diff options
author | Colin Watson <cjwatson@debian.org> | 2013-05-07 10:06:42 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2013-05-07 10:06:42 +0100 |
commit | ecebda56da46a03dafff923d91c382f31faa9eec (patch) | |
tree | 449614b6c06a2622c74a609b31fcc46c60037c56 /key.c | |
parent | c6a2c0334e45419875687d250aed9bea78480f2e (diff) | |
parent | ffc06452028ba78cd693d4ed43df8b60a10d6163 (diff) |
merge 6.2p1; reorder additions to monitor.h for easier merging in future
Diffstat (limited to 'key.c')
-rw-r--r-- | key.c | 40 |
1 files changed, 25 insertions, 15 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.c,v 1.99 2012/05/23 03:28:28 djm Exp $ */ | 1 | /* $OpenBSD: key.c,v 1.100 2013/01/17 23:00:01 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * read_bignum(): | 3 | * read_bignum(): |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -55,6 +55,8 @@ | |||
55 | #include "misc.h" | 55 | #include "misc.h" |
56 | #include "ssh2.h" | 56 | #include "ssh2.h" |
57 | 57 | ||
58 | static int to_blob(const Key *, u_char **, u_int *, int); | ||
59 | |||
58 | static struct KeyCert * | 60 | static struct KeyCert * |
59 | cert_new(void) | 61 | cert_new(void) |
60 | { | 62 | { |
@@ -324,14 +326,15 @@ key_equal(const Key *a, const Key *b) | |||
324 | } | 326 | } |
325 | 327 | ||
326 | u_char* | 328 | u_char* |
327 | key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) | 329 | key_fingerprint_raw(const Key *k, enum fp_type dgst_type, |
330 | u_int *dgst_raw_length) | ||
328 | { | 331 | { |
329 | const EVP_MD *md = NULL; | 332 | const EVP_MD *md = NULL; |
330 | EVP_MD_CTX ctx; | 333 | EVP_MD_CTX ctx; |
331 | u_char *blob = NULL; | 334 | u_char *blob = NULL; |
332 | u_char *retval = NULL; | 335 | u_char *retval = NULL; |
333 | u_int len = 0; | 336 | u_int len = 0; |
334 | int nlen, elen, otype; | 337 | int nlen, elen; |
335 | 338 | ||
336 | *dgst_raw_length = 0; | 339 | *dgst_raw_length = 0; |
337 | 340 | ||
@@ -371,10 +374,7 @@ key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) | |||
371 | case KEY_ECDSA_CERT: | 374 | case KEY_ECDSA_CERT: |
372 | case KEY_RSA_CERT: | 375 | case KEY_RSA_CERT: |
373 | /* We want a fingerprint of the _key_ not of the cert */ | 376 | /* We want a fingerprint of the _key_ not of the cert */ |
374 | otype = k->type; | 377 | to_blob(k, &blob, &len, 1); |
375 | k->type = key_type_plain(k->type); | ||
376 | key_to_blob(k, &blob, &len); | ||
377 | k->type = otype; | ||
378 | break; | 378 | break; |
379 | case KEY_UNSPEC: | 379 | case KEY_UNSPEC: |
380 | return retval; | 380 | return retval; |
@@ -1591,18 +1591,19 @@ key_from_blob(const u_char *blob, u_int blen) | |||
1591 | return key; | 1591 | return key; |
1592 | } | 1592 | } |
1593 | 1593 | ||
1594 | int | 1594 | static int |
1595 | key_to_blob(const Key *key, u_char **blobp, u_int *lenp) | 1595 | to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain) |
1596 | { | 1596 | { |
1597 | Buffer b; | 1597 | Buffer b; |
1598 | int len; | 1598 | int len, type; |
1599 | 1599 | ||
1600 | if (key == NULL) { | 1600 | if (key == NULL) { |
1601 | error("key_to_blob: key == NULL"); | 1601 | error("key_to_blob: key == NULL"); |
