Annotation of src/usr.bin/ssh/authfile.c, Revision 1.16.2.4
1.1 deraadt 1: /*
1.9 deraadt 2: * Author: Tatu Ylonen <ylo@cs.hut.fi>
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: * All rights reserved
5: * This file contains functions for reading and writing identity files, and
6: * for reading the passphrase from the user.
1.14 markus 7: *
1.16.2.2 jason 8: * As far as I am concerned, the code I have written for this software
9: * can be used freely for any purpose. Any derived versions of this
10: * software must be clearly marked as such, and if the derived work is
11: * incompatible with the protocol description in the RFC file, it must be
12: * called by a name other than "ssh" or "Secure Shell".
13: *
14: *
15: * Copyright (c) 2000 Markus Friedl. All rights reserved.
16: *
17: * Redistribution and use in source and binary forms, with or without
18: * modification, are permitted provided that the following conditions
19: * are met:
20: * 1. Redistributions of source code must retain the above copyright
21: * notice, this list of conditions and the following disclaimer.
22: * 2. Redistributions in binary form must reproduce the above copyright
23: * notice, this list of conditions and the following disclaimer in the
24: * documentation and/or other materials provided with the distribution.
25: *
26: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.9 deraadt 36: */
1.1 deraadt 37:
38: #include "includes.h"
1.16.2.4! jason 39: RCSID("$OpenBSD: authfile.c,v 1.28 2001/02/21 09:05:54 deraadt Exp $");
1.1 deraadt 40:
1.16.2.3 jason 41: #include <openssl/err.h>
1.15 markus 42: #include <openssl/evp.h>
1.16.2.3 jason 43: #include <openssl/pem.h>
1.15 markus 44:
1.16.2.3 jason 45: #include "cipher.h"
1.1 deraadt 46: #include "xmalloc.h"
47: #include "buffer.h"
48: #include "bufaux.h"
1.15 markus 49: #include "key.h"
1.16.2.3 jason 50: #include "ssh.h"
51: #include "log.h"
52: #include "authfile.h"
1.1 deraadt 53:
54: /* Version identification string for identity files. */
1.16.2.3 jason 55: static const char authfile_id_string[] =
56: "SSH PRIVATE KEY FILE FORMAT 1.1\n";
1.1 deraadt 57:
1.10 markus 58: /*
59: * Saves the authentication (private) key in a file, encrypting it with
60: * passphrase. The identification of the file (lowest 64 bits of n) will
61: * precede the key to provide identification of the key without needing a
62: * passphrase.
63: */
1.1 deraadt 64:
1.3 provos 65: int
1.16.2.3 jason 66: save_private_key_rsa1(const char *filename, const char *passphrase,
1.15 markus 67: RSA *key, const char *comment)
1.1 deraadt 68: {
1.8 markus 69: Buffer buffer, encrypted;
70: char buf[100], *cp;
1.11 deraadt 71: int fd, i;
1.16.2.2 jason 72: CipherContext ciphercontext;
73: Cipher *cipher;
1.8 markus 74: u_int32_t rand;
75:
1.10 markus 76: /*
77: * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting
78: * to another cipher; otherwise use SSH_AUTHFILE_CIPHER.
79: */
1.8 markus 80: if (strcmp(passphrase, "") == 0)
1.16.2.2 jason 81: cipher = cipher_by_number(SSH_CIPHER_NONE);
1.8 markus 82: else
1.16.2.2 jason 83: cipher = cipher_by_number(SSH_AUTHFILE_CIPHER);
84: if (cipher == NULL)
85: fatal("save_private_key_rsa: bad cipher");
1.8 markus 86:
87: /* This buffer is used to built the secret part of the private key. */
88: buffer_init(&buffer);
89:
90: /* Put checkbytes for checking passphrase validity. */
91: rand = arc4random();
92: buf[0] = rand & 0xff;
93: buf[1] = (rand >> 8) & 0xff;
94: buf[2] = buf[0];
95: buf[3] = buf[1];
96: buffer_append(&buffer, buf, 4);
97:
1.10 markus 98: /*
99: * Store the private key (n and e will not be stored because they
100: * will be stored in plain text, and storing them also in encrypted
101: * format would just give known plaintext).
