remove legacy key emulation layer; ok djm@

author: markus <markus@openbsd.org> 2018-07-11 18:53:29 +0000
committer: markus <markus@openbsd.org> 2018-07-11 18:53:29 +0000
commit: 7f8ae3c2ab900bac01617ecfa363936de427ea43 (patch)
tree: 6c1e0487c512364906346f833f1dd66486e43ed7 /usr.bin/ssh/ssh.c
parent: Remove the i386 specific mention for pcvtfonts, they are also installed (diff)
download: wireguard-openbsd-7f8ae3c2ab900bac01617ecfa363936de427ea43.tar.xz
wireguard-openbsd-7f8ae3c2ab900bac01617ecfa363936de427ea43.zip
1 files changed, 78 insertions, 57 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 10e1a98248b..6092752c4c6 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.482 2018/07/09 21:03:30 markus Exp $ */
+/* $OpenBSD: ssh.c,v 1.483 2018/07/11 18:53:29 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -79,7 +79,7 @@
 #include "packet.h"
 #include "sshbuf.h"
 #include "channels.h"
-#include "key.h"
+#include "sshkey.h"
 #include "authfd.h"
 #include "authfile.h"
 #include "pathnames.h"
@@ -488,6 +488,30 @@ resolve_canonicalize(char **hostp, int port)
 }
 
 /*
+ * Check the result of hostkey loading, ignoring some errors and
+ * fatal()ing for others.
+ */
+static void
+check_load(int r, const char *path, const char *message)
+{
+	switch (r) {
+	case 0:
+		break;
+	case SSH_ERR_INTERNAL_ERROR:
+	case SSH_ERR_ALLOC_FAIL:
+		fatal("load %s \"%s\": %s", message, path, ssh_err(r));
+	case SSH_ERR_SYSTEM_ERROR:
+		/* Ignore missing files */
+		if (errno == ENOENT)
+			break;
+		/* FALLTHROUGH */
+	default:
+		error("load %s \"%s\": %s", message, path, ssh_err(r));
+		break;
+	}
+}
+
+/*
  * Read per-user configuration file.  Ignore the system wide config
  * file if the user specifies a config file on the command line.
  */
@@ -1354,7 +1378,7 @@ main(int ac, char **av)
 
 	/*
 	 * If we successfully made the connection, load the host private key
-	 * in case we will need it later for combined rsa-rhosts
+	 * in case we will need it later for hostbased
 	 * authentication. This must be done before releasing extra
 	 * privileges, because the file is only readable by root.
 	 * If we cannot access the private keys, load the public keys
@@ -1366,29 +1390,32 @@ main(int ac, char **av)
 	if (options.hostbased_authentication) {
 		sensitive_data.nkeys = 11;
 		sensitive_data.keys = xcalloc(sensitive_data.nkeys,
-		    sizeof(struct sshkey));	/* XXX */
+		    sizeof(struct sshkey));
+
+		/* XXX check errors? */
+#define L_KEY(t,p,o) \
+	check_load(sshkey_load_private_type(t, p, "", \
+	    &(sensitive_data.keys[o]), NULL, NULL), p, "key")
+#define L_KEYCERT(t,p,o) \
+	check_load(sshkey_load_private_cert(t, p, "", \
+	    &(sensitive_data.keys[o]), NULL), p, "cert and key")
+#define L_PUBKEY(p,o) \
+	check_load(sshkey_load_public(p, &(sensitive_data.keys[o]), NULL), \
+	    p, "pubkey")
+#define L_CERT(p,o) \
+	check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert")
 
