diff options
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | key.c | 18 | ||||
-rw-r--r-- | key.h | 5 | ||||
-rw-r--r-- | ssh-add.c | 14 | ||||
-rw-r--r-- | ssh-keygen.c | 10 | ||||
-rw-r--r-- | sshconnect.c | 12 | ||||
-rw-r--r-- | sshconnect2.c | 9 |
7 files changed, 39 insertions, 37 deletions
@@ -1,3 +1,9 @@ | |||
1 | 20010313 | ||
2 | - OpenBSD CVS Sync | ||
3 | - markus@cvs.openbsd.org 2001/03/12 22:02:02 | ||
4 | [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c] | ||
5 | remove old key_fingerprint interface, s/_ex// | ||
6 | |||
1 | 20010312 | 7 | 20010312 |
2 | - OpenBSD CVS Sync | 8 | - OpenBSD CVS Sync |
3 | - markus@cvs.openbsd.org 2001/03/11 13:25:36 | 9 | - markus@cvs.openbsd.org 2001/03/11 13:25:36 |
@@ -4525,4 +4531,4 @@ | |||
4525 | - Wrote replacements for strlcpy and mkdtemp | 4531 | - Wrote replacements for strlcpy and mkdtemp |
4526 | - Released 1.0pre1 | 4532 | - Released 1.0pre1 |
4527 | 4533 | ||
4528 | $Id: ChangeLog,v 1.950 2001/03/12 05:16:18 mouring Exp $ | 4534 | $Id: ChangeLog,v 1.951 2001/03/13 04:57:58 mouring Exp $ |
@@ -32,7 +32,7 @@ | |||
32 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 32 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
33 | */ | 33 | */ |
34 | #include "includes.h" | 34 | #include "includes.h" |
35 | RCSID("$OpenBSD: key.c,v 1.21 2001/03/11 18:29:51 markus Exp $"); | 35 | RCSID("$OpenBSD: key.c,v 1.22 2001/03/12 22:02:01 markus Exp $"); |
36 | 36 | ||
37 | #include <openssl/evp.h> | 37 | #include <openssl/evp.h> |
38 | 38 | ||
@@ -275,7 +275,7 @@ key_fingerprint_bubblebabble(u_char* dgst_raw, size_t dgst_raw_len) | |||
275 | } | 275 | } |
276 | 276 | ||
277 | char* | 277 | char* |
278 | key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) | 278 | key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) |
279 | { | 279 | { |
280 | char *retval = NULL; | 280 | char *retval = NULL; |
281 | u_char *dgst_raw; | 281 | u_char *dgst_raw; |
@@ -283,7 +283,7 @@ key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) | |||
283 | 283 | ||
284 | dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len); | 284 | dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len); |
285 | if (!dgst_raw) | 285 | if (!dgst_raw) |
286 | fatal("key_fingerprint_ex: null value returned from key_fingerprint_raw()"); | 286 | fatal("key_fingerprint: null from key_fingerprint_raw()"); |
287 | switch(dgst_rep) { | 287 | switch(dgst_rep) { |
288 | case SSH_FP_HEX: | 288 | case SSH_FP_HEX: |
289 | retval = key_fingerprint_hex(dgst_raw, dgst_raw_len); | 289 | retval = key_fingerprint_hex(dgst_raw, dgst_raw_len); |
@@ -301,18 +301,6 @@ key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) | |||
301 | return retval; | 301 | return retval; |
302 | } | 302 | } |
303 | 303 | ||
304 | char * | ||
305 | key_fingerprint(Key *k) | ||
306 | { | ||
307 | static char retval[(EVP_MAX_MD_SIZE + 1) * 3]; | ||
308 | char *digest; | ||
309 | |||
310 | digest = key_fingerprint_ex(k, SSH_FP_MD5, SSH_FP_HEX); | ||
311 | strlcpy(retval, digest, sizeof(retval)); | ||
312 | xfree(digest); | ||
313 | return retval; | ||
314 | } | ||
315 | |||
316 | /* | 304 | /* |
317 | * Reads a multiple-precision integer in decimal from the buffer, and advances | 305 | * Reads a multiple-precision integer in decimal from the buffer, and advances |
318 | * the pointer. The integer must already be initialized. This function is | 306 | * the pointer. The integer must already be initialized. This function is |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.h,v 1.10 2001/03/11 15:03:16 jakob Exp $ */ | 1 | /* $OpenBSD: key.h,v 1.11 2001/03/12 22:02:01 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -54,8 +54,7 @@ Key *key_new(int type); | |||
54 | Key *key_new_private(int type); | 54 | Key *key_new_private(int type); |
55 | void key_free(Key *k); | 55 | void key_free(Key *k); |
56 | int key_equal(Key *a, Key *b); | 56 | int key_equal(Key *a, Key *b); |
57 | char *key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep); | 57 | char *key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep); |
58 | char *key_fingerprint(Key *k); | ||
59 | char *key_type(Key *k); | 58 | char *key_type(Key *k); |
60 | int key_write(Key *key, FILE *f); | 59 | int key_write(Key *key, FILE *f); |
61 | int key_read(Key *key, char **cpp); | 60 | int key_read(Key *key, char **cpp); |
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: ssh-add.c,v 1.29 2001/03/02 18:54:31 deraadt Exp $"); | 38 | RCSID("$OpenBSD: ssh-add.c,v 1.30 2001/03/12 22:02:02 markus Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | 41 | ||
