sshkey.c (294496) | sshkey.c (296633) |
---|---|
1/* $OpenBSD: sshkey.c,v 1.21 2015/08/19 23:19:01 djm Exp $ */ | 1/* $OpenBSD: sshkey.c,v 1.31 2015/12/11 04:21:12 mmcc Exp $ */ |
2/* 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved. 5 * Copyright (c) 2010,2011 Damien Miller. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: --- 68 unchanged lines hidden (view full) --- 78 79/* Supported key types */ 80struct keytype { 81 const char *name; 82 const char *shortname; 83 int type; 84 int nid; 85 int cert; | 2/* 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved. 5 * Copyright (c) 2010,2011 Damien Miller. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: --- 68 unchanged lines hidden (view full) --- 78 79/* Supported key types */ 80struct keytype { 81 const char *name; 82 const char *shortname; 83 int type; 84 int nid; 85 int cert; |
86 int sigonly; |
|
86}; 87static const struct keytype keytypes[] = { | 87}; 88static const struct keytype keytypes[] = { |
88 { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 }, | 89 { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0, 0 }, |
89 { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", | 90 { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", |
90 KEY_ED25519_CERT, 0, 1 }, | 91 KEY_ED25519_CERT, 0, 1, 0 }, |
91#ifdef WITH_OPENSSL | 92#ifdef WITH_OPENSSL |
92 { NULL, "RSA1", KEY_RSA1, 0, 0 }, 93 { "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, 94 { "ssh-dss", "DSA", KEY_DSA, 0, 0 }, | 93 { NULL, "RSA1", KEY_RSA1, 0, 0, 0 }, 94 { "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 }, 95 { "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 }, 96 { "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 }, 97 { "ssh-dss", "DSA", KEY_DSA, 0, 0, 0 }, |
95# ifdef OPENSSL_HAS_ECC | 98# ifdef OPENSSL_HAS_ECC |
96 { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 }, 97 { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 }, | 99 { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0, 0 }, 100 { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0, 0 }, |
98# ifdef OPENSSL_HAS_NISTP521 | 101# ifdef OPENSSL_HAS_NISTP521 |
99 { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 }, | 102 { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0, 0 }, |
100# endif /* OPENSSL_HAS_NISTP521 */ 101# endif /* OPENSSL_HAS_ECC */ | 103# endif /* OPENSSL_HAS_NISTP521 */ 104# endif /* OPENSSL_HAS_ECC */ |
102 { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 }, 103 { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 }, | 105 { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1, 0 }, 106 { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1, 0 }, |
104# ifdef OPENSSL_HAS_ECC 105 { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", | 107# ifdef OPENSSL_HAS_ECC 108 { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", |
106 KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1 }, | 109 KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1, 0 }, |
107 { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", | 110 { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", |
108 KEY_ECDSA_CERT, NID_secp384r1, 1 }, | 111 KEY_ECDSA_CERT, NID_secp384r1, 1, 0 }, |
109# ifdef OPENSSL_HAS_NISTP521 110 { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", | 112# ifdef OPENSSL_HAS_NISTP521 113 { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", |
111 KEY_ECDSA_CERT, NID_secp521r1, 1 }, | 114 KEY_ECDSA_CERT, NID_secp521r1, 1, 0 }, |
112# endif /* OPENSSL_HAS_NISTP521 */ 113# endif /* OPENSSL_HAS_ECC */ 114#endif /* WITH_OPENSSL */ | 115# endif /* OPENSSL_HAS_NISTP521 */ 116# endif /* OPENSSL_HAS_ECC */ 117#endif /* WITH_OPENSSL */ |
115 { NULL, NULL, -1, -1, 0 } | 118 { NULL, NULL, -1, -1, 0, 0 } |
116}; 117 118const char * 119sshkey_type(const struct sshkey *k) 120{ 121 const struct keytype *kt; 122 123 for (kt = keytypes; kt->type != -1; kt++) { --- 71 unchanged lines hidden (view full) --- 195char * 196key_alg_list(int certs_only, int plain_only) 197{ 198 char *tmp, *ret = NULL; 199 size_t nlen, rlen = 0; 200 const struct keytype *kt; 201 202 for (kt = keytypes; kt->type != -1; kt++) { | 119}; 120 121const char * 122sshkey_type(const struct sshkey *k) 123{ 124 const struct keytype *kt; 125 126 for (kt = keytypes; kt->type != -1; kt++) { --- 71 unchanged lines hidden (view full) --- 198char * 199key_alg_list(int certs_only, int plain_only) 200{ 201 char *tmp, *ret = NULL; 202 size_t nlen, rlen = 0; 203 const struct keytype *kt; 204 205 for (kt = keytypes; kt->type != -1; kt++) { |
203 if (kt->name == NULL) | 206 if (kt->name == NULL || kt->sigonly) |
