summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--auth-rsa.c7
-rw-r--r--auth2-hostbased.c12
-rw-r--r--auth2-pubkey.c29
-rw-r--r--dns.c6
-rw-r--r--key.c19
-rw-r--r--key.h5
-rw-r--r--ssh-add.c5
-rw-r--r--ssh-agent.c5
-rw-r--r--ssh-keygen.c18
-rw-r--r--ssh-keysign.c7
-rw-r--r--sshconnect.c26
-rw-r--r--sshconnect2.c10
12 files changed, 81 insertions, 68 deletions
diff --git a/auth-rsa.c b/auth-rsa.c
index 422c196cf..cbd971be1 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-rsa.c,v 1.89 2014/12/21 22:27:56 djm Exp $ */ 1/* $OpenBSD: auth-rsa.c,v 1.90 2015/01/28 22:36:00 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -238,8 +238,9 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
238 "actual %d vs. announced %d.", 238 "actual %d vs. announced %d.",
239 file, linenum, BN_num_bits(key->rsa->n), bits); 239 file, linenum, BN_num_bits(key->rsa->n), bits);
240 240
241 fp = key_fingerprint(key, options.fingerprint_hash, 241 if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
242 SSH_FP_DEFAULT); 242 SSH_FP_DEFAULT)) == NULL)
243 continue;
243 debug("matching key found: file %s, line %lu %s %s", 244 debug("matching key found: file %s, line %lu %s %s",
244 file, linenum, key_type(key), fp); 245 file, linenum, key_type(key), fp);
245 free(fp); 246 free(fp);
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 6f69e89de..eebfe8fc3 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-hostbased.c,v 1.23 2015/01/28 11:07:25 djm Exp $ */ 1/* $OpenBSD: auth2-hostbased.c,v 1.24 2015/01/28 22:36:00 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -224,15 +224,17 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
224 224
225 if (host_status == HOST_OK) { 225 if (host_status == HOST_OK) {
226 if (key_is_cert(key)) { 226 if (key_is_cert(key)) {
227 fp = key_fingerprint(key->cert->signature_key, 227 if ((fp = sshkey_fingerprint(key->cert->signature_key,
228 options.fingerprint_hash, SSH_FP_DEFAULT); 228 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
229 fatal("%s: sshkey_fingerprint fail", __func__);
229 verbose("Accepted certificate ID \"%s\" signed by " 230 verbose("Accepted certificate ID \"%s\" signed by "
230 "%s CA %s from %s@%s", key->cert->key_id, 231 "%s CA %s from %s@%s", key->cert->key_id,
231 key_type(key->cert->signature_key), fp, 232 key_type(key->cert->signature_key), fp,
232 cuser, lookup); 233 cuser, lookup);
233 } else { 234 } else {
234 fp = key_fingerprint(key, options.fingerprint_hash, 235 if ((fp = sshkey_fingerprint(key,
235 SSH_FP_DEFAULT); 236 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
237 fatal("%s: sshkey_fingerprint fail", __func__);
236 verbose("Accepted %s public key %s from %s@%s", 238 verbose("Accepted %s public key %s from %s@%s",
237 key_type(key), fp, cuser, lookup); 239 key_type(key), fp, cuser, lookup);
238 } 240 }
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index d922eea26..d8f0aa3e2 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.45 2015/01/13 07:39:19 djm Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.46 2015/01/28 22:36:00 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -228,18 +228,20 @@ pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...)