@@ -211,10 +211,10 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
211 | } | 211 | } |
212 | 212 | ||
213 | void | 213 | void |
214 | list_identities(AuthenticationConnection *ac, int fp) | 214 | list_identities(AuthenticationConnection *ac, int do_fp) |
215 | { | 215 | { |
216 | Key *key; | 216 | Key *key; |
217 | char *comment; | 217 | char *comment, *fp; |
218 | int had_identities = 0; | 218 | int had_identities = 0; |
219 | int version; | 219 | int version; |
220 | 220 | ||
@@ -223,10 +223,12 @@ list_identities(AuthenticationConnection *ac, int fp) | |||
223 | key != NULL; | 223 | key != NULL; |
224 | key = ssh_get_next_identity(ac, &comment, version)) { | 224 | key = ssh_get_next_identity(ac, &comment, version)) { |
225 | had_identities = 1; | 225 | had_identities = 1; |
226 | if (fp) { | 226 | if (do_fp) { |
227 | fp = key_fingerprint(key, SSH_FP_MD5, | ||
228 | SSH_FP_HEX); | ||
227 | printf("%d %s %s (%s)\n", | 229 | printf("%d %s %s (%s)\n", |
228 | key_size(key), key_fingerprint(key), | 230 | key_size(key), fp, comment, key_type(key)); |
229 | comment, key_type(key)); | 231 | xfree(fp); |
230 | } else { | 232 | } else { |
231 | if (!key_write(key, stdout)) | 233 | if (!key_write(key, stdout)) |
232 | fprintf(stderr, "key_write failed"); | 234 | fprintf(stderr, "key_write failed"); |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 45a511477..b9ea01781 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.49 2001/03/11 22:33:24 markus Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.50 2001/03/12 22:02:02 markus Exp $"); |
16 | 16 | ||
17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
@@ -353,7 +353,7 @@ do_fingerprint(struct passwd *pw) | |||
353 | debug("try_load_public_key KEY_UNSPEC failed"); | 353 | debug("try_load_public_key KEY_UNSPEC failed"); |
354 | } | 354 | } |
355 | if (success) { | 355 | if (success) { |
356 | fp = key_fingerprint_ex(public, type, rep); | 356 | fp = key_fingerprint(public, type, rep); |
357 | printf("%d %s %s\n", key_size(public), | 357 | printf("%d %s %s\n", key_size(public), |
358 | fp, comment); | 358 | fp, comment); |
359 | key_free(public); | 359 | key_free(public); |
@@ -409,7 +409,7 @@ do_fingerprint(struct passwd *pw) | |||
409 | } | 409 | } |
410 | } | 410 | } |
411 | comment = *cp ? cp : comment; | 411 | comment = *cp ? cp : comment; |
412 | fp = key_fingerprint_ex(public, type, rep); | 412 | fp = key_fingerprint(public, type, rep); |
413 | printf("%d %s %s\n", key_size(public), fp, | 413 | printf("%d %s %s\n", key_size(public), fp, |
414 | comment ? comment : "no comment"); | 414 | comment ? comment : "no comment"); |
415 | xfree(fp); | 415 | xfree(fp); |
@@ -857,10 +857,12 @@ passphrase_again: | |||
857 | fclose(f); | 857 | fclose(f); |
858 | 858 | ||
859 | if (!quiet) { | 859 | if (!quiet) { |
860 | char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX); | ||
860 | printf("Your public key has been saved in %s.\n", | 861 | printf("Your public key has been saved in %s.\n", |
861 | identity_file); | 862 | identity_file); |
862 | printf("The key fingerprint is:\n"); | 863 | printf("The key fingerprint is:\n"); |
863 | printf("%s %s\n", key_fingerprint(public), comment); | 864 | printf("%s %s\n", fp, comment); |
865 | xfree(fp); | ||
864 | } | 866 | } |
865 | 867 | ||
866 | key_free(public); | 868 | key_free(public); |
diff --git a/sshconnect.c b/sshconnect.c index 573ae76b1..d82be89e9 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect.c,v 1.99 2001/03/10 15:31:00 deraadt Exp $"); | 16 | RCSID("$OpenBSD: sshconnect.c,v 1.100 2001/03/12 22:02:02 markus Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | 19 | ||
@@ -481,7 +481,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
481 | Key *file_key; | 481 | Key *file_key; |
482 | char *type = key_type(host_key); | 482 | char *type = key_type(host_key); |
483 | char *ip = NULL; | 483 | char *ip = NULL; |
484 | char hostline[1000], *hostp; | 484 | char hostline[1000], *hostp, *fp; |
485 | HostStatus host_status; | 485 | HostStatus host_status; |
486 | HostStatus ip_status; | 486 | HostStatus ip_status; |
487 | int local = 0, host_ip_differ = 0; | 487 | int local = 0, host_ip_differ = 0; |
@@ -612,11 +612,13 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
612 | } else if (options.strict_host_key_checking == 2) { | 612 | } else if (options.strict_host_key_checking == 2) { |
