[openssh-commits] [openssh] 07/07: upstream: let sshkey_try_load_public() load public keys from the

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Apr 8 10:14:33 AEST 2020


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 2b13d3934d5803703c04803ca3a93078ecb5b715
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Apr 8 00:10:37 2020 +0000

    upstream: let sshkey_try_load_public() load public keys from the
    
    unencrypted envelope of private key files if not sidecar public key file is
    present.
    
    ok markus@
    
    OpenBSD-Commit-ID: 252a0a580e10b9a6311632530d63b5ac76592040
---
 authfile.c | 38 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/authfile.c b/authfile.c
index 953812f4..50fa48e4 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.138 2020/04/08 00:09:24 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.139 2020/04/08 00:10:37 djm Exp $ */
 /*
  * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
  *
@@ -194,6 +194,38 @@ sshkey_load_private(const char *filename, const char *passphrase,
 	return r;
 }
 
+/* Load a pubkey from the unencrypted envelope of a new-format private key */
+static int
+sshkey_load_pubkey_from_private(const char *filename, struct sshkey **pubkeyp)
+{
+	struct sshbuf *buffer = NULL;
+	struct sshkey *pubkey = NULL;
+	int r, fd;
+
+	if (pubkeyp != NULL)
+		*pubkeyp = NULL;
+
+	if ((fd = open(filename, O_RDONLY)) == -1)
+		return SSH_ERR_SYSTEM_ERROR;
+	if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
+	    (r = sshkey_parse_pubkey_from_private_fileblob_type(buffer,
+	    KEY_UNSPEC, &pubkey)) != 0)
+		goto out;
+	if ((r = sshkey_set_filename(pubkey, filename)) != 0)
+		goto out;
+	/* success */
+	if (pubkeyp != NULL) {
+		*pubkeyp = pubkey;
+		pubkey = NULL;
+	}
+	r = 0;
+ out:
+	close(fd);
+	sshbuf_free(buffer);
+	sshkey_free(pubkey);
+	return r;
+}
+
 static int
 sshkey_try_load_public(struct sshkey **kp, const char *filename,
     char **commentp)
@@ -272,6 +304,10 @@ sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
 	if ((r = sshkey_try_load_public(keyp, pubfile, commentp)) == 0)
 		goto out;
 
+	/* finally, try to extract public key from private key file */
+	if ((r = sshkey_load_pubkey_from_private(filename, keyp)) == 0)
+		goto out;
+
  out:
 	free(pubfile);
 	return r;

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list