102: */
1.8 markus 103: buffer_put_bignum(&buffer, key->d);
104: buffer_put_bignum(&buffer, key->iqmp);
105: buffer_put_bignum(&buffer, key->q); /* reverse from SSL p */
106: buffer_put_bignum(&buffer, key->p); /* reverse from SSL q */
107:
108: /* Pad the part to be encrypted until its size is a multiple of 8. */
109: while (buffer_len(&buffer) % 8 != 0)
110: buffer_put_char(&buffer, 0);
111:
112: /* This buffer will be used to contain the data in the file. */
113: buffer_init(&encrypted);
114:
115: /* First store keyfile id string. */
1.16.2.3 jason 116: for (i = 0; authfile_id_string[i]; i++)
117: buffer_put_char(&encrypted, authfile_id_string[i]);
1.8 markus 118: buffer_put_char(&encrypted, 0);
119:
120: /* Store cipher type. */
1.16.2.2 jason 121: buffer_put_char(&encrypted, cipher->number);
1.8 markus 122: buffer_put_int(&encrypted, 0); /* For future extension */
123:
124: /* Store public key. This will be in plain text. */
125: buffer_put_int(&encrypted, BN_num_bits(key->n));
126: buffer_put_bignum(&encrypted, key->n);
127: buffer_put_bignum(&encrypted, key->e);
128: buffer_put_string(&encrypted, comment, strlen(comment));
129:
130: /* Allocate space for the private part of the key in the buffer. */
131: buffer_append_space(&encrypted, &cp, buffer_len(&buffer));
132:
1.16.2.2 jason 133: cipher_set_key_string(&ciphercontext, cipher, passphrase);
1.16.2.3 jason 134: cipher_encrypt(&ciphercontext, (u_char *) cp,
135: (u_char *) buffer_ptr(&buffer), buffer_len(&buffer));
1.16.2.2 jason 136: memset(&ciphercontext, 0, sizeof(ciphercontext));
1.8 markus 137:
138: /* Destroy temporary data. */
139: memset(buf, 0, sizeof(buf));
140: buffer_free(&buffer);
141:
1.11 deraadt 142: fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
143: if (fd < 0)
1.8 markus 144: return 0;
1.11 deraadt 145: if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) !=
1.8 markus 146: buffer_len(&encrypted)) {
147: debug("Write to key file %.200s failed: %.100s", filename,
148: strerror(errno));
149: buffer_free(&encrypted);
1.11 deraadt 150: close(fd);
1.16.2.3 jason 151: unlink(filename);
1.8 markus 152: return 0;
153: }
1.11 deraadt 154: close(fd);
1.8 markus 155: buffer_free(&encrypted);
156: return 1;
1.1 deraadt 157: }
158:
1.16.2.3 jason 159: /* save SSH2 key in OpenSSL PEM format */
1.15 markus 160: int
1.16.2.3 jason 161: save_private_key_ssh2(const char *filename, const char *_passphrase,
162: Key *key, const char *comment)
1.15 markus 163: {
164: FILE *fp;
165: int fd;
1.16.2.3 jason 166: int success = 0;
167: int len = strlen(_passphrase);
168: char *passphrase = (len > 0) ? (char *)_passphrase : NULL;
169: EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL;
1.15 markus 170:
171: if (len > 0 && len <= 4) {
172: error("passphrase too short: %d bytes", len);
173: errno = 0;
174: return 0;
175: }
176: fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
177: if (fd < 0) {
178: debug("open %s failed", filename);
179: return 0;
180: }
181: fp = fdopen(fd, "w");
182: if (fp == NULL ) {
183: debug("fdopen %s failed", filename);
184: close(fd);
185: return 0;
186: }
1.16.2.3 jason 187: switch (key->type) {
188: case KEY_DSA:
189: success = PEM_write_DSAPrivateKey(fp, key->dsa,
190: cipher, passphrase, len, NULL, NULL);
191: break;
192: case KEY_RSA:
193: success = PEM_write_RSAPrivateKey(fp, key->rsa,
194: cipher, passphrase, len, NULL, NULL);
195: break;
1.15 markus 196: }
197: fclose(fp);
198: return success;
199: }
200:
201: int
202: save_private_key(const char *filename, const char *passphrase, Key *key,
203: const char *comment)
204: {
205: switch (key->type) {
1.16.2.3 jason 206: case KEY_RSA1:
207: return save_private_key_rsa1(filename, passphrase, key->rsa, comment);
1.15 markus 208: break;
209: case KEY_DSA:
1.16.2.3 jason 210: case KEY_RSA:
211: return save_private_key_ssh2(filename, passphrase, key, comment);
1.15 markus 212: break;
213: default:
214: break;
215: }
216: return 0;
217: }
218:
1.10 markus 219: /*
220: * Loads the public part of the key file. Returns 0 if an error was
221: * encountered (the file does not exist or is not readable), and non-zero
222: * otherwise.
223: */
1.1 deraadt 224:
1.3 provos 225: int
1.15 markus 226: load_public_key_rsa(const char *filename, RSA * pub, char **comment_return)
1.1 deraadt 227: {
1.11 deraadt 228: int fd, i;
1.8 markus 229: off_t len;
230: Buffer buffer;
231: char *cp;
232:
1.11 deraadt 233: fd = open(filename, O_RDONLY);
234: if (fd < 0)
1.8 markus 235: return 0;
1.11 deraadt 236: len = lseek(fd, (off_t) 0, SEEK_END);
237: lseek(fd, (off_t) 0, SEEK_SET);
1.8 markus 238:
239: buffer_init(&buffer);
240: buffer_append_space(&buffer, &cp, len);
241:
1.11 deraadt 242: if (read(fd, cp, (size_t) len) != (size_t) len) {
1.8 markus 243: debug("Read from key file %.200s failed: %.100s", filename,
1.15 markus 244: strerror(errno));
1.8 markus 245: buffer_free(&buffer);
1.11 deraadt 246: close(fd);
1.8 markus 247: return 0;
248: }
1.11 deraadt 249: close(fd);
1.8 markus 250:
1.16.2.3 jason 251: /* Check that it is at least big enough to contain the ID string. */
252: if (len < sizeof(authfile_id_string)) {
253: debug3("Bad RSA1 key file %.200s.", filename);
1.8 markus 254: buffer_free(&buffer);
255: return 0;
256: }
1.10 markus 257: /*
258: * Make sure it begins with the id string. Consume the id string
259: * from the buffer.
260: */
1.16.2.3 jason 261: for (i = 0; i < sizeof(authfile_id_string); i++)
262: if (buffer_get_char(&buffer) != authfile_id_string[i]) {
263: debug3("Bad RSA1 key file %.200s.", filename);
1.8 markus 264: buffer_free(&buffer);
265: return 0;
266: }
267: /* Skip cipher type and reserved data. */
268: (void) buffer_get_char(&buffer); /* cipher type */
269: (void) buffer_get_int(&buffer); /* reserved */
270:
271: /* Read the public key from the buffer. */
272: buffer_get_int(&buffer);
1.15 markus 273: /* XXX alloc */
274: if (pub->n == NULL)
275: pub->n = BN_new();
1.8 markus 276: buffer_get_bignum(&buffer, pub->n);
1.15 markus 277: /* XXX alloc */
278: if (pub->e == NULL)
279: pub->e = BN_new();
1.8 markus 280: buffer_get_bignum(&buffer, pub->e);
281: if (comment_return)
282: *comment_return = buffer_get_string(&buffer, NULL);
283: /* The encrypted private part is not parsed by this function. */
284:
1.1 deraadt 285: buffer_free(&buffer);
286:
1.8 markus 287: return 1;
1.1 deraadt 288: }
289:
1.16.2.2 jason 290: /* load public key from private-key file */
1.15 markus 291: int
292: load_public_key(const char *filename, Key * key, char **comment_return)
293: {
294: switch (key->type) {
1.16.2.3 jason 295: case KEY_RSA1:
1.15 markus 296: return load_public_key_rsa(filename, key->rsa, comment_return);
297: break;
298: case KEY_DSA:
1.16.2.3 jason 299: case KEY_RSA:
1.15 markus 300: default:
301: break;
302: }
303: return 0;
304: }
305:
1.10 markus 306: /*
307: * Loads the private key from the file. Returns 0 if an error is encountered
308: * (file does not exist or is not readable, or passphrase is bad). This
309: * initializes the private key.
