diff options
| author |   djm <djm@openbsd.org> | 2015-01-08 10:14:08 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2015-01-08 10:14:08 +0000 |
| commit | 03b8b3798bf495099c640d9f1e9556e36f0a419b (patch) | |
| tree | 46dea2945fe52eeb7ade6c425e20b0aeb823a0e6 /usr.bin/ssh/ssh-keysign.c | |
| parent | Clarify and simplify. (diff) | |
| download | wireguard-openbsd-03b8b3798bf495099c640d9f1e9556e36f0a419b.tar.xz wireguard-openbsd-03b8b3798bf495099c640d9f1e9556e36f0a419b.zip | |
deprecate key_load_private_pem() and sshkey_load_private_pem()
interfaces. Refactor the generic key loading API to not require
pathnames to be specified (they weren't really used).
Fixes a few other things en passant:
Makes ed25519 keys work for hostbased authentication (ssh-keysign
previously used the PEM-only routines).
Fixes key comment regression bz#2306: key pathnames were being lost as
comment fields.
ok markus@
Diffstat (limited to 'usr.bin/ssh/ssh-keysign.c')
| -rw-r--r-- | usr.bin/ssh/ssh-keysign.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/usr.bin/ssh/ssh-keysign.c b/usr.bin/ssh/ssh-keysign.c index 7b119c993ed..5d1a4167a1f 100644 --- a/usr.bin/ssh/ssh-keysign.c +++ b/usr.bin/ssh/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.44 2014/12/21 22:27:56 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.45 2015/01/08 10:14:08 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -48,6 +48,8 @@ #include "pathnames.h" #include "readconf.h" #include "uidswap.h" +#include "sshkey.h" +#include "ssherr.h" /* XXX readconf.c needs these */ uid_t original_real_uid; @@ -63,6 +65,8 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, char *pkalg, *p; int pktype, fail; + if (ret != NULL) + *ret = NULL; fail = 0; buffer_init(&b); @@ -147,7 +151,7 @@ main(int argc, char **argv) #define NUM_KEYTYPES 4 Key *keys[NUM_KEYTYPES], *key = NULL; struct passwd *pw; - int key_fd[NUM_KEYTYPES], i, found, version = 2, fd; + int r, key_fd[NUM_KEYTYPES], i, found, version = 2, fd; u_char *signature, *data; char *host, *fp; u_int slen, dlen; @@ -198,14 +202,15 @@ main(int argc, char **argv) keys[i] = NULL; if (key_fd[i] == -1) continue; -#ifdef WITH_OPENSSL -/* XXX wrong api */ - keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, - NULL, NULL); -#endif + r = sshkey_load_private_type_fd(key_fd[i], KEY_UNSPEC, + NULL, &key, NULL); close(key_fd[i]); - if (keys[i] != NULL) + if (r != 0) + debug("parse key %d: %s", i, ssh_err(r)); + else if (key != NULL) { + keys[i] = key; found = 1; + } } if (!found) fatal("no hostkey found"); |