put_u32(encrypted, 0)) != 0) 3459 goto out; 3460 3461 /* Store public key. This will be in plain text. */ 3462 if ((r = sshbuf_put_u32(encrypted, BN_num_bits(key->rsa->n))) != 0 || |
3463 (r = sshbuf_put_bignum1(encrypted, key->rsa->n)) != 0 || 3464 (r = sshbuf_put_bignum1(encrypted, key->rsa->e)) != 0 || 3465 (r = sshbuf_put_cstring(encrypted, comment)) != 0) |
3466 goto out; 3467 3468 /* Allocate space for the private part of the key in the buffer. */ 3469 if ((r = sshbuf_reserve(encrypted, sshbuf_len(buffer), &cp)) != 0) 3470 goto out; 3471 3472 if ((r = cipher_set_key_string(&ciphercontext, cipher, passphrase, 3473 CIPHER_ENCRYPT)) != 0) --- 4 unchanged lines hidden (view full) --- 3478 if ((r = cipher_cleanup(&ciphercontext)) != 0) 3479 goto out; 3480 3481 r = sshbuf_putb(blob, encrypted); 3482 3483 out: 3484 explicit_bzero(&ciphercontext, sizeof(ciphercontext)); 3485 explicit_bzero(buf, sizeof(buf)); |
3486 sshbuf_free(buffer); 3487 sshbuf_free(encrypted); |
3488 3489 return r; 3490} 3491#endif /* WITH_SSH1 */ 3492 3493#ifdef WITH_OPENSSL 3494/* convert SSH v2 key in OpenSSL PEM format */ 3495static int --- 137 unchanged lines hidden (view full) --- 3633 r = 0; 3634 if (keyp != NULL) 3635 *keyp = pub; 3636 else 3637 sshkey_free(pub); 3638 pub = NULL; 3639 3640 out: |
3641 sshbuf_free(copy); 3642 sshkey_free(pub); |
3643 return r; 3644} 3645 3646static int 3647sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase, 3648 struct sshkey **keyp, char **commentp) 3649{ 3650 int r; --- 95 unchanged lines hidden (view full) --- 3746 *keyp = prv; 3747 prv = NULL; 3748 if (commentp != NULL) { 3749 *commentp = comment; 3750 comment = NULL; 3751 } 3752 out: 3753 explicit_bzero(&ciphercontext, sizeof(ciphercontext)); |
3754 free(comment); 3755 sshkey_free(prv); 3756 sshbuf_free(copy); 3757 sshbuf_free(decrypted); |
3758 return r; 3759} 3760#endif /* WITH_SSH1 */ 3761 3762#ifdef WITH_OPENSSL 3763static int 3764sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, 3765 const char *passphrase, struct sshkey **keyp) --- 73 unchanged lines hidden (view full) --- 3839 } 3840 r = 0; 3841 *keyp = prv; 3842 prv = NULL; 3843 out: 3844 BIO_free(bio); 3845 if (pk != NULL) 3846 EVP_PKEY_free(pk); |
3847 sshkey_free(prv); |
3848 return r; 3849} 3850#endif /* WITH_OPENSSL */ 3851 3852int 3853sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, 3854 const char *passphrase, struct sshkey **keyp, char **commentp) 3855{ |
3856 *keyp = NULL; 3857 if (commentp != NULL) 3858 *commentp = NULL; 3859 3860 switch (type) { 3861#ifdef WITH_SSH1 3862 case KEY_RSA1: 3863 return sshkey_parse_private_rsa1(blob, passphrase, --- 5 unchanged lines hidden (view full) --- 3869 case KEY_RSA: 3870 return sshkey_parse_private_pem_fileblob(blob, type, 3871 passphrase, keyp); 3872#endif /* WITH_OPENSSL */ 3873 case KEY_ED25519: 3874 return sshkey_parse_private2(blob, type, passphrase, 3875 keyp, commentp); 3876 case KEY_UNSPEC: |
3877 if (sshkey_parse_private2(blob, type, passphrase, keyp, 3878 commentp) == 0) |
3879 return 0; 3880#ifdef WITH_OPENSSL 3881 return sshkey_parse_private_pem_fileblob(blob, type, 3882 passphrase, keyp); 3883#else 3884 return SSH_ERR_INVALID_FORMAT; 3885#endif /* WITH_OPENSSL */ 3886 default: 3887 return SSH_ERR_KEY_TYPE_UNKNOWN; 3888 } 3889} 3890 3891int 3892sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, |
3893 struct sshkey **keyp, char **commentp) |
3894{ |
3895 if (keyp != NULL) 3896 *keyp = NULL; 3897 if (commentp != NULL) 3898 *commentp = NULL; 3899 3900#ifdef WITH_SSH1 3901 /* it's a SSH v1 key if the public key part is readable */ |
3902 if (sshkey_parse_public_rsa1_fileblob(buffer, NULL, NULL) == 0) { |
3903 return sshkey_parse_private_fileblob_type(buffer, KEY_RSA1, 3904 passphrase, keyp, commentp); 3905 } 3906#endif /* WITH_SSH1 */ |
3907 return sshkey_parse_private_fileblob_type(buffer, KEY_UNSPEC, 3908 passphrase, keyp, commentp); |
3909} |