summaryrefslogtreecommitdiff
path: root/key.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2013-05-07 10:06:42 +0100
committerColin Watson <cjwatson@debian.org>2013-05-07 10:06:42 +0100
commitecebda56da46a03dafff923d91c382f31faa9eec (patch)
tree449614b6c06a2622c74a609b31fcc46c60037c56 /key.c
parentc6a2c0334e45419875687d250aed9bea78480f2e (diff)
parentffc06452028ba78cd693d4ed43df8b60a10d6163 (diff)
merge 6.2p1; reorder additions to monitor.h for easier merging in future
Diffstat (limited to 'key.c')
-rw-r--r--key.c40
1 files changed, 25 insertions, 15 deletions
diff --git a/key.c b/key.c
index 2a16b25b9..fdfed5c56 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: key.c,v 1.99 2012/05/23 03:28:28 djm Exp $ */ 1/* $OpenBSD: key.c,v 1.100 2013/01/17 23:00:01 djm Exp $ */
2/* 2/*
3 * read_bignum(): 3 * read_bignum():
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -55,6 +55,8 @@
55#include "misc.h" 55#include "misc.h"
56#include "ssh2.h" 56#include "ssh2.h"
57 57
58static int to_blob(const Key *, u_char **, u_int *, int);
59
58static struct KeyCert * 60static struct KeyCert *
59cert_new(void) 61cert_new(void)
60{ 62{
@@ -324,14 +326,15 @@ key_equal(const Key *a, const Key *b)
324} 326}
325 327
326u_char* 328u_char*
327key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) 329key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
330 u_int *dgst_raw_length)
328{ 331{
329 const EVP_MD *md = NULL; 332 const EVP_MD *md = NULL;
330 EVP_MD_CTX ctx; 333 EVP_MD_CTX ctx;
331 u_char *blob = NULL; 334 u_char *blob = NULL;
332 u_char *retval = NULL; 335 u_char *retval = NULL;
333 u_int len = 0; 336 u_int len = 0;
334 int nlen, elen, otype; 337 int nlen, elen;
335 338
336 *dgst_raw_length = 0; 339 *dgst_raw_length = 0;
337 340
@@ -371,10 +374,7 @@ key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length)
371 case KEY_ECDSA_CERT: 374 case KEY_ECDSA_CERT:
372 case KEY_RSA_CERT: 375 case KEY_RSA_CERT:
373 /* We want a fingerprint of the _key_ not of the cert */ 376 /* We want a fingerprint of the _key_ not of the cert */
374 otype = k->type; 377 to_blob(k, &blob, &len, 1);
375 k->type = key_type_plain(k->type);
376 key_to_blob(k, &blob, &len);
377 k->type = otype;
378 break; 378 break;
379 case KEY_UNSPEC: 379 case KEY_UNSPEC:
380 return retval; 380 return retval;
@@ -1591,18 +1591,19 @@ key_from_blob(const u_char *blob, u_int blen)
1591 return key; 1591 return key;
1592} 1592}
1593 1593
1594int 1594static int
1595key_to_blob(const Key *key, u_char **blobp, u_int *lenp) 1595to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain)
1596{ 1596{
1597 Buffer b; 1597 Buffer b;
1598 int len; 1598 int len, type;
1599 1599
1600 if (key == NULL) { 1600 if (key == NULL) {
1601 error("key_to_blob: key == NULL"); 1601 error("key_to_blob: key == NULL");
1602 return 0; 1602 return 0;
1603 } 1603 }
1604 buffer_init(&b); 1604 buffer_init(&b);
1605 switch (key->type) { 1605 type = force_plain ? key_type_plain(key->type) : key->type;
1606 switch (type) {
1606 case KEY_DSA_CERT_V00: 1607 case KEY_DSA_CERT_V00:
1607 case KEY_RSA_CERT_V00: 1608 case KEY_RSA_CERT_V00:
1608 case KEY_DSA_CERT: 1609 case KEY_DSA_CERT:
@@ -1613,7 +1614,8 @@ key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
1613 buffer_len(&key->cert->certblob)); 1614 buffer_len(&key->cert->certblob));
1614 break; 1615 break;
1615 case KEY_DSA: 1616 case KEY_DSA:
1616 buffer_put_cstring(&b, key_ssh_name(key)); 1617 buffer_put_cstring(&b,
1618 key_ssh_name_from_type_nid(type, key->ecdsa_nid));
1617 buffer_put_bignum2(&b, key->dsa->p); 1619 buffer_put_bignum2(&b, key->dsa->p);
1618 buffer_put_bignum2(&b, key->dsa->q); 1620 buffer_put_bignum2(&b, key->dsa->q);
1619 buffer_put_bignum2(&b, key->dsa->g); 1621 buffer_put_bignum2(&b, key->dsa->g);
@@ -1621,14 +1623,16 @@ key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
1621 break; 1623 break;
1622#ifdef OPENSSL_HAS_ECC 1624#ifdef OPENSSL_HAS_ECC
1623 case KEY_ECDSA: 1625 case KEY_ECDSA:
1624 buffer_put_cstring(&b, key_ssh_name(key)); 1626 buffer_put_cstring(&b,
1627 key_ssh_name_from_type_nid(type, key->ecdsa_nid));
1625 buffer_put_cstring(&b, key_curve_nid_to_name(key->ecdsa_nid)); 1628 buffer_put_cstring(&b, key_curve_nid_to_name(key->ecdsa_nid));
1626 buffer_put_ecpoint(&b, EC_KEY_get0_group(key->ecdsa), 1629 buffer_put_ecpoint(&b, EC_KEY_get0_group(key->ecdsa),
1627 EC_KEY_get0_public_key(key->ecdsa)); 1630 EC_KEY_get0_public_key(key->ecdsa));
1628 break; 1631 break;
1629#endif 1632#endif
1630 case KEY_RSA: 1633 case KEY_RSA:
1631 buffer_put_cstring(&b, key_ssh_name(key)); 1634 buffer_put_cstring(&b,
1635 key_ssh_name_from_type_nid(type, key->ecdsa_nid));
1632 buffer_put_bignum2(&b, key->rsa->e); 1636 buffer_put_bignum2(&b, key->rsa->e);
1633 buffer_put_bignum2(&b, key->rsa->n); 1637 buffer_put_bignum2(&b, key->rsa->n);
1634 break; 1638 break;
@@ -1650,6 +1654,12 @@ key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
1650} 1654}
1651 1655
1652int 1656int
1657key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
1658{
1659 return to_blob(key, blobp, lenp, 0);
1660}
1661
1662int
1653key_sign( 1663key_sign(
1654 const Key *key, 1664 const Key *key,
1655 u_char **sigp, u_int *lenp, 1665 u_char **sigp, u_int *lenp,
@@ -2028,7 +2038,7 @@ key_cert_check_authority(const Key *k, int want_host, int require_principal,
2028} 2038}
2029 2039
2030int 2040int
2031key_cert_is_legacy(Key *k) 2041key_cert_is_legacy(const Key *k)
2032{ 2042{
2033 switch (k->type) { 2043 switch (k->type) {
2034 case KEY_DSA_CERT_V00: 2044 case KEY_DSA_CERT_V00: