diff options
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | key.c | 18 | ||||
| -rw-r--r-- | key.h | 5 | ||||
| -rw-r--r-- | ssh-add.c | 14 | ||||
| -rw-r--r-- | ssh-keygen.c | 10 | ||||
| -rw-r--r-- | sshconnect.c | 12 | ||||
| -rw-r--r-- | sshconnect2.c | 9 |
7 files changed, 39 insertions, 37 deletions
| @@ -1,3 +1,9 @@ | |||
| 1 | 20010313 | ||
| 2 | - OpenBSD CVS Sync | ||
| 3 | - markus@cvs.openbsd.org 2001/03/12 22:02:02 | ||
| 4 | [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c] | ||
| 5 | remove old key_fingerprint interface, s/_ex// | ||
| 6 | |||
| 1 | 20010312 | 7 | 20010312 |
| 2 | - OpenBSD CVS Sync | 8 | - OpenBSD CVS Sync |
| 3 | - markus@cvs.openbsd.org 2001/03/11 13:25:36 | 9 | - markus@cvs.openbsd.org 2001/03/11 13:25:36 |
| @@ -4525,4 +4531,4 @@ | |||
| 4525 | - Wrote replacements for strlcpy and mkdtemp | 4531 | - Wrote replacements for strlcpy and mkdtemp |
| 4526 | - Released 1.0pre1 | 4532 | - Released 1.0pre1 |
| 4527 | 4533 | ||
| 4528 | $Id: ChangeLog,v 1.950 2001/03/12 05:16:18 mouring Exp $ | 4534 | $Id: ChangeLog,v 1.951 2001/03/13 04:57:58 mouring Exp $ |
| @@ -32,7 +32,7 @@ | |||
| 32 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 32 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 33 | */ | 33 | */ |
| 34 | #include "includes.h" | 34 | #include "includes.h" |
| 35 | RCSID("$OpenBSD: key.c,v 1.21 2001/03/11 18:29:51 markus Exp $"); | 35 | RCSID("$OpenBSD: key.c,v 1.22 2001/03/12 22:02:01 markus Exp $"); |
| 36 | 36 | ||
| 37 | #include <openssl/evp.h> | 37 | #include <openssl/evp.h> |
| 38 | 38 | ||
| @@ -275,7 +275,7 @@ key_fingerprint_bubblebabble(u_char* dgst_raw, size_t dgst_raw_len) | |||
| 275 | } | 275 | } |
| 276 | 276 | ||
| 277 | char* | 277 | char* |
| 278 | key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) | 278 | key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) |
| 279 | { | 279 | { |
| 280 | char *retval = NULL; | 280 | char *retval = NULL; |
| 281 | u_char *dgst_raw; | 281 | u_char *dgst_raw; |
| @@ -283,7 +283,7 @@ key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) | |||
| 283 | 283 | ||
| 284 | dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len); | 284 | dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len); |
| 285 | if (!dgst_raw) | 285 | if (!dgst_raw) |
| 286 | fatal("key_fingerprint_ex: null value returned from key_fingerprint_raw()"); | 286 | fatal("key_fingerprint: null from key_fingerprint_raw()"); |
| 287 | switch(dgst_rep) { | 287 | switch(dgst_rep) { |
| 288 | case SSH_FP_HEX: | 288 | case SSH_FP_HEX: |
| 289 | retval = key_fingerprint_hex(dgst_raw, dgst_raw_len); | 289 | retval = key_fingerprint_hex(dgst_raw, dgst_raw_len); |
| @@ -301,18 +301,6 @@ key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) | |||
| 301 | return retval; | 301 | return retval; |
| 302 | } | 302 | } |
| 303 | 303 | ||
| 304 | char * | ||
| 305 | key_fingerprint(Key *k) | ||
| 306 | { | ||
| 307 | static char retval[(EVP_MAX_MD_SIZE + 1) * 3]; | ||
| 308 | char *digest; | ||
| 309 | |||
| 310 | digest = key_fingerprint_ex(k, SSH_FP_MD5, SSH_FP_HEX); | ||
| 311 | strlcpy(retval, digest, sizeof(retval)); | ||
| 312 | xfree(digest); | ||
| 313 | return retval; | ||
| 314 | } | ||
| 315 | |||
| 316 | /* | 304 | /* |
| 317 | * Reads a multiple-precision integer in decimal from the buffer, and advances | 305 | * Reads a multiple-precision integer in decimal from the buffer, and advances |
| 318 | * the pointer. The integer must already be initialized. This function is | 306 | * the pointer. The integer must already be initialized. This function is |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: key.h,v 1.10 2001/03/11 15:03:16 jakob Exp $ */ | 1 | /* $OpenBSD: key.h,v 1.11 2001/03/12 22:02:01 markus Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| @@ -54,8 +54,7 @@ Key *key_new(int type); | |||
| 54 | Key *key_new_private(int type); | 54 | Key *key_new_private(int type); |
| 55 | void key_free(Key *k); | 55 | void key_free(Key *k); |
| 56 | int key_equal(Key *a, Key *b); | 56 | int key_equal(Key *a, Key *b); |
| 57 | char *key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep); | 57 | char *key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep); |
| 58 | char *key_fingerprint(Key *k); | ||
| 59 | char *key_type(Key *k); | 58 | char *key_type(Key *k); |
| 60 | int key_write(Key *key, FILE *f); | 59 | int key_write(Key *key, FILE *f); |
| 61 | int key_read(Key *key, char **cpp); | 60 | int key_read(Key *key, char **cpp); |
| @@ -35,7 +35,7 @@ | |||
| 35 | */ | 35 | */ |
| 36 | 36 | ||
| 37 | #include "includes.h" | 37 | #include "includes.h" |
| 38 | RCSID("$OpenBSD: ssh-add.c,v 1.29 2001/03/02 18:54:31 deraadt Exp $"); | 38 | RCSID("$OpenBSD: ssh-add.c,v 1.30 2001/03/12 22:02:02 markus Exp $"); |
| 39 | 39 | ||
| 40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
| 41 | 41 | ||
| @@ -211,10 +211,10 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
| 211 | } | 211 | } |
| 212 | 212 | ||
| 213 | void | 213 | void |
| 214 | list_identities(AuthenticationConnection *ac, int fp) | 214 | list_identities(AuthenticationConnection *ac, int do_fp) |
| 215 | { | 215 | { |
| 216 | Key *key; | 216 | Key *key; |
| 217 | char *comment; | 217 | char *comment, *fp; |
| 218 | int had_identities = 0; | 218 | int had_identities = 0; |
| 219 | int version; | 219 | int version; |
| 220 | 220 | ||
| @@ -223,10 +223,12 @@ list_identities(AuthenticationConnection *ac, int fp) | |||
| 223 | key != NULL; | 223 | key != NULL; |
| 224 | key = ssh_get_next_identity(ac, &comment, version)) { | 224 | key = ssh_get_next_identity(ac, &comment, version)) { |
| 225 | had_identities = 1; | 225 | had_identities = 1; |
| 226 | if (fp) { | 226 | if (do_fp) { |
| 227 | fp = key_fingerprint(key, SSH_FP_MD5, | ||
| 228 | SSH_FP_HEX); | ||
| 227 | printf("%d %s %s (%s)\n", | 229 | printf("%d %s %s (%s)\n", |
| 228 | key_size(key), key_fingerprint(key), | 230 | key_size(key), fp, comment, key_type(key)); |
| 229 | comment, key_type(key)); | 231 | xfree(fp); |
| 230 | } else { | 232 | } else { |
| 231 | if (!key_write(key, stdout)) | 233 | if (!key_write(key, stdout)) |
| 232 | fprintf(stderr, "key_write failed"); | 234 | fprintf(stderr, "key_write failed"); |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 45a511477..b9ea01781 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -12,7 +12,7 @@ | |||
| 12 | */ | 12 | */ |
| 13 | 13 | ||
| 14 | #include "includes.h" | 14 | #include "includes.h" |
| 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.49 2001/03/11 22:33:24 markus Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.50 2001/03/12 22:02:02 markus Exp $"); |
| 16 | 16 | ||
| 17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
| 18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
| @@ -353,7 +353,7 @@ do_fingerprint(struct passwd *pw) | |||
| 353 | debug("try_load_public_key KEY_UNSPEC failed"); | 353 | debug("try_load_public_key KEY_UNSPEC failed"); |
| 354 | } | 354 | } |
| 355 | if (success) { | 355 | if (success) { |
| 356 | fp = key_fingerprint_ex(public, type, rep); | 356 | fp = key_fingerprint(public, type, rep); |
| 357 | printf("%d %s %s\n", key_size(public), | 357 | printf("%d %s %s\n", key_size(public), |
| 358 | fp, comment); | 358 | fp, comment); |
| 359 | key_free(public); | 359 | key_free(public); |
| @@ -409,7 +409,7 @@ do_fingerprint(struct passwd *pw) | |||
| 409 | } | 409 | } |
| 410 | } | 410 | } |
| 411 | comment = *cp ? cp : comment; | 411 | comment = *cp ? cp : comment; |
| 412 | fp = key_fingerprint_ex(public, type, rep); | 412 | fp = key_fingerprint(public, type, rep); |
| 413 | printf("%d %s %s\n", key_size(public), fp, | 413 | printf("%d %s %s\n", key_size(public), fp, |
| 414 | comment ? comment : "no comment"); | 414 | comment ? comment : "no comment"); |
| 415 | xfree(fp); | 415 | xfree(fp); |
| @@ -857,10 +857,12 @@ passphrase_again: | |||
| 857 | fclose(f); | 857 | fclose(f); |
| 858 | 858 | ||
| 859 | if (!quiet) { | 859 | if (!quiet) { |
| 860 | char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX); | ||
| 860 | printf("Your public key has been saved in %s.\n", | 861 | printf("Your public key has been saved in %s.\n", |
| 861 | identity_file); | 862 | identity_file); |
| 862 | printf("The key fingerprint is:\n"); | 863 | printf("The key fingerprint is:\n"); |
| 863 | printf("%s %s\n", key_fingerprint(public), comment); | 864 | printf("%s %s\n", fp, comment); |
| 865 | xfree(fp); | ||
| 864 | } | 866 | } |
| 865 | 867 | ||
| 866 | key_free(public); | 868 | key_free(public); |
diff --git a/sshconnect.c b/sshconnect.c index 573ae76b1..d82be89e9 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
| @@ -13,7 +13,7 @@ | |||
| 13 | */ | 13 | */ |
| 14 | 14 | ||
| 15 | #include "includes.h" | 15 | #include "includes.h" |
| 16 | RCSID("$OpenBSD: sshconnect.c,v 1.99 2001/03/10 15:31:00 deraadt Exp $"); | 16 | RCSID("$OpenBSD: sshconnect.c,v 1.100 2001/03/12 22:02:02 markus Exp $"); |
| 17 | 17 | ||
| 18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
| 19 | 19 | ||
| @@ -481,7 +481,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
| 481 | Key *file_key; | 481 | Key *file_key; |
| 482 | char *type = key_type(host_key); | 482 | char *type = key_type(host_key); |
| 483 | char *ip = NULL; | 483 | char *ip = NULL; |
| 484 | char hostline[1000], *hostp; | 484 | char hostline[1000], *hostp, *fp; |
| 485 | HostStatus host_status; | 485 | HostStatus host_status; |
| 486 | HostStatus ip_status; | 486 | HostStatus ip_status; |
| 487 | int local = 0, host_ip_differ = 0; | 487 | int local = 0, host_ip_differ = 0; |
| @@ -612,11 +612,13 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
| 612 | } else if (options.strict_host_key_checking == 2) { | 612 | } else if (options.strict_host_key_checking == 2) { |
| 613 | /* The default */ | 613 | /* The default */ |
| 614 | char prompt[1024]; | 614 | char prompt[1024]; |
| 615 | fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); | ||
| 615 | snprintf(prompt, sizeof(prompt), | 616 | snprintf(prompt, sizeof(prompt), |
| 616 | "The authenticity of host '%.200s (%s)' can't be established.\n" | 617 | "The authenticity of host '%.200s (%s)' can't be established.\n" |
| 617 | "%s key fingerprint is %s.\n" | 618 | "%s key fingerprint is %s.\n" |
| 618 | "Are you sure you want to continue connecting (yes/no)? ", | 619 | "Are you sure you want to continue connecting (yes/no)? ", |
| 619 | host, ip, type, key_fingerprint(host_key)); | 620 | host, ip, type, fp); |
| 621 | xfree(fp); | ||
| 620 | if (!read_yes_or_no(prompt, -1)) | 622 | if (!read_yes_or_no(prompt, -1)) |
| 621 | fatal("Aborted by user!"); | 623 | fatal("Aborted by user!"); |
| 622 | } | 624 | } |
| @@ -655,6 +657,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
| 655 | error("Offending key for IP in %s:%d", ip_file, ip_line); | 657 | error("Offending key for IP in %s:%d", ip_file, ip_line); |
| 656 | } | 658 | } |
| 657 | /* The host key has changed. */ | 659 | /* The host key has changed. */ |
| 660 | fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); | ||
| 658 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | 661 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
| 659 | error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); | 662 | error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); |
| 660 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | 663 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
| @@ -662,11 +665,12 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
| 662 | error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); | 665 | error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); |
| 663 | error("It is also possible that the %s host key has just been changed.", type); | 666 | error("It is also possible that the %s host key has just been changed.", type); |
| 664 | error("The fingerprint for the %s key sent by the remote host is\n%s.", | 667 | error("The fingerprint for the %s key sent by the remote host is\n%s.", |
| 665 | type, key_fingerprint(host_key)); | 668 | type, fp); |
| 666 | error("Please contact your system administrator."); | 669 | error("Please contact your system administrator."); |
| 667 | error("Add correct host key in %.100s to get rid of this message.", | 670 | error("Add correct host key in %.100s to get rid of this message.", |
| 668 | user_hostfile); | 671 | user_hostfile); |
| 669 | error("Offending key in %s:%d", host_file, host_line); | 672 | error("Offending key in %s:%d", host_file, host_line); |
| 673 | xfree(fp); | ||
| 670 | 674 | ||
| 671 | /* | 675 | /* |
| 672 | * If strict host key checking is in use, the user will have | 676 | * If strict host key checking is in use, the user will have |
diff --git a/sshconnect2.c b/sshconnect2.c index 19d079bd3..046d746a4 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.53 2001/03/10 17:51:04 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.54 2001/03/12 22:02:02 markus Exp $"); |
| 27 | 27 | ||
| 28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
| 29 | #include <openssl/md5.h> | 29 | #include <openssl/md5.h> |
| @@ -660,7 +660,7 @@ input_userauth_pk_ok(int type, int plen, void *ctxt) | |||
| 660 | Key *key = NULL; | 660 | Key *key = NULL; |
| 661 | Buffer b; | 661 | Buffer b; |
| 662 | int alen, blen, pktype, sent = 0; | 662 | int alen, blen, pktype, sent = 0; |
| 663 | char *pkalg, *pkblob; | 663 | char *pkalg, *pkblob, *fp; |
| 664 | 664 | ||
| 665 | if (authctxt == NULL) | 665 | if (authctxt == NULL) |
| 666 | fatal("input_userauth_pk_ok: no authentication context"); | 666 | fatal("input_userauth_pk_ok: no authentication context"); |
| @@ -687,7 +687,6 @@ input_userauth_pk_ok(int type, int plen, void *ctxt) | |||
| 687 | debug("no last key or no sign cb"); | 687 | debug("no last key or no sign cb"); |
| 688 | break; | 688 | break; |
| 689 | } | 689 | } |
| 690 | debug2("last_key %s", key_fingerprint(authctxt->last_key)); | ||
| 691 | if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) { | 690 | if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) { |
| 692 | debug("unknown pkalg %s", pkalg); | 691 | debug("unknown pkalg %s", pkalg); |
| 693 | break; | 692 | break; |
| @@ -696,7 +695,9 @@ input_userauth_pk_ok(int type, int plen, void *ctxt) | |||
| 696 | debug("no key from blob. pkalg %s", pkalg); | 695 | debug("no key from blob. pkalg %s", pkalg); |
| 697 | break; | 696 | break; |
| 698 | } | 697 | } |
| 699 | debug2("input_userauth_pk_ok: fp %s", key_fingerprint(key)); | 698 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
| 699 | debug2("input_userauth_pk_ok: fp %s", fp); | ||
| 700 | xfree(fp); | ||
| 700 | if (!key_equal(key, authctxt->last_key)) { | 701 | if (!key_equal(key, authctxt->last_key)) { |
| 701 | debug("key != last_key"); | 702 | debug("key != last_key"); |
| 702 | break; | 703 | break; |