228 } 228 }
229 229
230 if (key_is_cert(key)) { 230 if (key_is_cert(key)) {
231 fp = key_fingerprint(key->cert->signature_key, 231 fp = sshkey_fingerprint(key->cert->signature_key,
232 options.fingerprint_hash, SSH_FP_DEFAULT); 232 options.fingerprint_hash, SSH_FP_DEFAULT);
233 auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s", 233 auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s",
234 key_type(key), key->cert->key_id, 234 key_type(key), key->cert->key_id,
235 (unsigned long long)key->cert->serial, 235 (unsigned long long)key->cert->serial,
236 key_type(key->cert->signature_key), fp, 236 key_type(key->cert->signature_key),
237 fp == NULL ? "(null)" : "",
237 extra == NULL ? "" : ", ", extra == NULL ? "" : extra); 238 extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
238 free(fp); 239 free(fp);
239 } else { 240 } else {
240 fp = key_fingerprint(key, options.fingerprint_hash, 241 fp = sshkey_fingerprint(key, options.fingerprint_hash,
241 SSH_FP_DEFAULT); 242 SSH_FP_DEFAULT);
242 auth_info(authctxt, "%s %s%s%s", key_type(key), fp, 243 auth_info(authctxt, "%s %s%s%s", key_type(key),
244 fp == NULL ? "(null)" : "",
243 extra == NULL ? "" : ", ", extra == NULL ? "" : extra); 245 extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
244 free(fp); 246 free(fp);
245 } 247 }
@@ -382,8 +384,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
382 continue; 384 continue;
383 if (!key_is_cert_authority) 385 if (!key_is_cert_authority)
384 continue; 386 continue;
385 fp = key_fingerprint(found, options.fingerprint_hash, 387 if ((fp = sshkey_fingerprint(found,
386 SSH_FP_DEFAULT); 388 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
389 continue;
387 debug("matching CA found: file %s, line %lu, %s %s", 390 debug("matching CA found: file %s, line %lu, %s %s",
388 file, linenum, key_type(found), fp); 391 file, linenum, key_type(found), fp);
389 /* 392 /*
@@ -422,12 +425,13 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
422 continue; 425 continue;
423 if (key_is_cert_authority) 426 if (key_is_cert_authority)
424 continue; 427 continue;
425 found_key = 1; 428 if ((fp = sshkey_fingerprint(found,
426 fp = key_fingerprint(found, options.fingerprint_hash, 429 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
427 SSH_FP_DEFAULT); 430 continue;
428 debug("matching key found: file %s, line %lu %s %s", 431 debug("matching key found: file %s, line %lu %s %s",
429 file, linenum, key_type(found), fp); 432 file, linenum, key_type(found), fp);
430 free(fp); 433 free(fp);
434 found_key = 1;
431 break; 435 break;
432 } 436 }
433 } 437 }
@@ -449,8 +453,9 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
449 if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL) 453 if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL)
450 return 0; 454 return 0;
451 455
452 ca_fp = key_fingerprint(key->cert->signature_key, 456 if ((ca_fp = sshkey_fingerprint(key->cert->signature_key,
453 options.fingerprint_hash, SSH_FP_DEFAULT); 457 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
458 return 0;
454 459
455 if (sshkey_in_file(key->cert->signature_key, 460 if (sshkey_in_file(key->cert->signature_key,
456 options.trusted_user_ca_keys, 1, 0) != 0) { 461 options.trusted_user_ca_keys, 1, 0) != 0) {
diff --git a/dns.c b/dns.c
index f45bec0bf..f201b602e 100644
--- a/dns.c
+++ b/dns.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dns.c,v 1.33 2015/01/15 09:40:00 djm Exp $ */ 1/* $OpenBSD: dns.c,v 1.34 2015/01/28 22:36:00 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2003 Wesley Griffin. All rights reserved. 4 * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -294,7 +294,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
294 free(dnskey_digest); 294 free(dnskey_digest);
295 } 295 }
296 296
297 free(hostkey_digest); /* from key_fingerprint_raw() */ 297 free(hostkey_digest); /* from sshkey_fingerprint_raw() */
