diff options
author | des <des@FreeBSD.org> | 2010-11-11 11:46:19 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2010-11-11 11:46:19 +0000 |
commit | 59d1af232220700389c3543e93e1b1f2e2619919 (patch) | |
tree | 6eb7398d6e807c1a0d65a65c3e0dc92c453bb592 /crypto/openssh/authfile.c | |
parent | ac0984a6533794998189315ced48d83ce881917d (diff) | |
parent | a074372f88279f4eaaed8ab05de3f3fda1fac4eb (diff) | |
download | FreeBSD-src-59d1af232220700389c3543e93e1b1f2e2619919.zip FreeBSD-src-59d1af232220700389c3543e93e1b1f2e2619919.tar.gz |
Upgrade to OpenSSH 5.6p1.
Diffstat (limited to 'crypto/openssh/authfile.c')
-rw-r--r-- | crypto/openssh/authfile.c | 62 |
1 files changed, 61 insertions, 1 deletions
diff --git a/crypto/openssh/authfile.c b/crypto/openssh/authfile.c index 224c6aa..2bd8878 100644 --- a/crypto/openssh/authfile.c +++ b/crypto/openssh/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.80 2010/03/04 10:36:03 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.82 2010/08/04 05:49:22 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -693,6 +693,66 @@ key_load_public(const char *filename, char **commentp) return NULL; } +/* Load the certificate associated with the named private key */ +Key * +key_load_cert(const char *filename) +{ + Key *pub; + char *file; + + pub = key_new(KEY_UNSPEC); + xasprintf(&file, "%s-cert.pub", filename); + if (key_try_load_public(pub, file, NULL) == 1) { + xfree(file); + return pub; + } + xfree(file); + key_free(pub); + return NULL; +} + +/* Load private key and certificate */ +Key * +key_load_private_cert(int type, const char *filename, const char *passphrase, + int *perm_ok) +{ + Key *key, *pub; + + switch (type) { + case KEY_RSA: + case KEY_DSA: + break; + default: + error("%s: unsupported key type", __func__); + return NULL; + } + + if ((key = key_load_private_type(type, filename, + passphrase, NULL, perm_ok)) == NULL) + return NULL; + + if ((pub = key_load_cert(filename)) == NULL) { + key_free(key); + return NULL; + } + + /* Make sure the private key matches the certificate */ + if (key_equal_public(key, pub) == 0) { + error("%s: certificate does not match private key %s", + __func__, filename); + } else if (key_to_certified(key, key_cert_is_legacy(pub)) != 0) { + error("%s: key_to_certified failed", __func__); + } else { + key_cert_copy(pub, key); + key_free(pub); + return key; + } + + key_free(key); + key_free(pub); + return NULL; +} + /* * Returns 1 if the specified "key" is listed in the file "filename", * 0 if the key is not listed or -1 on error. |