Annotation of src/usr.bin/ssh/authfile.c, Revision 1.20.2.1
1.1 deraadt 1: /*
1.9 deraadt 2: * Author: Tatu Ylonen <ylo@cs.hut.fi>
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: * All rights reserved
5: * This file contains functions for reading and writing identity files, and
6: * for reading the passphrase from the user.
1.14 markus 7: *
1.19 deraadt 8: * As far as I am concerned, the code I have written for this software
9: * can be used freely for any purpose. Any derived versions of this
10: * software must be clearly marked as such, and if the derived work is
11: * incompatible with the protocol description in the RFC file, it must be
12: * called by a name other than "ssh" or "Secure Shell".
13: *
14: *
15: * Copyright (c) 2000 Markus Friedl. All rights reserved.
16: *
17: * Redistribution and use in source and binary forms, with or without
18: * modification, are permitted provided that the following conditions
19: * are met:
20: * 1. Redistributions of source code must retain the above copyright
21: * notice, this list of conditions and the following disclaimer.
22: * 2. Redistributions in binary form must reproduce the above copyright
23: * notice, this list of conditions and the following disclaimer in the
24: * documentation and/or other materials provided with the distribution.
25: *
26: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.9 deraadt 36: */
1.1 deraadt 37:
38: #include "includes.h"
1.20.2.1! jason 39: RCSID("$OpenBSD: authfile.c,v 1.27 2001/02/08 19:30:51 itojun Exp $");
1.1 deraadt 40:
1.20.2.1! jason 41: #include <openssl/err.h>
1.15 markus 42: #include <openssl/evp.h>
1.20.2.1! jason 43: #include <openssl/pem.h>
1.15 markus 44:
1.20.2.1! jason 45: #include "cipher.h"
1.1 deraadt 46: #include "xmalloc.h"
47: #include "buffer.h"
48: #include "bufaux.h"
1.15 markus 49: #include "key.h"
1.20.2.1! jason 50: #include "ssh.h"
! 51: #include "log.h"
! 52: #include "authfile.h"
1.1 deraadt 53:
54: /* Version identification string for identity files. */
1.20.2.1! jason 55: static const char authfile_id_string[] =
! 56: "SSH PRIVATE KEY FILE FORMAT 1.1\n";
1.1 deraadt 57:
1.10 markus 58: /*
59: * Saves the authentication (private) key in a file, encrypting it with
60: * passphrase. The identification of the file (lowest 64 bits of n) will
61: * precede the key to provide identification of the key without needing a
62: * passphrase.
63: */
1.1 deraadt 64:
1.3 provos 65: int
1.20.2.1! jason 66: save_private_key_rsa1(const char *filename, const char *passphrase,
1.15 markus 67: RSA *key, const char *comment)
1.1 deraadt 68: {
1.8 markus 69: Buffer buffer, encrypted;
70: char buf[100], *cp;
1.11 deraadt 71: int fd, i;
1.20 markus 72: CipherContext ciphercontext;
73: Cipher *cipher;
1.8 markus 74: u_int32_t rand;
75:
1.10 markus 76: /*
77: * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting
78: * to another cipher; otherwise use SSH_AUTHFILE_CIPHER.
79: */
1.8 markus 80: if (strcmp(passphrase, "") == 0)
1.20 markus 81: cipher = cipher_by_number(SSH_CIPHER_NONE);
1.8 markus 82: else
1.20 markus 83: cipher = cipher_by_number(SSH_AUTHFILE_CIPHER);
84: if (cipher == NULL)
85: fatal("save_private_key_rsa: bad cipher");
1.8 markus 86:
87: /* This buffer is used to built the secret part of the private key. */
88: buffer_init(&buffer);
89:
90: /* Put checkbytes for checking passphrase validity. */
91: rand = arc4random();
92: buf[0] = rand & 0xff;
93: buf[1] = (rand >> 8) & 0xff;
94: buf[2] = buf[0];
95: buf[3] = buf[1];
96: buffer_append(&buffer, buf, 4);
97:
1.10 markus 98: /*
99: * Store the private key (n and e will not be stored because they
100: * will be stored in plain text, and storing them also in encrypted
101: * format would just give known plaintext).
102: */
1.8 markus 103: buffer_put_bignum(&buffer, key->d);
104: buffer_put_bignum(&buffer, key->iqmp);
105: buffer_put_bignum(&buffer, key->q); /* reverse from SSL p */
106: buffer_put_bignum(&buffer, key->p); /* reverse from SSL q */
107:
108: /* Pad the part to be encrypted until its size is a multiple of 8. */
109: while (buffer_len(&buffer) % 8 != 0)
110: buffer_put_char(&buffer, 0);
111:
112: /* This buffer will be used to contain the data in the file. */
113: buffer_init(&encrypted);
114:
115: /* First store keyfile id string. */
1.20.2.1! jason 116: for (i = 0; authfile_id_string[i]; i++)
! 117: buffer_put_char(&encrypted, authfile_id_string[i]);
1.8 markus 118: buffer_put_char(&encrypted, 0);
119:
120: /* Store cipher type. */
1.20 markus 121: buffer_put_char(&encrypted, cipher->number);
1.8 markus 122: buffer_put_int(&encrypted, 0); /* For future extension */
123:
124: /* Store public key. This will be in plain text. */
125: buffer_put_int(&encrypted, BN_num_bits(key->n));
126: buffer_put_bignum(&encrypted, key->n);
127: buffer_put_bignum(&encrypted, key->e);
128: buffer_put_string(&encrypted, comment, strlen(comment));
129:
130: /* Allocate space for the private part of the key in the buffer. */
131: buffer_append_space(&encrypted, &cp, buffer_len(&buffer));
132:
1.20 markus 133: cipher_set_key_string(&ciphercontext, cipher, passphrase);
1.20.2.1! jason 134: cipher_encrypt(&ciphercontext, (u_char *) cp,
! 135: (u_char *) buffer_ptr(&buffer), buffer_len(&buffer));
1.20 markus 136: memset(&ciphercontext, 0, sizeof(ciphercontext));
1.8 markus 137:
138: /* Destroy temporary data. */
139: memset(buf, 0, sizeof(buf));
140: buffer_free(&buffer);
141:
1.11 deraadt 142: fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
143: if (fd < 0)
1.8 markus 144: return 0;
1.11 deraadt 145: if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) !=
1.8 markus 146: buffer_len(&encrypted)) {
147: debug("Write to key file %.200s failed: %.100s", filename,
148: strerror(errno));
149: buffer_free(&encrypted);
1.11 deraadt 150: close(fd);
1.20.2.1! jason 151: unlink(filename);
1.8 markus 152: return 0;
153: }
1.11 deraadt 154: close(fd);
1.8 markus 155: buffer_free(&encrypted);
156: return 1;
1.1 deraadt 157: }
158:
1.20.2.1! jason 159: /* save SSH2 key in OpenSSL PEM format */
1.15 markus 160: int
1.20.2.1! jason 161: save_private_key_ssh2(const char *filename, const char *_passphrase,
! 162: Key *key, const char *comment)
1.15 markus 163: {
164: FILE *fp;
165: int fd;
1.20.2.1! jason 166: int success = 0;
! 167: int len = strlen(_passphrase);
! 168: char *passphrase = (len > 0) ? (char *)_passphrase : NULL;
! 169: EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL;
1.15 markus 170:
171: if (len > 0 && len <= 4) {
172: error("passphrase too short: %d bytes", len);
173: errno = 0;
174: return 0;
175: }
176: fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
177: if (fd < 0) {
178: debug("open %s failed", filename);
179: return 0;
180: }
181: fp = fdopen(fd, "w");
182: if (fp == NULL ) {
183: debug("fdopen %s failed", filename);
184: close(fd);
185: return 0;
186: }
1.20.2.1! jason 187: switch (key->type) {
! 188: case KEY_DSA:
! 189: success = PEM_write_DSAPrivateKey(fp, key->dsa,
! 190: cipher, passphrase, len, NULL, NULL);
! 191: break;
! 192: case KEY_RSA:
! 193: success = PEM_write_RSAPrivateKey(fp, key->rsa,
! 194: cipher, passphrase, len, NULL, NULL);
! 195: break;
1.15 markus 196: }
197: fclose(fp);
198: return success;
199: }
200:
201: int
202: save_private_key(const char *filename, const char *passphrase, Key *key,
203: const char *comment)
204: {
205: switch (key->type) {
1.20.2.1! jason 206: case KEY_RSA1:
! 207: return save_private_key_rsa1(filename, passphrase, key->rsa, comment);
1.15 markus 208: break;
209: case KEY_DSA:
1.20.2.1! jason 210: case KEY_RSA:
! 211: return save_private_key_ssh2(filename, passphrase, key, comment);
1.15 markus 212: break;
213: default:
214: break;
215: }
216: return 0;
217: }
218:
1.10 markus 219: /*
220: * Loads the public part of the key file. Returns 0 if an error was
221: * encountered (the file does not exist or is not readable), and non-zero
222: * otherwise.