298 freerrset(fingerprints); 298 freerrset(fingerprints);
299 299
300 if (*flags & DNS_VERIFY_FOUND) 300 if (*flags & DNS_VERIFY_FOUND)
@@ -337,7 +337,7 @@ export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic)
337 for (i = 0; i < rdata_digest_len; i++) 337 for (i = 0; i < rdata_digest_len; i++)
338 fprintf(f, "%02x", rdata_digest[i]); 338 fprintf(f, "%02x", rdata_digest[i]);
339 fprintf(f, "\n"); 339 fprintf(f, "\n");
340 free(rdata_digest); /* from key_fingerprint_raw() */ 340 free(rdata_digest); /* from sshkey_fingerprint_raw() */
341 success = 1; 341 success = 1;
342 } 342 }
343 } 343 }
diff --git a/key.c b/key.c
index c2b696af9..bbe027b66 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: key.c,v 1.126 2015/01/20 23:14:00 deraadt Exp $ */ 1/* $OpenBSD: key.c,v 1.127 2015/01/28 22:36:00 djm Exp $ */
2/* 2/*
3 * placed in the public domain 3 * placed in the public domain
4 */ 4 */
@@ -39,23 +39,6 @@ key_new_private(int type)
39 return ret; 39 return ret;
40} 40}
41 41
42u_char*
43key_fingerprint_raw(const Key *k, int dgst_alg, u_int *dgst_raw_length)
44{
45 u_char *ret = NULL;
46 size_t dlen;
47 int r;
48
49 if (dgst_raw_length != NULL)
50 *dgst_raw_length = 0;
51 if ((r = sshkey_fingerprint_raw(k, dgst_alg, &ret, &dlen)) != 0)
52 fatal("%s: %s", __func__, ssh_err(r));
53 if (dlen > INT_MAX)
54 fatal("%s: giant len %zu", __func__, dlen);
55 *dgst_raw_length = dlen;
56 return ret;
57}
58
59int 42int
60key_read(Key *ret, char **cpp) 43key_read(Key *ret, char **cpp)
61{ 44{
diff --git a/key.h b/key.h
index bf884970c..89fd5cfdf 100644
--- a/key.h
+++ b/key.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: key.h,v 1.46 2015/01/13 07:39:19 djm Exp $ */ 1/* $OpenBSD: key.h,v 1.47 2015/01/28 22:36:00 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -39,7 +39,6 @@ typedef struct sshkey Key;
39#define key_free sshkey_free 39#define key_free sshkey_free
40#define key_equal_public sshkey_equal_public 40#define key_equal_public sshkey_equal_public
41#define key_equal sshkey_equal 41#define key_equal sshkey_equal
42#define key_fingerprint sshkey_fingerprint
43#define key_type sshkey_type 42#define key_type sshkey_type
44#define key_cert_type sshkey_cert_type 43#define key_cert_type sshkey_cert_type
45#define key_ssh_name sshkey_ssh_name 44#define key_ssh_name sshkey_ssh_name
@@ -59,14 +58,12 @@ typedef struct sshkey Key;
59#define key_ec_nid_to_hash_alg sshkey_ec_nid_to_hash_alg 58#define key_ec_nid_to_hash_alg sshkey_ec_nid_to_hash_alg
60#define key_dump_ec_point sshkey_dump_ec_point 59#define key_dump_ec_point sshkey_dump_ec_point
61#define key_dump_ec_key sshkey_dump_ec_key 60#define key_dump_ec_key sshkey_dump_ec_key
62#define key_fingerprint sshkey_fingerprint
63#endif 61#endif
64 62
65void key_add_private(Key *); 63void key_add_private(Key *);
66Key *key_new_private(int); 64Key *key_new_private(int);
67void key_free(Key *); 65void key_free(Key *);
68Key *key_demote(const Key *); 66Key *key_demote(const Key *);
69u_char *key_fingerprint_raw(const Key *, int, u_int *);
70int key_write(const Key *, FILE *); 67int key_write(const Key *, FILE *);
71int key_read(Key *, char **); 68int key_read(Key *, char **);
72 69
diff --git a/ssh-add.c b/ssh-add.c
index 5ac51088f..676e65d16 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-add.c,v 1.117 2015/01/16 06:40:12 deraadt Exp $ */ 1/* $OpenBSD: ssh-add.c,v 1.118 2015/01/28 22:36:00 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -375,7 +375,8 @@ list_identities(int agent_fd, int do_fp)
375 fp = sshkey_fingerprint(idlist->keys[i], 375 fp = sshkey_fingerprint(idlist->keys[i],
376 fingerprint_hash, SSH_FP_DEFAULT); 376 fingerprint_hash, SSH_FP_DEFAULT);
377 printf("%d %s %s (%s)\n", 377 printf("%d %s %s (%s)\n",
378 sshkey_size(idlist->keys[i]), fp, 378 sshkey_size(idlist->keys[i]),
379 fp == NULL ? "(null)" : fp,
379 idlist->comments[i], 380 idlist->comments[i],