1602 | return 0; | 1602 | return 0; |
1603 | } | 1603 | } |
1604 | buffer_init(&b); | 1604 | buffer_init(&b); |
1605 | switch (key->type) { | 1605 | type = force_plain ? key_type_plain(key->type) : key->type; |
1606 | switch (type) { | ||
1606 | case KEY_DSA_CERT_V00: | 1607 | case KEY_DSA_CERT_V00: |
1607 | case KEY_RSA_CERT_V00: | 1608 | case KEY_RSA_CERT_V00: |
1608 | case KEY_DSA_CERT: | 1609 | case KEY_DSA_CERT: |
@@ -1613,7 +1614,8 @@ key_to_blob(const Key *key, u_char **blobp, u_int *lenp) | |||
1613 | buffer_len(&key->cert->certblob)); | 1614 | buffer_len(&key->cert->certblob)); |
1614 | break; | 1615 | break; |
1615 | case KEY_DSA: | 1616 | case KEY_DSA: |
1616 | buffer_put_cstring(&b, key_ssh_name(key)); | 1617 | buffer_put_cstring(&b, |
1618 | key_ssh_name_from_type_nid(type, key->ecdsa_nid)); | ||
1617 | buffer_put_bignum2(&b, key->dsa->p); | 1619 | buffer_put_bignum2(&b, key->dsa->p); |
1618 | buffer_put_bignum2(&b, key->dsa->q); | 1620 | buffer_put_bignum2(&b, key->dsa->q); |
1619 | buffer_put_bignum2(&b, key->dsa->g); | 1621 | buffer_put_bignum2(&b, key->dsa->g); |
@@ -1621,14 +1623,16 @@ key_to_blob(const Key *key, u_char **blobp, u_int *lenp) | |||
1621 | break; | 1623 | break; |
1622 | #ifdef OPENSSL_HAS_ECC | 1624 | #ifdef OPENSSL_HAS_ECC |
1623 | case KEY_ECDSA: | 1625 | case KEY_ECDSA: |
1624 | buffer_put_cstring(&b, key_ssh_name(key)); | 1626 | buffer_put_cstring(&b, |
1627 | key_ssh_name_from_type_nid(type, key->ecdsa_nid)); | ||
1625 | buffer_put_cstring(&b, key_curve_nid_to_name(key->ecdsa_nid)); | 1628 | buffer_put_cstring(&b, key_curve_nid_to_name(key->ecdsa_nid)); |
1626 | buffer_put_ecpoint(&b, EC_KEY_get0_group(key->ecdsa), | 1629 | buffer_put_ecpoint(&b, EC_KEY_get0_group(key->ecdsa), |
1627 | EC_KEY_get0_public_key(key->ecdsa)); | 1630 | EC_KEY_get0_public_key(key->ecdsa)); |
1628 | break; | 1631 | break; |
1629 | #endif | 1632 | #endif |
1630 | case KEY_RSA: | 1633 | case KEY_RSA: |
1631 | buffer_put_cstring(&b, key_ssh_name(key)); | 1634 | buffer_put_cstring(&b, |
1635 | key_ssh_name_from_type_nid(type, key->ecdsa_nid)); | ||
1632 | buffer_put_bignum2(&b, key->rsa->e); | 1636 | buffer_put_bignum2(&b, key->rsa->e); |
1633 | buffer_put_bignum2(&b, key->rsa->n); | 1637 | buffer_put_bignum2(&b, key->rsa->n); |
1634 | break; | 1638 | break; |
@@ -1650,6 +1654,12 @@ key_to_blob(const Key *key, u_char **blobp, u_int *lenp) | |||
1650 | } | 1654 | } |
1651 | 1655 | ||
1652 | int | 1656 | int |
1657 | key_to_blob(const Key *key, u_char **blobp, u_int *lenp) | ||
1658 | { | ||
1659 | return to_blob(key, blobp, lenp, 0); | ||
1660 | } | ||
1661 | |||
1662 | int | ||
1653 | key_sign( | 1663 | key_sign( |
1654 | const Key *key, | 1664 | const Key *key, |
1655 | u_char **sigp, u_int *lenp, | 1665 | u_char **sigp, u_int *lenp, |
@@ -2028,7 +2038,7 @@ key_cert_check_authority(const Key *k, int want_host, int require_principal, | |||
2028 | } | 2038 | } |
2029 | 2039 | ||
2030 | int | 2040 | int |
2031 | key_cert_is_legacy(Key *k) | 2041 | key_cert_is_legacy(const Key *k) |
2032 | { | 2042 | { |
2033 | switch (k->type) { | 2043 | switch (k->type) { |
2034 | case KEY_DSA_CERT_V00: | 2044 | case KEY_DSA_CERT_V00: |