310: * Assumes we are called under uid of the owner of the file.
311: */
1.1 deraadt 312:
1.3 provos 313: int
1.16.2.3 jason 314: load_private_key_rsa1(int fd, const char *filename,
1.15 markus 315: const char *passphrase, RSA * prv, char **comment_return)
1.1 deraadt 316: {
1.15 markus 317: int i, check1, check2, cipher_type;
1.8 markus 318: off_t len;
319: Buffer buffer, decrypted;
320: char *cp;
1.16.2.2 jason 321: CipherContext ciphercontext;
322: Cipher *cipher;
1.8 markus 323: BN_CTX *ctx;
324: BIGNUM *aux;
325:
1.11 deraadt 326: len = lseek(fd, (off_t) 0, SEEK_END);
327: lseek(fd, (off_t) 0, SEEK_SET);
1.8 markus 328:
329: buffer_init(&buffer);
330: buffer_append_space(&buffer, &cp, len);
331:
1.11 deraadt 332: if (read(fd, cp, (size_t) len) != (size_t) len) {
1.8 markus 333: debug("Read from key file %.200s failed: %.100s", filename,
1.16.2.3 jason 334: strerror(errno));
1.8 markus 335: buffer_free(&buffer);
1.11 deraadt 336: close(fd);
1.8 markus 337: return 0;
338: }
339:
1.16.2.3 jason 340: /* Check that it is at least big enough to contain the ID string. */
341: if (len < sizeof(authfile_id_string)) {
342: debug3("Bad RSA1 key file %.200s.", filename);
1.8 markus 343: buffer_free(&buffer);
1.16.2.4! jason 344: close(fd);
1.8 markus 345: return 0;
346: }
1.10 markus 347: /*
348: * Make sure it begins with the id string. Consume the id string
349: * from the buffer.
350: */
1.16.2.3 jason 351: for (i = 0; i < sizeof(authfile_id_string); i++)
352: if (buffer_get_char(&buffer) != authfile_id_string[i]) {
353: debug3("Bad RSA1 key file %.200s.", filename);
1.8 markus 354: buffer_free(&buffer);
1.16.2.4! jason 355: close(fd);
1.8 markus 356: return 0;
357: }
1.16.2.4! jason 358:
1.8 markus 359: /* Read cipher type. */
360: cipher_type = buffer_get_char(&buffer);
361: (void) buffer_get_int(&buffer); /* Reserved data. */
362:
363: /* Read the public key from the buffer. */
364: buffer_get_int(&buffer);
365: prv->n = BN_new();
366: buffer_get_bignum(&buffer, prv->n);
367: prv->e = BN_new();
368: buffer_get_bignum(&buffer, prv->e);
369: if (comment_return)
370: *comment_return = buffer_get_string(&buffer, NULL);
371: else
372: xfree(buffer_get_string(&buffer, NULL));
373:
374: /* Check that it is a supported cipher. */
1.16.2.2 jason 375: cipher = cipher_by_number(cipher_type);
376: if (cipher == NULL) {
377: debug("Unsupported cipher %d used in key file %.200s.",
378: cipher_type, filename);
1.8 markus 379: buffer_free(&buffer);
380: goto fail;
381: }
382: /* Initialize space for decrypted data. */
383: buffer_init(&decrypted);
384: buffer_append_space(&decrypted, &cp, buffer_len(&buffer));
385:
386: /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */
1.16.2.2 jason 387: cipher_set_key_string(&ciphercontext, cipher, passphrase);
1.16.2.3 jason 388: cipher_decrypt(&ciphercontext, (u_char *) cp,
389: (u_char *) buffer_ptr(&buffer), buffer_len(&buffer));
1.16.2.2 jason 390: memset(&ciphercontext, 0, sizeof(ciphercontext));
1.1 deraadt 391: buffer_free(&buffer);
392:
1.8 markus 393: check1 = buffer_get_char(&decrypted);
394: check2 = buffer_get_char(&decrypted);
395: if (check1 != buffer_get_char(&decrypted) ||
396: check2 != buffer_get_char(&decrypted)) {
397: if (strcmp(passphrase, "") != 0)
398: debug("Bad passphrase supplied for key file %.200s.", filename);
399: /* Bad passphrase. */
400: buffer_free(&decrypted);
401: fail:
402: BN_clear_free(prv->n);
1.15 markus 403: prv->n = NULL;
1.8 markus 404: BN_clear_free(prv->e);
1.15 markus 405: prv->e = NULL;
1.8 markus 406: if (comment_return)
407: xfree(*comment_return);
1.16.2.4! jason 408: close(fd);
1.8 markus 409: return 0;
410: }
411: /* Read the rest of the private key. */
412: prv->d = BN_new();
413: buffer_get_bignum(&decrypted, prv->d);
414: prv->iqmp = BN_new();
415: buffer_get_bignum(&decrypted, prv->iqmp); /* u */
416: /* in SSL and SSH p and q are exchanged */
417: prv->q = BN_new();
418: buffer_get_bignum(&decrypted, prv->q); /* p */
419: prv->p = BN_new();
420: buffer_get_bignum(&decrypted, prv->p); /* q */
421:
422: ctx = BN_CTX_new();
423: aux = BN_new();
424:
425: BN_sub(aux, prv->q, BN_value_one());
426: prv->dmq1 = BN_new();
427: BN_mod(prv->dmq1, prv->d, aux, ctx);
428:
429: BN_sub(aux, prv->p, BN_value_one());
430: prv->dmp1 = BN_new();
431: BN_mod(prv->dmp1, prv->d, aux, ctx);
432:
433: BN_clear_free(aux);
434: BN_CTX_free(ctx);
435:
436: buffer_free(&decrypted);
1.16.2.4! jason 437: close(fd);
1.8 markus 438: return 1;
1.15 markus 439: }
440:
441: int
1.16.2.3 jason 442: load_private_key_ssh2(int fd, const char *passphrase, Key *k, char **comment_return)
1.15 markus 443: {
444: FILE *fp;
1.16.2.3 jason 445: int success = 0;
446: EVP_PKEY *pk = NULL;
447: char *name = "<no key>";
1.15 markus 448:
449: fp = fdopen(fd, "r");
450: if (fp == NULL) {
451: error("fdopen failed");
1.16.2.4! jason 452: close(fd);
1.15 markus 453: return 0;
454: }
1.16.2.3 jason 455: pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
456: if (pk == NULL) {
457: debug("PEM_read_PrivateKey failed");
458: (void)ERR_get_error();
459: } else if (pk->type == EVP_PKEY_RSA) {
460: /* replace k->rsa with loaded key */
461: if (k->type == KEY_RSA || k->type == KEY_UNSPEC) {
462: if (k->rsa != NULL)
463: RSA_free(k->rsa);
464: k->rsa = EVP_PKEY_get1_RSA(pk);
465: k->type = KEY_RSA;
466: name = "rsa w/o comment";
467: success = 1;
468: #ifdef DEBUG_PK
469: RSA_print_fp(stderr, k->rsa, 8);
470: #endif
471: }
472: } else if (pk->type == EVP_PKEY_DSA) {
1.15 markus 473: /* replace k->dsa with loaded key */
1.16.2.3 jason 474: if (k->type == KEY_DSA || k->type == KEY_UNSPEC) {
475: if (k->dsa != NULL)
476: DSA_free(k->dsa);
477: k->dsa = EVP_PKEY_get1_DSA(pk);
478: k->type = KEY_DSA;
479: name = "dsa w/o comment";
480: #ifdef DEBUG_PK
481: DSA_print_fp(stderr, k->dsa, 8);
482: #endif
483: success = 1;
484: }
485: } else {
486: error("PEM_read_PrivateKey: mismatch or "
487: "unknown EVP_PKEY save_type %d", pk->save_type);
1.15 markus 488: }
489: fclose(fp);
1.16.2.3 jason 490: if (pk != NULL)
491: EVP_PKEY_free(pk);