 		PRIV_START;
-		sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA,
-		    _PATH_HOST_ECDSA_KEY_FILE, "", NULL);
-		sensitive_data.keys[2] = key_load_private_cert(KEY_ED25519,
-		    _PATH_HOST_ED25519_KEY_FILE, "", NULL);
-		sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
-		    _PATH_HOST_RSA_KEY_FILE, "", NULL);
-		sensitive_data.keys[4] = key_load_private_cert(KEY_DSA,
-		    _PATH_HOST_DSA_KEY_FILE, "", NULL);
-		sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA,
-		    _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL);
-		sensitive_data.keys[6] = key_load_private_type(KEY_ED25519,
-		    _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL);
-		sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
-		    _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
-		sensitive_data.keys[8] = key_load_private_type(KEY_DSA,
-		    _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
-		sensitive_data.keys[9] = key_load_private_cert(KEY_XMSS,
-		    _PATH_HOST_XMSS_KEY_FILE, "", NULL);
-		sensitive_data.keys[10] = key_load_private_type(KEY_XMSS,
-		    _PATH_HOST_XMSS_KEY_FILE, "", NULL, NULL);
+		L_KEYCERT(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, 1);
+		L_KEYCERT(KEY_ED25519, _PATH_HOST_ED25519_KEY_FILE, 2);
+		L_KEYCERT(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, 3);
+		L_KEYCERT(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, 4);
+		L_KEY(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, 5);
+		L_KEY(KEY_ED25519, _PATH_HOST_ED25519_KEY_FILE, 6);
+		L_KEY(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, 7);
+		L_KEY(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, 8);
+		L_KEYCERT(KEY_XMSS, _PATH_HOST_XMSS_KEY_FILE, 9);
+		L_KEY(KEY_XMSS, _PATH_HOST_XMSS_KEY_FILE, 10);
 		PRIV_END;
 