380 sshkey_type(idlist->keys[i])); 381 sshkey_type(idlist->keys[i]));
381 free(fp); 382 free(fp);
diff --git a/ssh-agent.c b/ssh-agent.c
index ba8d020ad..41e12acc9 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.196 2015/01/16 06:40:12 deraadt Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.197 2015/01/28 22:36:00 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -212,7 +212,8 @@ confirm_key(Identity *id)
212 int ret = -1; 212 int ret = -1;
213 213
214 p = sshkey_fingerprint(id->key, fingerprint_hash, SSH_FP_DEFAULT); 214 p = sshkey_fingerprint(id->key, fingerprint_hash, SSH_FP_DEFAULT);
215 if (ask_permission("Allow use of key %s?\nKey fingerprint %s.", 215 if (p != NULL &&
216 ask_permission("Allow use of key %s?\nKey fingerprint %s.",
216 id->comment, p)) 217 id->comment, p))
217 ret = 0; 218 ret = 0;
218 free(p); 219 free(p);
diff --git a/ssh-keygen.c b/ssh-keygen.c
index ac20723b8..b8489dc8b 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.258 2015/01/19 00:32:54 deraadt Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.259 2015/01/28 22:36:00 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -800,6 +800,8 @@ do_download(struct passwd *pw)
800 fp = sshkey_fingerprint(keys[i], fptype, rep); 800 fp = sshkey_fingerprint(keys[i], fptype, rep);
801 ra = sshkey_fingerprint(keys[i], fingerprint_hash, 801 ra = sshkey_fingerprint(keys[i], fingerprint_hash,
802 SSH_FP_RANDOMART); 802 SSH_FP_RANDOMART);
803 if (fp == NULL || ra == NULL)
804 fatal("%s: sshkey_fingerprint fail", __func__);
803 printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]), 805 printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]),
804 fp, sshkey_type(keys[i])); 806 fp, sshkey_type(keys[i]));
805 if (log_level >= SYSLOG_LEVEL_VERBOSE) 807 if (log_level >= SYSLOG_LEVEL_VERBOSE)
@@ -846,6 +848,8 @@ do_fingerprint(struct passwd *pw)
846 fp = sshkey_fingerprint(public, fptype, rep); 848 fp = sshkey_fingerprint(public, fptype, rep);
847 ra = sshkey_fingerprint(public, fingerprint_hash, 849 ra = sshkey_fingerprint(public, fingerprint_hash,
848 SSH_FP_RANDOMART); 850 SSH_FP_RANDOMART);
851 if (fp == NULL || ra == NULL)
852 fatal("%s: sshkey_fingerprint fail", __func__);
849 printf("%u %s %s (%s)\n", sshkey_size(public), fp, comment, 853 printf("%u %s %s (%s)\n", sshkey_size(public), fp, comment,
850 sshkey_type(public)); 854 sshkey_type(public));
851 if (log_level >= SYSLOG_LEVEL_VERBOSE) 855 if (log_level >= SYSLOG_LEVEL_VERBOSE)
@@ -915,6 +919,8 @@ do_fingerprint(struct passwd *pw)
915 fp = sshkey_fingerprint(public, fptype, rep); 919 fp = sshkey_fingerprint(public, fptype, rep);
916 ra = sshkey_fingerprint(public, fingerprint_hash, 920 ra = sshkey_fingerprint(public, fingerprint_hash,
917 SSH_FP_RANDOMART); 921 SSH_FP_RANDOMART);
922 if (fp == NULL || ra == NULL)
923 fatal("%s: sshkey_fingerprint fail", __func__);
918 printf("%u %s %s (%s)\n", sshkey_size(public), fp, 924 printf("%u %s %s (%s)\n", sshkey_size(public), fp,
919 comment ? comment : "no comment", sshkey_type(public)); 925 comment ? comment : "no comment", sshkey_type(public));
920 if (log_level >= SYSLOG_LEVEL_VERBOSE) 926 if (log_level >= SYSLOG_LEVEL_VERBOSE)
@@ -1902,6 +1908,8 @@ do_show_cert(struct passwd *pw)
1902 key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); 1908 key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT);
1903 ca_fp = sshkey_fingerprint(key->cert->signature_key, 1909 ca_fp = sshkey_fingerprint(key->cert->signature_key,
1904 fingerprint_hash, SSH_FP_DEFAULT); 1910 fingerprint_hash, SSH_FP_DEFAULT);
1911 if (key_fp == NULL || ca_fp == NULL)
1912 fatal("%s: sshkey_fingerprint fail", __func__);
1905 1913
1906 printf("%s:\n", identity_file); 1914 printf("%s:\n", identity_file);
1907 printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), 1915 printf(" Type: %s %s certificate\n", sshkey_ssh_name(key),