492: if (success && comment_return)
493: *comment_return = xstrdup(name);
494: debug("read SSH2 private key done: name %s success %d", name, success);
495: return success;
1.15 markus 496: }
497:
498: int
499: load_private_key(const char *filename, const char *passphrase, Key *key,
500: char **comment_return)
501: {
502: int fd;
503: int ret = 0;
504: struct stat st;
505:
506: fd = open(filename, O_RDONLY);
507: if (fd < 0)
508: return 0;
509:
510: /* check owner and modes */
511: if (fstat(fd, &st) < 0 ||
1.16.2.3 jason 512: (st.st_uid != 0 && getuid() != 0 && st.st_uid != getuid()) ||
1.15 markus 513: (st.st_mode & 077) != 0) {
514: close(fd);
515: error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
516: error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
517: error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
518: error("Bad ownership or mode(0%3.3o) for '%s'.",
1.16.2.4! jason 519: st.st_mode & 0777, filename);
1.15 markus 520: error("It is recommended that your private key files are NOT accessible by others.");
521: return 0;
522: }
523: switch (key->type) {
1.16.2.3 jason 524: case KEY_RSA1:
1.15 markus 525: if (key->rsa->e != NULL) {
526: BN_clear_free(key->rsa->e);
527: key->rsa->e = NULL;
528: }
529: if (key->rsa->n != NULL) {
530: BN_clear_free(key->rsa->n);
531: key->rsa->n = NULL;
532: }
1.16.2.3 jason 533: ret = load_private_key_rsa1(fd, filename, passphrase,
1.16.2.4! jason 534: key->rsa, comment_return); /* closes fd */
! 535:
1.15 markus 536: break;
537: case KEY_DSA:
1.16.2.3 jason 538: case KEY_RSA:
539: case KEY_UNSPEC:
1.16.2.4! jason 540: ret = load_private_key_ssh2(fd, passphrase, key,
! 541: comment_return); /* closes fd */
! 542: break;
1.15 markus 543: default:
1.16.2.4! jason 544: close(fd);
1.15 markus 545: break;
546: }
547: return ret;
1.16.2.2 jason 548: }
549:
550: int
551: do_load_public_key(const char *filename, Key *k, char **commentp)
552: {
553: FILE *f;
554: char line[1024];
555: char *cp;
556:
557: f = fopen(filename, "r");
558: if (f != NULL) {
559: while (fgets(line, sizeof(line), f)) {
560: line[sizeof(line)-1] = '\0';
561: cp = line;
562: switch(*cp){
563: case '#':
564: case '\n':
565: case '\0':
566: continue;
567: }
568: /* Skip leading whitespace. */
569: for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
570: ;
571: if (*cp) {
1.16.2.3 jason 572: if (key_read(k, &cp) == 1) {
1.16.2.2 jason 573: if (commentp)
574: *commentp=xstrdup(filename);
575: fclose(f);
576: return 1;
577: }
578: }
579: }
580: fclose(f);
581: }
582: return 0;
583: }
584:
585: /* load public key from pubkey file */
586: int
587: try_load_public_key(const char *filename, Key *k, char **commentp)
588: {
589: char pub[MAXPATHLEN];
590:
591: if (do_load_public_key(filename, k, commentp) == 1)
592: return 1;
593: if (strlcpy(pub, filename, sizeof pub) >= MAXPATHLEN)
594: return 0;
595: if (strlcat(pub, ".pub", sizeof pub) >= MAXPATHLEN)
596: return 0;
597: if (do_load_public_key(pub, k, commentp) == 1)
598: return 1;
599: return 0;
1.1 deraadt 600: }