204 continue; 205 if ((certs_only && !kt->cert) || (plain_only && kt->cert)) 206 continue; 207 if (ret != NULL) 208 ret[rlen++] = '\n'; 209 nlen = strlen(kt->name); 210 if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) { 211 free(ret); --- 200 unchanged lines hidden (view full) --- 412 413static void 414cert_free(struct sshkey_cert *cert) 415{ 416 u_int i; 417 418 if (cert == NULL) 419 return; | 207 continue; 208 if ((certs_only && !kt->cert) || (plain_only && kt->cert)) 209 continue; 210 if (ret != NULL) 211 ret[rlen++] = '\n'; 212 nlen = strlen(kt->name); 213 if ((tmp = realloc(ret, rlen + nlen + 2)) == NULL) { 214 free(ret); --- 200 unchanged lines hidden (view full) --- 415 416static void 417cert_free(struct sshkey_cert *cert) 418{ 419 u_int i; 420 421 if (cert == NULL) 422 return; |
420 if (cert->certblob != NULL) 421 sshbuf_free(cert->certblob); 422 if (cert->critical != NULL) 423 sshbuf_free(cert->critical); 424 if (cert->extensions != NULL) 425 sshbuf_free(cert->extensions); 426 if (cert->key_id != NULL) 427 free(cert->key_id); | 423 sshbuf_free(cert->certblob); 424 sshbuf_free(cert->critical); 425 sshbuf_free(cert->extensions); 426 free(cert->key_id); |
428 for (i = 0; i < cert->nprincipals; i++) 429 free(cert->principals[i]); | 427 for (i = 0; i < cert->nprincipals; i++) 428 free(cert->principals[i]); |
430 if (cert->principals != NULL) 431 free(cert->principals); 432 if (cert->signature_key != NULL) 433 sshkey_free(cert->signature_key); | 429 free(cert->principals); 430 sshkey_free(cert->signature_key); |
434 explicit_bzero(cert, sizeof(*cert)); 435 free(cert); 436} 437 438static struct sshkey_cert * 439cert_new(void) 440{ 441 struct sshkey_cert *cert; --- 769 unchanged lines hidden (view full) --- 1211 cp++; 1212 e = strspn(cp, "0123456789"); 1213 if (e == 0) 1214 return SSH_ERR_INVALID_FORMAT; 1215 if (e > SSHBUF_MAX_BIGNUM * 3) 1216 return SSH_ERR_BIGNUM_TOO_LARGE; 1217 if (cp[e] == '\0') 1218 skip = 0; | 431 explicit_bzero(cert, sizeof(*cert)); 432 free(cert); 433} 434 435static struct sshkey_cert * 436cert_new(void) 437{ 438 struct sshkey_cert *cert; --- 769 unchanged lines hidden (view full) --- 1208 cp++; 1209 e = strspn(cp, "0123456789"); 1210 if (e == 0) 1211 return SSH_ERR_INVALID_FORMAT; 1212 if (e > SSHBUF_MAX_BIGNUM * 3) 1213 return SSH_ERR_BIGNUM_TOO_LARGE; 1214 if (cp[e] == '\0') 1215 skip = 0; |
1219 else if (index(" \t\r\n", cp[e]) == NULL) | 1216 else if (strchr(" \t\r\n", cp[e]) == NULL) |
1220 return SSH_ERR_INVALID_FORMAT; 1221 cp[e] = '\0'; 1222 if (BN_dec2bn(&v, cp) <= 0) 1223 return SSH_ERR_INVALID_FORMAT; 1224 *cpp = cp + e + skip; 1225 return 0; 1226} 1227#endif /* WITH_SSH1 */ 1228 1229/* returns 0 ok, and < 0 error */ 1230int 1231sshkey_read(struct sshkey *ret, char **cpp) 1232{ 1233 struct sshkey *k; 1234 int retval = SSH_ERR_INVALID_FORMAT; | 1217 return SSH_ERR_INVALID_FORMAT; 1218 cp[e] = '\0'; 1219 if (BN_dec2bn(&v, cp) <= 0) 1220 return SSH_ERR_INVALID_FORMAT; 1221 *cpp = cp + e + skip; 1222 return 0; 1223} 1224#endif /* WITH_SSH1 */ 1225 1226/* returns 0 ok, and < 0 error */ 1227int 1228sshkey_read(struct sshkey *ret, char **cpp) 1229{ 1230 struct sshkey *k; 1231 int retval = SSH_ERR_INVALID_FORMAT; |
1235 char *cp, *space; | 1232 char *ep, *cp, *space; |
1236 int r, type, curve_nid = -1; 1237 struct sshbuf *blob; 1238#ifdef WITH_SSH1 | 1233 int r, type, curve_nid = -1; 1234 struct sshbuf *blob; 1235#ifdef WITH_SSH1 |
1239 char *ep; | |
1240 u_long bits; 1241#endif /* WITH_SSH1 */ 1242 1243 cp = *cpp; 1244 1245 switch (ret->type) { 1246 case KEY_RSA1: 1247#ifdef WITH_SSH1 1248 /* Get number of bits. */ 1249 bits = strtoul(cp, &ep, 10); | 1236 u_long bits; 1237#endif /* WITH_SSH1 */ 1238 1239 cp = *cpp; 1240 1241 switch (ret->type) { 1242 case KEY_RSA1: 1243#ifdef WITH_SSH1 1244 /* Get number of bits. */ 1245 bits = strtoul(cp, &ep, 10); |
1250 if (*cp == '\0' || index(" \t\r\n", *ep) == NULL || | 1246 if (*cp == '\0' || strchr(" \t\r\n", *ep) == NULL || |
1251 bits == 0 || bits > SSHBUF_MAX_BIGNUM * 8) 1252 return SSH_ERR_INVALID_FORMAT; /* Bad bit count... */ 1253 /* Get public exponent, public modulus. */ 1254 if ((r = read_decimal_bignum(&ep, ret->rsa->e)) < 0) 1255 return r; 1256 if ((r = read_decimal_bignum(&ep, ret->rsa->n)) < 0) 1257 return r; | 1247 bits == 0 || bits > SSHBUF_MAX_BIGNUM * 8) 1248 return SSH_ERR_INVALID_FORMAT; /* Bad bit count... */ 1249 /* Get public exponent, public modulus. */ 1250 if ((r = read_decimal_bignum(&ep, ret->rsa->e)) < 0) 1251 return r; 1252 if ((r = read_decimal_bignum(&ep, ret->rsa->n)) < 0) 1253 return r; |
1258 *cpp = ep; | |