@@ -2216,7 +2224,7 @@ main(int argc, char **argv)
2216{ 2224{
2217 char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2; 2225 char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2;
2218 char *checkpoint = NULL; 2226 char *checkpoint = NULL;
2219 char out_file[PATH_MAX], *rr_hostname = NULL, *ep; 2227 char out_file[PATH_MAX], *rr_hostname = NULL, *ep, *fp, *ra;
2220 struct sshkey *private, *public; 2228 struct sshkey *private, *public;
2221 struct passwd *pw; 2229 struct passwd *pw;
2222 struct stat st; 2230 struct stat st;
@@ -2709,10 +2717,12 @@ passphrase_again:
2709 fclose(f); 2717 fclose(f);
2710 2718
2711 if (!quiet) { 2719 if (!quiet) {
2712 char *fp = sshkey_fingerprint(public, fingerprint_hash, 2720 fp = sshkey_fingerprint(public, fingerprint_hash,
2713 SSH_FP_DEFAULT); 2721 SSH_FP_DEFAULT);
2714 char *ra = sshkey_fingerprint(public, fingerprint_hash, 2722 ra = sshkey_fingerprint(public, fingerprint_hash,
2715 SSH_FP_RANDOMART); 2723 SSH_FP_RANDOMART);
2724 if (fp == NULL || ra == NULL)
2725 fatal("sshkey_fingerprint failed");
2716 printf("Your public key has been saved in %s.\n", 2726 printf("Your public key has been saved in %s.\n",
2717 identity_file); 2727 identity_file);
2718 printf("The key fingerprint is:\n"); 2728 printf("The key fingerprint is:\n");
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 222327ef1..bcf897a05 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keysign.c,v 1.46 2015/01/15 09:40:00 djm Exp $ */ 1/* $OpenBSD: ssh-keysign.c,v 1.47 2015/01/28 22:36:00 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2002 Markus Friedl. All rights reserved. 3 * Copyright (c) 2002 Markus Friedl. All rights reserved.
4 * 4 *
@@ -274,8 +274,9 @@ main(int argc, char **argv)
274 } 274 }
275 } 275 }
276 if (!found) { 276 if (!found) {
277 fp = sshkey_fingerprint(key, options.fingerprint_hash, 277 if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
278 SSH_FP_DEFAULT); 278 SSH_FP_DEFAULT)) == NULL)
279 fatal("%s: sshkey_fingerprint failed", __func__);
279 fatal("no matching hostkey found for key %s %s", 280 fatal("no matching hostkey found for key %s %s",
280 sshkey_type(key), fp ? fp : ""); 281 sshkey_type(key), fp ? fp : "");
281 } 282 }
diff --git a/sshconnect.c b/sshconnect.c
index df921bec1..9e515066d 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.258 2015/01/26 06:10:03 djm Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.259 2015/01/28 22:36:00 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -770,7 +770,7 @@ get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr,
770 if (options.proxy_command == NULL) { 770 if (options.proxy_command == NULL) {
771 if (getnameinfo(hostaddr, addrlen, 771 if (getnameinfo(hostaddr, addrlen,
772 ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0) 772 ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0)
773 fatal("check_host_key: getnameinfo failed"); 773 fatal("%s: getnameinfo failed", __func__);
774 *hostfile_ipaddr = put_host_port(ntop, port); 774 *hostfile_ipaddr = put_host_port(ntop, port);
775 } else { 775 } else {
776 *hostfile_ipaddr = xstrdup("<no hostip for proxy " 776 *hostfile_ipaddr = xstrdup("<no hostip for proxy "
@@ -919,10 +919,12 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
919 "key for IP address '%.128s' to the list " 919 "key for IP address '%.128s' to the list "
920 "of known hosts.", type, ip); 920 "of known hosts.", type, ip);
921 } else if (options.visual_host_key) { 921 } else if (options.visual_host_key) {
922 fp = key_fingerprint(host_key, 922 fp = sshkey_fingerprint(host_key,
923 options.fingerprint_hash, SSH_FP_DEFAULT); 923 options.fingerprint_hash, SSH_FP_DEFAULT);
924 ra = key_fingerprint(host_key, 924 ra = sshkey_fingerprint(host_key,
925 options.fingerprint_hash, SSH_FP_RANDOMART); 925 options.fingerprint_hash, SSH_FP_RANDOMART);
926 if (fp == NULL || ra == NULL)
