Bugzilla – Attachment 2715 Details for
Bug 2472
Add support to load additional certificates
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch part 1/3
0001-sshkey-API-Add-new-sshkey_is_private-function.patch (text/plain), 2.11 KB, created by
Thomas Jarosch
on 2015-09-26 02:13:32 AEST
(
hide
)
Description:
Patch part 1/3
Filename:
MIME Type:
Creator:
Thomas Jarosch
Created:
2015-09-26 02:13:32 AEST
Size:
2.11 KB
patch
obsolete
>From 6b15166cd4494c6844be20c6b8f2f9db94a2f156 Mon Sep 17 00:00:00 2001 >From: Thomas Jarosch <thomas.jarosch@intra2net.com> >Date: Fri, 25 Sep 2015 17:20:56 +0200 >Subject: [PATCH 1/3] sshkey API: Add new sshkey_is_private() function > >The new function determines if a "struct sshkey" >contains all needed private key fields. Otherwise >it's only useful as a public key / certificate. > >Similar code is reported to be in Redhat's audit patch. > >Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> >--- > sshkey.c | 39 +++++++++++++++++++++++++++++++++++++++ > sshkey.h | 1 + > 2 files changed, 40 insertions(+) > >diff --git a/sshkey.c b/sshkey.c >index 3dd8907..9148598 100644 >--- a/sshkey.c >+++ b/sshkey.c >@@ -306,6 +306,45 @@ sshkey_is_cert(const struct sshkey *k) > return sshkey_type_is_cert(k->type); > } > >+int >+sshkey_is_private(const struct sshkey *k) >+{ >+ switch (k->type) { >+#ifdef WITH_OPENSSL >+ case KEY_RSA1: >+ case KEY_RSA: >+ case KEY_RSA_CERT: >+ if (k->rsa && k->rsa->d && k->rsa->q && k->rsa->p && >+ k->rsa->iqmp && >+ !BN_is_zero(k->rsa->d) && >+ !BN_is_zero(k->rsa->q) && >+ !BN_is_zero(k->rsa->p) && >+ !BN_is_zero(k->rsa->iqmp)) >+ return 1; >+ break; >+ case KEY_DSA: >+ case KEY_DSA_CERT: >+ if (k->dsa && k->dsa->priv_key) >+ return 1; >+ break; >+ case KEY_ECDSA: >+ case KEY_ECDSA_CERT: >+ if (k->ecdsa && EC_KEY_get0_private_key(k->ecdsa)) >+ return 1; >+ break; >+#endif /* WITH_OPENSSL */ >+ case KEY_ED25519: >+ case KEY_ED25519_CERT: >+ if (k->ed25519_sk) >+ return 1; >+ break; >+ case KEY_UNSPEC: >+ break; >+ } >+ >+ return 0; >+} >+ > /* Return the cert-less equivalent to a certified key type */ > int > sshkey_type_plain(int type) >diff --git a/sshkey.h b/sshkey.h >index 99f1b25..83dd24b 100644 >--- a/sshkey.h >+++ b/sshkey.h >@@ -133,6 +133,7 @@ int sshkey_generate(int type, u_int bits, struct sshkey **keyp); > int sshkey_from_private(const struct sshkey *, struct sshkey **); > int sshkey_type_from_name(const char *); > int sshkey_is_cert(const struct sshkey *); >+int sshkey_is_private(const struct sshkey *); > int sshkey_type_is_cert(int); > int sshkey_type_plain(int); > int sshkey_to_certified(struct sshkey *); >-- >2.4.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2715">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2472
:
2715
|
2716
|
2717
|
2933
|
2934
|
3227