1259 /* validate the claimed number of bits */ 1260 if (BN_num_bits(ret->rsa->n) != (int)bits) 1261 return SSH_ERR_KEY_BITS_MISMATCH; | 1254 /* validate the claimed number of bits */ 1255 if (BN_num_bits(ret->rsa->n) != (int)bits) 1256 return SSH_ERR_KEY_BITS_MISMATCH; |
1257 *cpp = ep; |
|
1262 retval = 0; 1263#endif /* WITH_SSH1 */ 1264 break; 1265 case KEY_UNSPEC: 1266 case KEY_RSA: 1267 case KEY_DSA: 1268 case KEY_ECDSA: 1269 case KEY_ED25519: --- 21 unchanged lines hidden (view full) --- 1291 return SSH_ERR_ALLOC_FAIL; 1292 /* trim comment */ 1293 space = strchr(cp, ' '); 1294 if (space) { 1295 /* advance 'space': skip whitespace */ 1296 *space++ = '\0'; 1297 while (*space == ' ' || *space == '\t') 1298 space++; | 1258 retval = 0; 1259#endif /* WITH_SSH1 */ 1260 break; 1261 case KEY_UNSPEC: 1262 case KEY_RSA: 1263 case KEY_DSA: 1264 case KEY_ECDSA: 1265 case KEY_ED25519: --- 21 unchanged lines hidden (view full) --- 1287 return SSH_ERR_ALLOC_FAIL; 1288 /* trim comment */ 1289 space = strchr(cp, ' '); 1290 if (space) { 1291 /* advance 'space': skip whitespace */ 1292 *space++ = '\0'; 1293 while (*space == ' ' || *space == '\t') 1294 space++; |
1299 *cpp = space; | 1295 ep = space; |
1300 } else | 1296 } else |
1301 *cpp = cp + strlen(cp); | 1297 ep = cp + strlen(cp); |
1302 if ((r = sshbuf_b64tod(blob, cp)) != 0) { 1303 sshbuf_free(blob); 1304 return r; 1305 } 1306 if ((r = sshkey_from_blob(sshbuf_ptr(blob), 1307 sshbuf_len(blob), &k)) != 0) { 1308 sshbuf_free(blob); 1309 return r; --- 14 unchanged lines hidden (view full) --- 1324 sshkey_free(k); 1325 return SSH_ERR_EXPECTED_CERT; 1326 } 1327 if (ret->cert != NULL) 1328 cert_free(ret->cert); 1329 ret->cert = k->cert; 1330 k->cert = NULL; 1331 } | 1298 if ((r = sshbuf_b64tod(blob, cp)) != 0) { 1299 sshbuf_free(blob); 1300 return r; 1301 } 1302 if ((r = sshkey_from_blob(sshbuf_ptr(blob), 1303 sshbuf_len(blob), &k)) != 0) { 1304 sshbuf_free(blob); 1305 return r; --- 14 unchanged lines hidden (view full) --- 1320 sshkey_free(k); 1321 return SSH_ERR_EXPECTED_CERT; 1322 } 1323 if (ret->cert != NULL) 1324 cert_free(ret->cert); 1325 ret->cert = k->cert; 1326 k->cert = NULL; 1327 } |
1328 switch (sshkey_type_plain(ret->type)) { |
|
1332#ifdef WITH_OPENSSL | 1329#ifdef WITH_OPENSSL |
1333 if (sshkey_type_plain(ret->type) == KEY_RSA) { | 1330 case KEY_RSA: |
1334 if (ret->rsa != NULL) 1335 RSA_free(ret->rsa); 1336 ret->rsa = k->rsa; 1337 k->rsa = NULL; 1338#ifdef DEBUG_PK 1339 RSA_print_fp(stderr, ret->rsa, 8); 1340#endif | 1331 if (ret->rsa != NULL) 1332 RSA_free(ret->rsa); 1333 ret->rsa = k->rsa; 1334 k->rsa = NULL; 1335#ifdef DEBUG_PK 1336 RSA_print_fp(stderr, ret->rsa, 8); 1337#endif |
1341 } 1342 if (sshkey_type_plain(ret->type) == KEY_DSA) { | 1338 break; 1339 case KEY_DSA: |
1343 if (ret->dsa != NULL) 1344 DSA_free(ret->dsa); 1345 ret->dsa = k->dsa; 1346 k->dsa = NULL; 1347#ifdef DEBUG_PK 1348 DSA_print_fp(stderr, ret->dsa, 8); 1349#endif | 1340 if (ret->dsa != NULL) 1341 DSA_free(ret->dsa); 1342 ret->dsa = k->dsa; 1343 k->dsa = NULL; 1344#ifdef DEBUG_PK 1345 DSA_print_fp(stderr, ret->dsa, 8); 1346#endif |
1350 } | 1347 break; |
1351# ifdef OPENSSL_HAS_ECC | 1348# ifdef OPENSSL_HAS_ECC |
1352 if (sshkey_type_plain(ret->type) == KEY_ECDSA) { | 1349 case KEY_ECDSA: |
1353 if (ret->ecdsa != NULL) 1354 EC_KEY_free(ret->ecdsa); 1355 ret->ecdsa = k->ecdsa; 1356 ret->ecdsa_nid = k->ecdsa_nid; 1357 k->ecdsa = NULL; 1358 k->ecdsa_nid = -1; 1359#ifdef DEBUG_PK 1360 sshkey_dump_ec_key(ret->ecdsa); 1361#endif | 1350 if (ret->ecdsa != NULL) 1351 EC_KEY_free(ret->ecdsa); 1352 ret->ecdsa = k->ecdsa; 1353 ret->ecdsa_nid = k->ecdsa_nid; 1354 k->ecdsa = NULL; 1355 k->ecdsa_nid = -1; 1356#ifdef DEBUG_PK 1357 sshkey_dump_ec_key(ret->ecdsa); 1358#endif |
1362 } | 1359 break; |
1363# endif /* OPENSSL_HAS_ECC */ 1364#endif /* WITH_OPENSSL */ | 1360# endif /* OPENSSL_HAS_ECC */ 1361#endif /* WITH_OPENSSL */ |
1365 if (sshkey_type_plain(ret->type) == KEY_ED25519) { | 1362 case KEY_ED25519: |
1366 free(ret->ed25519_pk); 1367 ret->ed25519_pk = k->ed25519_pk; 1368 k->ed25519_pk = NULL; 1369#ifdef DEBUG_PK 1370 /* XXX */ 1371#endif | 1363 free(ret->ed25519_pk); 1364 ret->ed25519_pk = k->ed25519_pk; 1365 k->ed25519_pk = NULL; 1366#ifdef DEBUG_PK 1367 /* XXX */ 1368#endif |
1369 break; |
|
1372 } | 1370 } |
1371 *cpp = ep; |
|
1373 retval = 0; 1374/*XXXX*/ 1375 sshkey_free(k); 1376 if (retval != 0) 1377 break; 1378 break; 1379 default: 1380 return SSH_ERR_INVALID_ARGUMENT; --- 331 unchanged lines hidden (view full) --- 1712 if ((from = from_key->cert) == NULL) 1713 return SSH_ERR_INVALID_ARGUMENT; 1714 1715 if ((to = to_key->cert = cert_new()) == NULL) 1716 return SSH_ERR_ALLOC_FAIL; 1717 1718 if ((ret = sshbuf_putb(to->certblob, from->certblob)) != 0 || 1719 (ret = sshbuf_putb(to->critical, from->critical)) != 0 || | 1372 retval = 0; 1373/*XXXX*/ 1374 sshkey_free(k); 1375 if (retval != 0) 1376 break; 1377 break; 1378 default: 1379 return SSH_ERR_INVALID_ARGUMENT; --- 331 unchanged lines hidden (view full) --- 1711 if ((from = from_key->cert) == NULL) 1712 return SSH_ERR_INVALID_ARGUMENT; 1713 1714 if ((to = to_key->cert = cert_new()) == NULL) 1715 return SSH_ERR_ALLOC_FAIL; 1716 1717 if ((ret = sshbuf_putb(to->certblob, from->certblob)) != 0 || 1718 (ret = sshbuf_putb(to->critical, from->critical)) != 0 || |
1720 (ret = sshbuf_putb(to->extensions, from->extensions) != 0)) | 1719 (ret = sshbuf_putb(to->extensions, from->extensions)) != 0) |
1721 return ret; 1722 1723 to->serial = from->serial; 1724 to->type = from->type; 1725 if (from->key_id == NULL) 1726 to->key_id = NULL; 1727 else if ((to->key_id = strdup(from->key_id)) == NULL) 1728 return SSH_ERR_ALLOC_FAIL; --- 24 unchanged lines hidden (view full) --- 1753} 1754 1755int 1756sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) 1757{ 1758 struct sshkey *n = NULL; 1759 int ret = SSH_ERR_INTERNAL_ERROR; 1760 | 1720 return ret; 1721 1722 to->serial = from->serial; 1723 to->type = from->type; 1724 if (from->key_id == NULL) 1725 to->key_id = NULL; 1726 else if ((to->key_id = strdup(from->key_id)) == NULL) 1727 return SSH_ERR_ALLOC_FAIL; --- 24 unchanged lines hidden (view full) --- 1752} 1753 1754int 1755sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) 1756{ 1757 struct sshkey *n = NULL; 1758 int ret = SSH_ERR_INTERNAL_ERROR; 1759 |
1761 if (pkp != NULL) 1762 *pkp = NULL; 1763 | 1760 *pkp = NULL; |
1764 switch (k->type) { 1765#ifdef WITH_OPENSSL 1766 case KEY_DSA: 1767 case KEY_DSA_CERT: 1768 if ((n = sshkey_new(k->type)) == NULL) 1769 return SSH_ERR_ALLOC_FAIL; 1770 if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || 1771 (BN_copy(n->dsa->q, k->dsa->q) == NULL) || --- 397 unchanged lines hidden (view full) --- 2169 r = sshkey_from_blob_internal(b, keyp, 1); 2170 sshbuf_free(b); 2171 return r; 2172} 2173 2174int 2175sshkey_sign(const struct sshkey *key, 2176 u_char **sigp, size_t *lenp, | 1761 switch (k->type) { 1762#ifdef WITH_OPENSSL 1763 case KEY_DSA: 1764 case KEY_DSA_CERT: 1765 if ((n = sshkey_new(k->type)) == NULL) 1766 return SSH_ERR_ALLOC_FAIL; 1767 if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || 1768 (BN_copy(n->dsa->q, k->dsa->q) == NULL) || --- 397 unchanged lines hidden (view full) --- 2166 r = sshkey_from_blob_internal(b, keyp, 1); 2167 sshbuf_free(b); 2168 return r; 2169} 2170 2171int 2172sshkey_sign(const struct sshkey *key, 2173 u_char **sigp, size_t *lenp, |
2177 const u_char *data, size_t datalen, u_int compat) | 2174 const u_char *data, size_t datalen, const char *alg, u_int compat) |
2178{ 2179 if (sigp != NULL) 2180 *sigp = NULL; 2181 if (lenp != NULL) 2182 *lenp = 0; 2183 if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE) 2184 return SSH_ERR_INVALID_ARGUMENT; 2185 switch (key->type) { 2186#ifdef WITH_OPENSSL 2187 case KEY_DSA_CERT: 2188 case KEY_DSA: 2189 return ssh_dss_sign(key, sigp, lenp, data, datalen, compat); 2190# ifdef OPENSSL_HAS_ECC 2191 case KEY_ECDSA_CERT: 2192 case KEY_ECDSA: 2193 return ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); 2194# endif /* OPENSSL_HAS_ECC */ 2195 case KEY_RSA_CERT: 2196 case KEY_RSA: | 2175{ 2176 if (sigp != NULL) 2177 *sigp = NULL; 2178 if (lenp != NULL) 2179 *lenp = 0; 2180 if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE) 2181 return SSH_ERR_INVALID_ARGUMENT; 2182 switch (key->type) { 2183#ifdef WITH_OPENSSL 2184 case KEY_DSA_CERT: 2185 case KEY_DSA: 2186 return ssh_dss_sign(key, sigp, lenp, data, datalen, compat); 2187# ifdef OPENSSL_HAS_ECC 2188 case KEY_ECDSA_CERT: 2189 case KEY_ECDSA: 2190 return ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); 2191# endif /* OPENSSL_HAS_ECC */ 2192 case KEY_RSA_CERT: 2193 case KEY_RSA: |
2197 return ssh_rsa_sign(key, sigp, lenp, data, datalen, compat); | 2194 return ssh_rsa_sign(key, sigp, lenp, data, datalen, alg); |
2198#endif /* WITH_OPENSSL */ 2199 case KEY_ED25519: 2200 case KEY_ED25519_CERT: 2201 return ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); 2202 default: 2203 return SSH_ERR_KEY_TYPE_UNKNOWN; 2204 } 2205} --- 15 unchanged lines hidden (view full) --- 2221 return ssh_dss_verify(key, sig, siglen, data, dlen, compat); 2222# ifdef OPENSSL_HAS_ECC 2223 case KEY_ECDSA_CERT: 2224 case KEY_ECDSA: 2225 return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); 2226# endif /* OPENSSL_HAS_ECC */ 2227 case KEY_RSA_CERT: 2228 case KEY_RSA: | 2195#endif /* WITH_OPENSSL */ 2196 case KEY_ED25519: 2197 case KEY_ED25519_CERT: 2198 return ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); 2199 default: 2200 return SSH_ERR_KEY_TYPE_UNKNOWN; 2201 } 2202} --- 15 unchanged lines hidden (view full) --- 2218 return ssh_dss_verify(key, sig, siglen, data, dlen, compat); 2219# ifdef OPENSSL_HAS_ECC 2220 case KEY_ECDSA_CERT: 2221 case KEY_ECDSA: 2222 return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); 2223# endif /* OPENSSL_HAS_ECC */ 2224 case KEY_RSA_CERT: 2225 case KEY_RSA: |