223: */
1.1 deraadt 224:
1.3 provos 225: int
1.15 markus 226: load_public_key_rsa(const char *filename, RSA * pub, char **comment_return)
1.1 deraadt 227: {
1.11 deraadt 228: int fd, i;
1.8 markus 229: off_t len;
230: Buffer buffer;
231: char *cp;
232:
1.11 deraadt 233: fd = open(filename, O_RDONLY);
234: if (fd < 0)
1.8 markus 235: return 0;
1.11 deraadt 236: len = lseek(fd, (off_t) 0, SEEK_END);
237: lseek(fd, (off_t) 0, SEEK_SET);
1.8 markus 238:
239: buffer_init(&buffer);
240: buffer_append_space(&buffer, &cp, len);
241:
1.11 deraadt 242: if (read(fd, cp, (size_t) len) != (size_t) len) {
1.8 markus 243: debug("Read from key file %.200s failed: %.100s", filename,
1.15 markus 244: strerror(errno));
1.8 markus 245: buffer_free(&buffer);
1.11 deraadt 246: close(fd);
1.8 markus 247: return 0;
248: }
1.11 deraadt 249: close(fd);
1.8 markus 250:
1.20.2.1! jason 251: /* Check that it is at least big enough to contain the ID string. */
! 252: if (len < sizeof(authfile_id_string)) {
! 253: debug3("Bad RSA1 key file %.200s.", filename);
1.8 markus 254: buffer_free(&buffer);
255: return 0;
256: }
1.10 markus 257: /*
258: * Make sure it begins with the id string. Consume the id string
259: * from the buffer.
260: */
1.20.2.1! jason 261: for (i = 0; i < sizeof(authfile_id_string); i++)
! 262: if (buffer_get_char(&buffer) != authfile_id_string[i]) {
! 263: debug3("Bad RSA1 key file %.200s.", filename);
1.8 markus 264: buffer_free(&buffer);
265: return 0;
266: }
267: /* Skip cipher type and reserved data. */
268: (void) buffer_get_char(&buffer); /* cipher type */
269: (void) buffer_get_int(&buffer); /* reserved */
270:
271: /* Read the public key from the buffer. */
272: buffer_get_int(&buffer);
1.15 markus 273: /* XXX alloc */
274: if (pub->n == NULL)
275: pub->n = BN_new();
1.8 markus 276: buffer_get_bignum(&buffer, pub->n);
1.15 markus 277: /* XXX alloc */
278: if (pub->e == NULL)
279: pub->e = BN_new();
1.8 markus 280: buffer_get_bignum(&buffer, pub->e);
281: if (comment_return)
282: *comment_return = buffer_get_string(&buffer, NULL);
283: /* The encrypted private part is not parsed by this function. */
284:
1.1 deraadt 285: buffer_free(&buffer);
286:
1.8 markus 287: return 1;
1.1 deraadt 288: }
289:
1.18 markus 290: /* load public key from private-key file */
1.15 markus 291: int
292: load_public_key(const char *filename, Key * key, char **comment_return)
293: {
294: switch (key->type) {
1.20.2.1! jason 295: case KEY_RSA1:
1.15 markus 296: return load_public_key_rsa(filename, key->rsa, comment_return);
297: break;
298: case KEY_DSA:
1.20.2.1! jason 299: case KEY_RSA:
1.15 markus 300: default:
301: break;
302: }
303: return 0;
304: }
305:
1.10 markus 306: /*
307: * Loads the private key from the file. Returns 0 if an error is encountered
308: * (file does not exist or is not readable, or passphrase is bad). This
309: * initializes the private key.