927 fatal("%s: sshkey_fingerprint fail", __func__);
926 logit("Host key fingerprint is %s\n%s\n", fp, ra); 928 logit("Host key fingerprint is %s\n%s\n", fp, ra);
927 free(ra); 929 free(ra);
928 free(fp); 930 free(fp);
@@ -962,10 +964,12 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
962 else 964 else
963 snprintf(msg1, sizeof(msg1), "."); 965 snprintf(msg1, sizeof(msg1), ".");
964 /* The default */ 966 /* The default */
965 fp = key_fingerprint(host_key, 967 fp = sshkey_fingerprint(host_key,
966 options.fingerprint_hash, SSH_FP_DEFAULT); 968 options.fingerprint_hash, SSH_FP_DEFAULT);
967 ra = key_fingerprint(host_key, 969 ra = sshkey_fingerprint(host_key,
968 options.fingerprint_hash, SSH_FP_RANDOMART); 970 options.fingerprint_hash, SSH_FP_RANDOMART);
971 if (fp == NULL || ra == NULL)
972 fatal("%s: sshkey_fingerprint fail", __func__);
969 msg2[0] = '\0'; 973 msg2[0] = '\0';
970 if (options.verify_host_key_dns) { 974 if (options.verify_host_key_dns) {
971 if (matching_host_key_dns) 975 if (matching_host_key_dns)
@@ -1399,10 +1403,12 @@ show_other_keys(struct hostkeys *hostkeys, Key *key)
1399 continue; 1403 continue;
1400 if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found)) 1404 if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found))
1401 continue; 1405 continue;
1402 fp = key_fingerprint(found->key, 1406 fp = sshkey_fingerprint(found->key,
1403 options.fingerprint_hash, SSH_FP_DEFAULT); 1407 options.fingerprint_hash, SSH_FP_DEFAULT);
1404 ra = key_fingerprint(found->key, 1408 ra = sshkey_fingerprint(found->key,
1405 options.fingerprint_hash, SSH_FP_RANDOMART); 1409 options.fingerprint_hash, SSH_FP_RANDOMART);
1410 if (fp == NULL || ra == NULL)
1411 fatal("%s: sshkey_fingerprint fail", __func__);
1406 logit("WARNING: %s key found for host %s\n" 1412 logit("WARNING: %s key found for host %s\n"
1407 "in %s:%lu\n" 1413 "in %s:%lu\n"
1408 "%s key fingerprint %s.", 1414 "%s key fingerprint %s.",
@@ -1423,8 +1429,10 @@ warn_changed_key(Key *host_key)
1423{ 1429{
1424 char *fp; 1430 char *fp;
1425 1431
1426 fp = key_fingerprint(host_key, options.fingerprint_hash, 1432 fp = sshkey_fingerprint(host_key, options.fingerprint_hash,
1427 SSH_FP_DEFAULT); 1433 SSH_FP_DEFAULT);
1434 if (fp == NULL)
1435 fatal("%s: sshkey_fingerprint fail", __func__);
1428 1436
1429 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); 1437 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1430 error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); 1438 error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
diff --git a/sshconnect2.c b/sshconnect2.c
index 8da4d70dd..48882e3a5 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.221 2015/01/20 20:16:21 markus Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.222 2015/01/28 22:36:00 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -591,7 +591,9 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
591 key->type, pktype); 591 key->type, pktype);
592 goto done; 592 goto done;
593 } 593 }
594 fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT); 594 if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
595 SSH_FP_DEFAULT)) == NULL)
596 goto done;
595 debug2("input_userauth_pk_ok: fp %s", fp); 597 debug2("input_userauth_pk_ok: fp %s", fp);
596 free(fp); 598 free(fp);
597 599
@@ -1009,7 +1011,9 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
1009 int have_sig = 1; 1011 int have_sig = 1;
1010 char *fp; 1012 char *fp;
1011 1013
1012 fp = key_fingerprint(id->key, options.fingerprint_hash, SSH_FP_DEFAULT); 1014 if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash,
1015 SSH_FP_DEFAULT)) == NULL)
1016 return 0;
1013 debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); 1017 debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);
1014 free(fp); 1018 free(fp);
1015 1019
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-02 22:50:45 +0000