2229 return ssh_rsa_verify(key, sig, siglen, data, dlen, compat); | 2226 return ssh_rsa_verify(key, sig, siglen, data, dlen); |
2230#endif /* WITH_OPENSSL */ 2231 case KEY_ED25519: 2232 case KEY_ED25519_CERT: 2233 return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat); 2234 default: 2235 return SSH_ERR_KEY_TYPE_UNKNOWN; 2236 } 2237} 2238 2239/* Converts a private to a public key */ 2240int 2241sshkey_demote(const struct sshkey *k, struct sshkey **dkp) 2242{ 2243 struct sshkey *pk; 2244 int ret = SSH_ERR_INTERNAL_ERROR; 2245 | 2227#endif /* WITH_OPENSSL */ 2228 case KEY_ED25519: 2229 case KEY_ED25519_CERT: 2230 return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat); 2231 default: 2232 return SSH_ERR_KEY_TYPE_UNKNOWN; 2233 } 2234} 2235 2236/* Converts a private to a public key */ 2237int 2238sshkey_demote(const struct sshkey *k, struct sshkey **dkp) 2239{ 2240 struct sshkey *pk; 2241 int ret = SSH_ERR_INTERNAL_ERROR; 2242 |
2246 if (dkp != NULL) 2247 *dkp = NULL; 2248 | 2243 *dkp = NULL; |
2249 if ((pk = calloc(1, sizeof(*pk))) == NULL) 2250 return SSH_ERR_ALLOC_FAIL; 2251 pk->type = k->type; 2252 pk->flags = k->flags; 2253 pk->ecdsa_nid = k->ecdsa_nid; 2254 pk->dsa = NULL; 2255 pk->ecdsa = NULL; 2256 pk->rsa = NULL; --- 200 unchanged lines hidden (view full) --- 2457 (ret = sshbuf_put_stringb(cert, k->cert->critical)) != 0 || 2458 (ret = sshbuf_put_stringb(cert, k->cert->extensions)) != 0 || 2459 (ret = sshbuf_put_string(cert, NULL, 0)) != 0 || /* Reserved */ 2460 (ret = sshbuf_put_string(cert, ca_blob, ca_len)) != 0) 2461 goto out; 2462 2463 /* Sign the whole mess */ 2464 if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), | 2244 if ((pk = calloc(1, sizeof(*pk))) == NULL) 2245 return SSH_ERR_ALLOC_FAIL; 2246 pk->type = k->type; 2247 pk->flags = k->flags; 2248 pk->ecdsa_nid = k->ecdsa_nid; 2249 pk->dsa = NULL; 2250 pk->ecdsa = NULL; 2251 pk->rsa = NULL; --- 200 unchanged lines hidden (view full) --- 2452 (ret = sshbuf_put_stringb(cert, k->cert->critical)) != 0 || 2453 (ret = sshbuf_put_stringb(cert, k->cert->extensions)) != 0 || 2454 (ret = sshbuf_put_string(cert, NULL, 0)) != 0 || /* Reserved */ 2455 (ret = sshbuf_put_string(cert, ca_blob, ca_len)) != 0) 2456 goto out; 2457 2458 /* Sign the whole mess */ 2459 if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), |
2465 sshbuf_len(cert), 0)) != 0) | 2460 sshbuf_len(cert), NULL, 0)) != 0) |
2466 goto out; 2467 2468 /* Append signature and we are done */ 2469 if ((ret = sshbuf_put_string(cert, sig_blob, sig_len)) != 0) 2470 goto out; 2471 ret = 0; 2472 out: 2473 if (ret != 0) 2474 sshbuf_reset(cert); | 2461 goto out; 2462 2463 /* Append signature and we are done */ 2464 if ((ret = sshbuf_put_string(cert, sig_blob, sig_len)) != 0) 2465 goto out; 2466 ret = 0; 2467 out: 2468 if (ret != 0) 2469 sshbuf_reset(cert); |
2475 if (sig_blob != NULL) 2476 free(sig_blob); 2477 if (ca_blob != NULL) 2478 free(ca_blob); 2479 if (principals != NULL) 2480 sshbuf_free(principals); | 2470 free(sig_blob); 2471 free(ca_blob); 2472 sshbuf_free(principals); |
2481 return ret; 2482} 2483 2484int 2485sshkey_cert_check_authority(const struct sshkey *k, 2486 int want_host, int require_principal, 2487 const char *name, const char **reason) 2488{ --- 44 unchanged lines hidden (view full) --- 2533 *reason = "Certificate invalid: name is not a listed " 2534 "principal"; 2535 return SSH_ERR_KEY_CERT_INVALID; 2536 } 2537 } 2538 return 0; 2539} 2540 | 2473 return ret; 2474} 2475 2476int 2477sshkey_cert_check_authority(const struct sshkey *k, 2478 int want_host, int require_principal, 2479 const char *name, const char **reason) 2480{ --- 44 unchanged lines hidden (view full) --- 2525 *reason = "Certificate invalid: name is not a listed " 2526 "principal"; 2527 return SSH_ERR_KEY_CERT_INVALID; 2528 } 2529 } 2530 return 0; 2531} 2532 |
