void
key_cert_copy(const Key *from_key, Key *to_key)
{
int r;
if ((r = sshkey_cert_copy(from_key, to_key)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
}
/* Load private key and certificate */
int
sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
struct sshkey **keyp, int *perm_ok)
{
struct sshkey *key = NULL, *cert = NULL;
int r;
if (keyp != NULL)
*keyp = NULL;
switch (type) {
#ifdef WITH_OPENSSL
case KEY_RSA:
case KEY_DSA:
case KEY_ECDSA:
#endif /* WITH_OPENSSL */
case KEY_ED25519:
case KEY_XMSS:
case KEY_UNSPEC:
break;
default:
return SSH_ERR_KEY_TYPE_UNKNOWN;
}
if ((r = sshkey_load_private_type(type, filename,
passphrase, &key, NULL, perm_ok)) != 0 ||
(r = sshkey_load_cert(filename, &cert)) != 0)
goto out;
/* Make sure the private key matches the certificate */
if (sshkey_equal_public(key, cert) == 0) {
r = SSH_ERR_KEY_CERT_MISMATCH;
goto out;
}
if ((r = sshkey_to_certified(key)) != 0 ||
(r = sshkey_cert_copy(cert, key)) != 0)
goto out;
r = 0;
if (keyp != NULL) {
*keyp = key;
key = NULL;
}
out:
sshkey_free(key);
sshkey_free(cert);
return r;
}
/* Load private key and certificate */
int
sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
struct sshkey **keyp, int *perm_ok)
{
struct sshkey *key = NULL, *cert = NULL;
int r;
*keyp = NULL;
switch (type) {
case KEY_RSA:
case KEY_DSA:
case KEY_ECDSA:
case KEY_UNSPEC:
break;
default:
return SSH_ERR_KEY_TYPE_UNKNOWN;
}
if ((r = sshkey_load_private_type(type, filename,
passphrase, &key, NULL, perm_ok)) != 0 ||
(r = sshkey_load_cert(filename, &cert)) != 0)
goto out;
/* Make sure the private key matches the certificate */
if (sshkey_equal_public(key, cert) == 0) {
r = SSH_ERR_KEY_CERT_MISMATCH;
goto out;
}
if ((r = sshkey_to_certified(key, sshkey_cert_is_legacy(cert))) != 0 ||
(r = sshkey_cert_copy(cert, key)) != 0)
goto out;
r = 0;
*keyp = key;
key = NULL;
out:
if (key != NULL)
sshkey_free(key);
if (cert != NULL)
sshkey_free(cert);
return r;
}