310: * Assumes we are called under uid of the owner of the file.
311: */
1.1 deraadt 312:
1.3 provos 313: int
1.20.2.1! jason 314: load_private_key_rsa1(int fd, const char *filename,
1.15 markus 315: const char *passphrase, RSA * prv, char **comment_return)
1.1 deraadt 316: {
1.15 markus 317: int i, check1, check2, cipher_type;
1.8 markus 318: off_t len;
319: Buffer buffer, decrypted;
320: char *cp;
1.20 markus 321: CipherContext ciphercontext;
322: Cipher *cipher;
1.8 markus 323: BN_CTX *ctx;
324: BIGNUM *aux;
325:
1.11 deraadt 326: len = lseek(fd, (off_t) 0, SEEK_END);
327: lseek(fd, (off_t) 0, SEEK_SET);
1.8 markus 328:
329: buffer_init(&buffer);
330: buffer_append_space(&buffer, &cp, len);
331:
1.11 deraadt 332: if (read(fd, cp, (size_t) len) != (size_t) len) {
1.8 markus 333: debug("Read from key file %.200s failed: %.100s", filename,
1.20.2.1! jason 334: strerror(errno));
1.8 markus 335: buffer_free(&buffer);
1.11 deraadt 336: close(fd);
1.8 markus 337: return 0;
338: }
1.11 deraadt 339: close(fd);
1.8 markus 340:
1.20.2.1! jason 341: /* Check that it is at least big enough to contain the ID string. */
! 342: if (len < sizeof(authfile_id_string)) {
! 343: debug3("Bad RSA1 key file %.200s.", filename);
1.8 markus 344: buffer_free(&buffer);
345: return 0;
346: }
1.10 markus 347: /*
348: * Make sure it begins with the id string. Consume the id string
349: * from the buffer.
350: */
1.20.2.1! jason 351: for (i = 0; i < sizeof(authfile_id_string); i++)
! 352: if (buffer_get_char(&buffer) != authfile_id_string[i]) {
! 353: debug3("Bad RSA1 key file %.200s.", filename);
1.8 markus 354: buffer_free(&buffer);
355: return 0;
356: }
357: /* Read cipher type. */
358: cipher_type = buffer_get_char(&buffer);
359: (void) buffer_get_int(&buffer); /* Reserved data. */
360:
361: /* Read the public key from the buffer. */
362: buffer_get_int(&buffer);
363: prv->n = BN_new();
364: buffer_get_bignum(&buffer, prv->n);
365: prv->e = BN_new();
366: buffer_get_bignum(&buffer, prv->e);
367: if (comment_return)
368: *comment_return = buffer_get_string(&buffer, NULL);
369: else
370: xfree(buffer_get_string(&buffer, NULL));
371:
372: /* Check that it is a supported cipher. */
1.20 markus 373: cipher = cipher_by_number(cipher_type);
374: if (cipher == NULL) {
375: debug("Unsupported cipher %d used in key file %.200s.",
376: cipher_type, filename);
1.8 markus 377: buffer_free(&buffer);
378: goto fail;
379: }
380: /* Initialize space for decrypted data. */
381: buffer_init(&decrypted);
382: buffer_append_space(&decrypted, &cp, buffer_len(&buffer));
383:
384: /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */
1.20 markus 385: cipher_set_key_string(&ciphercontext, cipher, passphrase);
1.20.2.1! jason 386: cipher_decrypt(&ciphercontext, (u_char *) cp,
! 387: (u_char *) buffer_ptr(&buffer), buffer_len(&buffer));
1.20 markus 388: memset(&ciphercontext, 0, sizeof(ciphercontext));
1.1 deraadt 389: buffer_free(&buffer);
390:
1.8 markus 391: check1 = buffer_get_char(&decrypted);
392: check2 = buffer_get_char(&decrypted);
393: if (check1 != buffer_get_char(&decrypted) ||
394: check2 != buffer_get_char(&decrypted)) {
395: if (strcmp(passphrase, "") != 0)
396: debug("Bad passphrase supplied for key file %.200s.", filename);
397: /* Bad passphrase. */
398: buffer_free(&decrypted);
399: fail:
400: BN_clear_free(prv->n);
1.15 markus 401: prv->n = NULL;
1.8 markus 402: BN_clear_free(prv->e);
1.15 markus 403: prv->e = NULL;
1.8 markus 404: if (comment_return)
405: xfree(*comment_return);
406: return 0;
407: }
408: /* Read the rest of the private key. */
409: prv->d = BN_new();
410: buffer_get_bignum(&decrypted, prv->d);
411: prv->iqmp = BN_new();
412: buffer_get_bignum(&decrypted, prv->iqmp); /* u */
413: /* in SSL and SSH p and q are exchanged */
414: prv->q = BN_new();
415: buffer_get_bignum(&decrypted, prv->q); /* p */
416: prv->p = BN_new();
417: buffer_get_bignum(&decrypted, prv->p); /* q */
418:
419: ctx = BN_CTX_new();
420: aux = BN_new();
421:
422: BN_sub(aux, prv->q, BN_value_one());
423: prv->dmq1 = BN_new();
424: BN_mod(prv->dmq1, prv->d, aux, ctx);
425:
426: BN_sub(aux, prv->p, BN_value_one());
427: prv->dmp1 = BN_new();
428: BN_mod(prv->dmp1, prv->d, aux, ctx);
429:
430: BN_clear_free(aux);
431: BN_CTX_free(ctx);
432:
433: buffer_free(&decrypted);
1.1 deraadt 434:
1.8 markus 435: return 1;
1.15 markus 436: }
437:
438: int
1.20.2.1! jason 439: load_private_key_ssh2(int fd, const char *passphrase, Key *k, char **comment_return)
1.15 markus 440: {
441: FILE *fp;
1.20.2.1! jason 442: int success = 0;
! 443: EVP_PKEY *pk = NULL;
! 444: char *name = "<no key>";
1.15 markus 445:
446: fp = fdopen(fd, "r");
447: if (fp == NULL) {
448: error("fdopen failed");
449: return 0;
450: }
1.20.2.1! jason 451: pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
! 452: if (pk == NULL) {
! 453: debug("PEM_read_PrivateKey failed");
! 454: (void)ERR_get_error();
! 455: } else if (pk->type == EVP_PKEY_RSA) {
! 456: /* replace k->rsa with loaded key */
! 457: if (k->type == KEY_RSA || k->type == KEY_UNSPEC) {
! 458: if (k->rsa != NULL)
! 459: RSA_free(k->rsa);
! 460: k->rsa = EVP_PKEY_get1_RSA(pk);
! 461: k->type = KEY_RSA;
! 462: name = "rsa w/o comment";
! 463: success = 1;
! 464: #ifdef DEBUG_PK
! 465: RSA_print_fp(stderr, k->rsa, 8);
! 466: #endif
! 467: }
! 468: } else if (pk->type == EVP_PKEY_DSA) {
1.15 markus 469: /* replace k->dsa with loaded key */
1.20.2.1! jason 470: if (k->type == KEY_DSA || k->type == KEY_UNSPEC) {
! 471: if (k->dsa != NULL)
! 472: DSA_free(k->dsa);
! 473: k->dsa = EVP_PKEY_get1_DSA(pk);
! 474: k->type = KEY_DSA;
! 475: name = "dsa w/o comment";
! 476: #ifdef DEBUG_PK
! 477: DSA_print_fp(stderr, k->dsa, 8);
! 478: #endif
! 479: success = 1;
! 480: }
! 481: } else {
! 482: error("PEM_read_PrivateKey: mismatch or "
! 483: "unknown EVP_PKEY save_type %d", pk->save_type);
1.15 markus 484: }
485: fclose(fp);