2533size_t 2534sshkey_format_cert_validity(const struct sshkey_cert *cert, char *s, size_t l) 2535{ 2536 char from[32], to[32], ret[64]; 2537 time_t tt; 2538 struct tm *tm; 2539 2540 *from = *to = '\0'; 2541 if (cert->valid_after == 0 && 2542 cert->valid_before == 0xffffffffffffffffULL) 2543 return strlcpy(s, "forever", l); 2544 2545 if (cert->valid_after != 0) { 2546 /* XXX revisit INT_MAX in 2038 :) */ 2547 tt = cert->valid_after > INT_MAX ? 2548 INT_MAX : cert->valid_after; 2549 tm = localtime(&tt); 2550 strftime(from, sizeof(from), "%Y-%m-%dT%H:%M:%S", tm); 2551 } 2552 if (cert->valid_before != 0xffffffffffffffffULL) { 2553 /* XXX revisit INT_MAX in 2038 :) */ 2554 tt = cert->valid_before > INT_MAX ? 2555 INT_MAX : cert->valid_before; 2556 tm = localtime(&tt); 2557 strftime(to, sizeof(to), "%Y-%m-%dT%H:%M:%S", tm); 2558 } 2559 2560 if (cert->valid_after == 0) 2561 snprintf(ret, sizeof(ret), "before %s", to); 2562 else if (cert->valid_before == 0xffffffffffffffffULL) 2563 snprintf(ret, sizeof(ret), "after %s", from); 2564 else 2565 snprintf(ret, sizeof(ret), "from %s to %s", from, to); 2566 2567 return strlcpy(s, ret, l); 2568} 2569 |
|
2541int 2542sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) 2543{ 2544 int r = SSH_ERR_INTERNAL_ERROR; 2545 2546 if ((r = sshbuf_put_cstring(b, sshkey_ssh_name(key))) != 0) 2547 goto out; 2548 switch (key->type) { --- 147 unchanged lines hidden (view full) --- 2696 if ((r = sshbuf_get_eckey(buf, k->ecdsa)) != 0 || 2697 (r = sshbuf_get_bignum2(buf, exponent))) 2698 goto out; 2699 if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { 2700 r = SSH_ERR_LIBCRYPTO_ERROR; 2701 goto out; 2702 } 2703 if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), | 2570int 2571sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) 2572{ 2573 int r = SSH_ERR_INTERNAL_ERROR; 2574 2575 if ((r = sshbuf_put_cstring(b, sshkey_ssh_name(key))) != 0) 2576 goto out; 2577 switch (key->type) { --- 147 unchanged lines hidden (view full) --- 2725 if ((r = sshbuf_get_eckey(buf, k->ecdsa)) != 0 || 2726 (r = sshbuf_get_bignum2(buf, exponent))) 2727 goto out; 2728 if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { 2729 r = SSH_ERR_LIBCRYPTO_ERROR; 2730 goto out; 2731 } 2732 if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), |
2704 EC_KEY_get0_public_key(k->ecdsa)) != 0) || | 2733 EC_KEY_get0_public_key(k->ecdsa))) != 0 || |
2705 (r = sshkey_ec_validate_private(k->ecdsa)) != 0) 2706 goto out; 2707 break; 2708 case KEY_ECDSA_CERT: 2709 if ((exponent = BN_new()) == NULL) { 2710 r = SSH_ERR_LIBCRYPTO_ERROR; 2711 goto out; 2712 } 2713 if ((r = sshkey_froms(buf, &k)) != 0 || 2714 (r = sshkey_add_private(k)) != 0 || 2715 (r = sshbuf_get_bignum2(buf, exponent)) != 0) 2716 goto out; 2717 if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { 2718 r = SSH_ERR_LIBCRYPTO_ERROR; 2719 goto out; 2720 } 2721 if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), | 2734 (r = sshkey_ec_validate_private(k->ecdsa)) != 0) 2735 goto out; 2736 break; 2737 case KEY_ECDSA_CERT: 2738 if ((exponent = BN_new()) == NULL) { 2739 r = SSH_ERR_LIBCRYPTO_ERROR; 2740 goto out; 2741 } 2742 if ((r = sshkey_froms(buf, &k)) != 0 || 2743 (r = sshkey_add_private(k)) != 0 || 2744 (r = sshbuf_get_bignum2(buf, exponent)) != 0) 2745 goto out; 2746 if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { 2747 r = SSH_ERR_LIBCRYPTO_ERROR; 2748 goto out; 2749 } 2750 if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), |
2722 EC_KEY_get0_public_key(k->ecdsa)) != 0) || | 2751 EC_KEY_get0_public_key(k->ecdsa))) != 0 || |
2723 (r = sshkey_ec_validate_private(k->ecdsa)) != 0) 2724 goto out; 2725 break; 2726# endif /* OPENSSL_HAS_ECC */ 2727 case KEY_RSA: 2728 if ((k = sshkey_new_private(type)) == NULL) { 2729 r = SSH_ERR_ALLOC_FAIL; 2730 goto out; --- 5 unchanged lines hidden (view full) --- 2736 (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || 2737 (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || 2738 (r = rsa_generate_additional_parameters(k->rsa)) != 0) 2739 goto out; 2740 break; 2741 case KEY_RSA_CERT: 2742 if ((r = sshkey_froms(buf, &k)) != 0 || 2743 (r = sshkey_add_private(k)) != 0 || | 2752 (r = sshkey_ec_validate_private(k->ecdsa)) != 0) 2753 goto out; 2754 break; 2755# endif /* OPENSSL_HAS_ECC */ 2756 case KEY_RSA: 2757 if ((k = sshkey_new_private(type)) == NULL) { 2758 r = SSH_ERR_ALLOC_FAIL; 2759 goto out; --- 5 unchanged lines hidden (view full) --- 2765 (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || 2766 (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || 2767 (r = rsa_generate_additional_parameters(k->rsa)) != 0) 2768 goto out; 2769 break; 2770 case KEY_RSA_CERT: 2771 if ((r = sshkey_froms(buf, &k)) != 0 || 2772 (r = sshkey_add_private(k)) != 0 || |