 		if (options.hostbased_authentication == 1 &&
@@ -1397,27 +1424,18 @@ main(int ac, char **av)
 		    sensitive_data.keys[6] == NULL &&
 		    sensitive_data.keys[7] == NULL &&
 		    sensitive_data.keys[8] == NULL &&
-		    sensitive_data.keys[9] == NULL) {
-			sensitive_data.keys[1] = key_load_cert(
-			    _PATH_HOST_ECDSA_KEY_FILE);
-			sensitive_data.keys[2] = key_load_cert(
-			    _PATH_HOST_ED25519_KEY_FILE);
-			sensitive_data.keys[3] = key_load_cert(
-			    _PATH_HOST_RSA_KEY_FILE);
-			sensitive_data.keys[4] = key_load_cert(
-			    _PATH_HOST_DSA_KEY_FILE);
-			sensitive_data.keys[5] = key_load_public(
-			    _PATH_HOST_ECDSA_KEY_FILE, NULL);
-			sensitive_data.keys[6] = key_load_public(
-			    _PATH_HOST_ED25519_KEY_FILE, NULL);
-			sensitive_data.keys[7] = key_load_public(
-			    _PATH_HOST_RSA_KEY_FILE, NULL);
-			sensitive_data.keys[8] = key_load_public(
-			    _PATH_HOST_DSA_KEY_FILE, NULL);
-			sensitive_data.keys[9] = key_load_cert(
-			    _PATH_HOST_XMSS_KEY_FILE);
-			sensitive_data.keys[10] = key_load_public(
-			    _PATH_HOST_XMSS_KEY_FILE, NULL);
+		    sensitive_data.keys[9] == NULL &&
+		    sensitive_data.keys[10] == NULL) {
+			L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 1);
+			L_CERT(_PATH_HOST_ED25519_KEY_FILE, 2);
+			L_CERT(_PATH_HOST_RSA_KEY_FILE, 3);
+			L_CERT(_PATH_HOST_DSA_KEY_FILE, 4);
+			L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 5);
+			L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 6);
+			L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 7);
+			L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 8);
+			L_CERT(_PATH_HOST_XMSS_KEY_FILE, 9);
+			L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 10);
 			sensitive_data.external_keysign = 1;
 		}
 	}
@@ -1496,7 +1514,7 @@ main(int ac, char **av)
 			if (sensitive_data.keys[i] != NULL) {
 				/* Destroys contents safely */
 				debug3("clear hostkey %d", i);
-				key_free(sensitive_data.keys[i]);
+				sshkey_free(sensitive_data.keys[i]);
 				sensitive_data.keys[i] = NULL;
 			}
 		}
@@ -1506,7 +1524,7 @@ main(int ac, char **av)
 		free(options.identity_files[i]);
 		options.identity_files[i] = NULL;
 		if (options.identity_keys[i]) {
-			key_free(options.identity_keys[i]);
+			sshkey_free(options.identity_keys[i]);
 			options.identity_keys[i] = NULL;
 		}
 	}
@@ -2000,7 +2018,7 @@ load_public_identity_files(struct passwd *pw)
 	    &keys)) > 0) {
 		for (i = 0; i < nkeys; i++) {
 			if (n_ids >= SSH_MAX_IDENTITY_FILES) {
-				key_free(keys[i]);
+				sshkey_free(keys[i]);
 				continue;
 			}
 			identity_keys[n_ids] = keys[i];
@@ -2026,7 +2044,8 @@ load_public_identity_files(struct passwd *pw)
 		    "u", pw->pw_name, "l", thishost, "h", host,
 		    "r", options.user, (char *)NULL);
 		free(cp);
-		public = key_load_public(filename, NULL);
+		check_load(sshkey_load_public(filename, &public, NULL),
+		    filename, "pubkey");
 		debug("identity file %s type %d", filename,
 		    public ? public->type : -1);
 		free(options.identity_files[i]);
@@ -2043,17 +2062,18 @@ load_public_identity_files(struct passwd *pw)
 		if (options.num_certificate_files != 0)
 			continue;
 		xasprintf(&cp, "%s-cert", filename);
-		public = key_load_public(cp, NULL);
+		check_load(sshkey_load_public(cp, &public, NULL),
+		    filename, "pubkey");
 		debug("identity file %s type %d", cp,
 		    public ? public->type : -1);
 		if (public == NULL) {
 			free(cp);
 			continue;
 		}
-		if (!key_is_cert(public)) {
+		if (!sshkey_is_cert(public)) {
 			debug("%s: key %s type %s is not a certificate",
-			    __func__, cp, key_type(public));
-			key_free(public);
+			    __func__, cp, sshkey_type(public));
+			sshkey_free(public);
 			free(cp);
 			continue;
 		}
@@ -2078,7 +2098,8 @@ load_public_identity_files(struct passwd *pw)
 		    (char *)NULL);
 		free(cp);
 
-		public = key_load_public(filename, NULL);
+		check_load(sshkey_load_public(filename, &public, NULL),
+		    filename, "certificate");
 		debug("certificate file %s type %d", filename,
 		    public ? public->type : -1);
 		free(options.certificate_files[i]);
@@ -2087,10 +2108,10 @@ load_public_identity_files(struct passwd *pw)
 			free(filename);
 			continue;
 		}
-		if (!key_is_cert(public)) {
+		if (!sshkey_is_cert(public)) {
 			debug("%s: key %s type %s is not a certificate",
-			    __func__, filename, key_type(public));
-			key_free(public);
+			    __func__, filename, sshkey_type(public));
+			sshkey_free(public);
 			free(filename);
 			continue;
 		}
author	markus <markus@openbsd.org>	2018-07-11 18:53:29 +0000
committer	markus <markus@openbsd.org>	2018-07-11 18:53:29 +0000
commit	7f8ae3c2ab900bac01617ecfa363936de427ea43 (patch)
tree	6c1e0487c512364906346f833f1dd66486e43ed7 /usr.bin/ssh/ssh.c
parent	Remove the i386 specific mention for pcvtfonts, they are also installed (diff)
download	wireguard-openbsd-7f8ae3c2ab900bac01617ecfa363936de427ea43.tar.xz wireguard-openbsd-7f8ae3c2ab900bac01617ecfa363936de427ea43.zip