1.20.2.1! jason 486: if (pk != NULL)
! 487: EVP_PKEY_free(pk);
! 488: if (success && comment_return)
! 489: *comment_return = xstrdup(name);
! 490: debug("read SSH2 private key done: name %s success %d", name, success);
! 491: return success;
1.15 markus 492: }
493:
494: int
495: load_private_key(const char *filename, const char *passphrase, Key *key,
496: char **comment_return)
497: {
498: int fd;
499: int ret = 0;
500: struct stat st;
501:
502: fd = open(filename, O_RDONLY);
503: if (fd < 0)
504: return 0;
505:
506: /* check owner and modes */
507: if (fstat(fd, &st) < 0 ||
1.20.2.1! jason 508: (st.st_uid != 0 && getuid() != 0 && st.st_uid != getuid()) ||
1.15 markus 509: (st.st_mode & 077) != 0) {
510: close(fd);
511: error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
512: error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
513: error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
514: error("Bad ownership or mode(0%3.3o) for '%s'.",
515: st.st_mode & 0777, filename);
516: error("It is recommended that your private key files are NOT accessible by others.");
517: return 0;
518: }
519: switch (key->type) {
1.20.2.1! jason 520: case KEY_RSA1:
1.15 markus 521: if (key->rsa->e != NULL) {
522: BN_clear_free(key->rsa->e);
523: key->rsa->e = NULL;
524: }
525: if (key->rsa->n != NULL) {
526: BN_clear_free(key->rsa->n);
527: key->rsa->n = NULL;
528: }
1.20.2.1! jason 529: ret = load_private_key_rsa1(fd, filename, passphrase,
1.15 markus 530: key->rsa, comment_return);
531: break;
532: case KEY_DSA:
1.20.2.1! jason 533: case KEY_RSA:
! 534: case KEY_UNSPEC:
! 535: ret = load_private_key_ssh2(fd, passphrase, key, comment_return);
1.15 markus 536: default:
537: break;
538: }
539: close(fd);
540: return ret;
1.18 markus 541: }
542:
543: int
544: do_load_public_key(const char *filename, Key *k, char **commentp)
545: {
546: FILE *f;
547: char line[1024];
548: char *cp;
549:
550: f = fopen(filename, "r");
551: if (f != NULL) {
552: while (fgets(line, sizeof(line), f)) {
553: line[sizeof(line)-1] = '\0';
554: cp = line;
555: switch(*cp){
556: case '#':
557: case '\n':
558: case '\0':
559: continue;
560: }
561: /* Skip leading whitespace. */
562: for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
563: ;
564: if (*cp) {
1.20.2.1! jason 565: if (key_read(k, &cp) == 1) {
1.18 markus 566: if (commentp)
567: *commentp=xstrdup(filename);
568: fclose(f);
569: return 1;
570: }
571: }
572: }
573: fclose(f);
574: }
575: return 0;
576: }
577:
578: /* load public key from pubkey file */
579: int
580: try_load_public_key(const char *filename, Key *k, char **commentp)
581: {
582: char pub[MAXPATHLEN];
583:
584: if (do_load_public_key(filename, k, commentp) == 1)
585: return 1;
586: if (strlcpy(pub, filename, sizeof pub) >= MAXPATHLEN)
587: return 0;
588: if (strlcat(pub, ".pub", sizeof pub) >= MAXPATHLEN)
589: return 0;
590: if (do_load_public_key(pub, k, commentp) == 1)
591: return 1;
592: return 0;
1.1 deraadt 593: }