2744 (r = sshbuf_get_bignum2(buf, k->rsa->d) != 0) || 2745 (r = sshbuf_get_bignum2(buf, k->rsa->iqmp) != 0) || 2746 (r = sshbuf_get_bignum2(buf, k->rsa->p) != 0) || 2747 (r = sshbuf_get_bignum2(buf, k->rsa->q) != 0) || | 2773 (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || 2774 (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || 2775 (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || 2776 (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || |
2748 (r = rsa_generate_additional_parameters(k->rsa)) != 0) 2749 goto out; 2750 break; 2751#endif /* WITH_OPENSSL */ 2752 case KEY_ED25519: 2753 if ((k = sshkey_new_private(type)) == NULL) { 2754 r = SSH_ERR_ALLOC_FAIL; 2755 goto out; --- 670 unchanged lines hidden (view full) --- 3426 3427 /* Store cipher type and "reserved" field. */ 3428 if ((r = sshbuf_put_u8(encrypted, cipher_num)) != 0 || 3429 (r = sshbuf_put_u32(encrypted, 0)) != 0) 3430 goto out; 3431 3432 /* Store public key. This will be in plain text. */ 3433 if ((r = sshbuf_put_u32(encrypted, BN_num_bits(key->rsa->n))) != 0 || | 2777 (r = rsa_generate_additional_parameters(k->rsa)) != 0) 2778 goto out; 2779 break; 2780#endif /* WITH_OPENSSL */ 2781 case KEY_ED25519: 2782 if ((k = sshkey_new_private(type)) == NULL) { 2783 r = SSH_ERR_ALLOC_FAIL; 2784 goto out; --- 670 unchanged lines hidden (view full) --- 3455 3456 /* Store cipher type and "reserved" field. */ 3457 if ((r = sshbuf_put_u8(encrypted, cipher_num)) != 0 || 3458 (r = sshbuf_put_u32(encrypted, 0)) != 0) 3459 goto out; 3460 3461 /* Store public key. This will be in plain text. */ 3462 if ((r = sshbuf_put_u32(encrypted, BN_num_bits(key->rsa->n))) != 0 || |
3434 (r = sshbuf_put_bignum1(encrypted, key->rsa->n) != 0) || 3435 (r = sshbuf_put_bignum1(encrypted, key->rsa->e) != 0) || 3436 (r = sshbuf_put_cstring(encrypted, comment) != 0)) | 3463 (r = sshbuf_put_bignum1(encrypted, key->rsa->n)) != 0 || 3464 (r = sshbuf_put_bignum1(encrypted, key->rsa->e)) != 0 || 3465 (r = sshbuf_put_cstring(encrypted, comment)) != 0) |
3437 goto out; 3438 3439 /* Allocate space for the private part of the key in the buffer. */ 3440 if ((r = sshbuf_reserve(encrypted, sshbuf_len(buffer), &cp)) != 0) 3441 goto out; 3442 3443 if ((r = cipher_set_key_string(&ciphercontext, cipher, passphrase, 3444 CIPHER_ENCRYPT)) != 0) --- 4 unchanged lines hidden (view full) --- 3449 if ((r = cipher_cleanup(&ciphercontext)) != 0) 3450 goto out; 3451 3452 r = sshbuf_putb(blob, encrypted); 3453 3454 out: 3455 explicit_bzero(&ciphercontext, sizeof(ciphercontext)); 3456 explicit_bzero(buf, sizeof(buf)); | 3466 goto out; 3467 3468 /* Allocate space for the private part of the key in the buffer. */ 3469 if ((r = sshbuf_reserve(encrypted, sshbuf_len(buffer), &cp)) != 0) 3470 goto out; 3471 3472 if ((r = cipher_set_key_string(&ciphercontext, cipher, passphrase, 3473 CIPHER_ENCRYPT)) != 0) --- 4 unchanged lines hidden (view full) --- 3478 if ((r = cipher_cleanup(&ciphercontext)) != 0) 3479 goto out; 3480 3481 r = sshbuf_putb(blob, encrypted); 3482 3483 out: 3484 explicit_bzero(&ciphercontext, sizeof(ciphercontext)); 3485 explicit_bzero(buf, sizeof(buf)); |
3457 if (buffer != NULL) 3458 sshbuf_free(buffer); 3459 if (encrypted != NULL) 3460 sshbuf_free(encrypted); | 3486 sshbuf_free(buffer); 3487 sshbuf_free(encrypted); |
3461 3462 return r; 3463} 3464#endif /* WITH_SSH1 */ 3465 3466#ifdef WITH_OPENSSL 3467/* convert SSH v2 key in OpenSSL PEM format */ 3468static int --- 137 unchanged lines hidden (view full) --- 3606 r = 0; 3607 if (keyp != NULL) 3608 *keyp = pub; 3609 else 3610 sshkey_free(pub); 3611 pub = NULL; 3612 3613 out: | 3488 3489 return r; 3490} 3491#endif /* WITH_SSH1 */ 3492 3493#ifdef WITH_OPENSSL 3494/* convert SSH v2 key in OpenSSL PEM format */ 3495static int --- 137 unchanged lines hidden (view full) --- 3633 r = 0; 3634 if (keyp != NULL) 3635 *keyp = pub; 3636 else 3637 sshkey_free(pub); 3638 pub = NULL; 3639 3640 out: |
3614 if (copy != NULL) 3615 sshbuf_free(copy); 3616 if (pub != NULL) 3617 sshkey_free(pub); | 3641 sshbuf_free(copy); 3642 sshkey_free(pub); |
3618 return r; 3619} 3620 3621static int 3622sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase, 3623 struct sshkey **keyp, char **commentp) 3624{ 3625 int r; --- 95 unchanged lines hidden (view full) --- 3721 *keyp = prv; 3722 prv = NULL; 3723 if (commentp != NULL) { 3724 *commentp = comment; 3725 comment = NULL; 3726 } 3727 out: 3728 explicit_bzero(&ciphercontext, sizeof(ciphercontext)); | 3643 return r; 3644} 3645 3646static int 3647sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase, 3648 struct sshkey **keyp, char **commentp) 3649{ 3650 int r; --- 95 unchanged lines hidden (view full) --- 3746 *keyp = prv; 3747 prv = NULL; 3748 if (commentp != NULL) { 3749 *commentp = comment; 3750 comment = NULL; 3751 } 3752 out: 3753 explicit_bzero(&ciphercontext, sizeof(ciphercontext)); |
3729 if (comment != NULL) 3730 free(comment); 3731 if (prv != NULL) 3732 sshkey_free(prv); 3733 if (copy != NULL) 3734 sshbuf_free(copy); 3735 if (decrypted != NULL) 3736 sshbuf_free(decrypted); | 3754 free(comment); 3755 sshkey_free(prv); 3756 sshbuf_free(copy); 3757 sshbuf_free(decrypted); |
3737 return r; 3738} 3739#endif /* WITH_SSH1 */ 3740 3741#ifdef WITH_OPENSSL 3742static int 3743sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, 3744 const char *passphrase, struct sshkey **keyp) --- 73 unchanged lines hidden (view full) --- 3818 } 3819 r = 0; 3820 *keyp = prv; 3821 prv = NULL; 3822 out: 3823 BIO_free(bio); 3824 if (pk != NULL) 3825 EVP_PKEY_free(pk); | 3758 return r; 3759} 3760#endif /* WITH_SSH1 */ 3761 3762#ifdef WITH_OPENSSL 3763static int 3764sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, 3765 const char *passphrase, struct sshkey **keyp) --- 73 unchanged lines hidden (view full) --- 3839 } 3840 r = 0; 3841 *keyp = prv; 3842 prv = NULL; 3843 out: 3844 BIO_free(bio); 3845 if (pk != NULL) 3846 EVP_PKEY_free(pk); |
3826 if (prv != NULL) 3827 sshkey_free(prv); | 3847 sshkey_free(prv); |
3828 return r; 3829} 3830#endif /* WITH_OPENSSL */ 3831 3832int 3833sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, 3834 const char *passphrase, struct sshkey **keyp, char **commentp) 3835{ | 3848 return r; 3849} 3850#endif /* WITH_OPENSSL */ 3851 3852int 3853sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, 3854 const char *passphrase, struct sshkey **keyp, char **commentp) 3855{ |
3836 int r; 3837 | |
3838 *keyp = NULL; 3839 if (commentp != NULL) 3840 *commentp = NULL; 3841 3842 switch (type) { 3843#ifdef WITH_SSH1 3844 case KEY_RSA1: 3845 return sshkey_parse_private_rsa1(blob, passphrase, --- 5 unchanged lines hidden (view full) --- 3851 case KEY_RSA: 3852 return sshkey_parse_private_pem_fileblob(blob, type, 3853 passphrase, keyp); 3854#endif /* WITH_OPENSSL */ 3855 case KEY_ED25519: 3856 return sshkey_parse_private2(blob, type, passphrase, 3857 keyp, commentp); 3858 case KEY_UNSPEC: | 3856 *keyp = NULL; 3857 if (commentp != NULL) 3858 *commentp = NULL; 3859 3860 switch (type) { 3861#ifdef WITH_SSH1 3862 case KEY_RSA1: 3863 return sshkey_parse_private_rsa1(blob, passphrase, --- 5 unchanged lines hidden (view full) --- 3869 case KEY_RSA: 3870 return sshkey_parse_private_pem_fileblob(blob, type, 3871 passphrase, keyp); 3872#endif /* WITH_OPENSSL */ 3873 case KEY_ED25519: 3874 return sshkey_parse_private2(blob, type, passphrase, 3875 keyp, commentp); 3876 case KEY_UNSPEC: |
3859 if ((r = sshkey_parse_private2(blob, type, passphrase, keyp, 3860 commentp)) == 0) | 3877 if (sshkey_parse_private2(blob, type, passphrase, keyp, 3878 commentp) == 0) |
3861 return 0; 3862#ifdef WITH_OPENSSL 3863 return sshkey_parse_private_pem_fileblob(blob, type, 3864 passphrase, keyp); 3865#else 3866 return SSH_ERR_INVALID_FORMAT; 3867#endif /* WITH_OPENSSL */ 3868 default: 3869 return SSH_ERR_KEY_TYPE_UNKNOWN; 3870 } 3871} 3872 3873int 3874sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, | 3879 return 0; 3880#ifdef WITH_OPENSSL 3881 return sshkey_parse_private_pem_fileblob(blob, type, 3882 passphrase, keyp); 3883#else 3884 return SSH_ERR_INVALID_FORMAT; 3885#endif /* WITH_OPENSSL */ 3886 default: 3887 return SSH_ERR_KEY_TYPE_UNKNOWN; 3888 } 3889} 3890 3891int 3892sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, |
3875 const char *filename, struct sshkey **keyp, char **commentp) | 3893 struct sshkey **keyp, char **commentp) |
3876{ | 3894{ |
3877 int r; 3878 | |
3879 if (keyp != NULL) 3880 *keyp = NULL; 3881 if (commentp != NULL) 3882 *commentp = NULL; 3883 3884#ifdef WITH_SSH1 3885 /* it's a SSH v1 key if the public key part is readable */ | 3895 if (keyp != NULL) 3896 *keyp = NULL; 3897 if (commentp != NULL) 3898 *commentp = NULL; 3899 3900#ifdef WITH_SSH1 3901 /* it's a SSH v1 key if the public key part is readable */ |
3886 if ((r = sshkey_parse_public_rsa1_fileblob(buffer, NULL, NULL)) == 0) { | 3902 if (sshkey_parse_public_rsa1_fileblob(buffer, NULL, NULL) == 0) { |
3887 return sshkey_parse_private_fileblob_type(buffer, KEY_RSA1, 3888 passphrase, keyp, commentp); 3889 } 3890#endif /* WITH_SSH1 */ | 3903 return sshkey_parse_private_fileblob_type(buffer, KEY_RSA1, 3904 passphrase, keyp, commentp); 3905 } 3906#endif /* WITH_SSH1 */ |
3891 if ((r = sshkey_parse_private_fileblob_type(buffer, KEY_UNSPEC, 3892 passphrase, keyp, commentp)) == 0) 3893 return 0; 3894 return r; | 3907 return sshkey_parse_private_fileblob_type(buffer, KEY_UNSPEC, 3908 passphrase, keyp, commentp); |
3895} | 3909} |