613 | /* The default */ | 613 | /* The default */ |
614 | char prompt[1024]; | 614 | char prompt[1024]; |
615 | fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); | ||
615 | snprintf(prompt, sizeof(prompt), | 616 | snprintf(prompt, sizeof(prompt), |
616 | "The authenticity of host '%.200s (%s)' can't be established.\n" | 617 | "The authenticity of host '%.200s (%s)' can't be established.\n" |
617 | "%s key fingerprint is %s.\n" | 618 | "%s key fingerprint is %s.\n" |
618 | "Are you sure you want to continue connecting (yes/no)? ", | 619 | "Are you sure you want to continue connecting (yes/no)? ", |
619 | host, ip, type, key_fingerprint(host_key)); | 620 | host, ip, type, fp); |
621 | xfree(fp); | ||
620 | if (!read_yes_or_no(prompt, -1)) | 622 | if (!read_yes_or_no(prompt, -1)) |
621 | fatal("Aborted by user!"); | 623 | fatal("Aborted by user!"); |
622 | } | 624 | } |
@@ -655,6 +657,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
655 | error("Offending key for IP in %s:%d", ip_file, ip_line); | 657 | error("Offending key for IP in %s:%d", ip_file, ip_line); |
656 | } | 658 | } |
657 | /* The host key has changed. */ | 659 | /* The host key has changed. */ |
660 | fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); | ||
658 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | 661 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
659 | error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); | 662 | error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); |
660 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | 663 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
@@ -662,11 +665,12 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
662 | error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); | 665 | error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); |
663 | error("It is also possible that the %s host key has just been changed.", type); | 666 | error("It is also possible that the %s host key has just been changed.", type); |
664 | error("The fingerprint for the %s key sent by the remote host is\n%s.", | 667 | error("The fingerprint for the %s key sent by the remote host is\n%s.", |
665 | type, key_fingerprint(host_key)); | 668 | type, fp); |
666 | error("Please contact your system administrator."); | 669 | error("Please contact your system administrator."); |
667 | error("Add correct host key in %.100s to get rid of this message.", | 670 | error("Add correct host key in %.100s to get rid of this message.", |
668 | user_hostfile); | 671 | user_hostfile); |
669 | error("Offending key in %s:%d", host_file, host_line); | 672 | error("Offending key in %s:%d", host_file, host_line); |
673 | xfree(fp); | ||
670 | 674 | ||
671 | /* | 675 | /* |
672 | * If strict host key checking is in use, the user will have | 676 | * If strict host key checking is in use, the user will have |
diff --git a/sshconnect2.c b/sshconnect2.c index 19d079bd3..046d746a4 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: sshconnect2.c,v 1.53 2001/03/10 17:51:04 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.54 2001/03/12 22:02:02 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
29 | #include <openssl/md5.h> | 29 | #include <openssl/md5.h> |
@@ -660,7 +660,7 @@ input_userauth_pk_ok(int type, int plen, void *ctxt) | |||
660 | Key *key = NULL; | 660 | Key *key = NULL; |
661 | Buffer b; | 661 | Buffer b; |
662 | int alen, blen, pktype, sent = 0; | 662 | int alen, blen, pktype, sent = 0; |
663 | char *pkalg, *pkblob; | 663 | char *pkalg, *pkblob, *fp; |
664 | 664 | ||
665 | if (authctxt == NULL) | 665 | if (authctxt == NULL) |
666 | fatal("input_userauth_pk_ok: no authentication context"); | 666 | fatal("input_userauth_pk_ok: no authentication context"); |
@@ -687,7 +687,6 @@ input_userauth_pk_ok(int type, int plen, void *ctxt) | |||
687 | debug("no last key or no sign cb"); | 687 | debug("no last key or no sign cb"); |
688 | break; | 688 | break; |
689 | } | 689 | } |
690 | debug2("last_key %s", key_fingerprint(authctxt->last_key)); | ||
691 | if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) { | 690 | if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) { |
692 | debug("unknown pkalg %s", pkalg); | 691 | debug("unknown pkalg %s", pkalg); |
693 | break; | 692 | break; |
@@ -696,7 +695,9 @@ input_userauth_pk_ok(int type, int plen, void *ctxt) | |||
696 | debug("no key from blob. pkalg %s", pkalg); | 695 | debug("no key from blob. pkalg %s", pkalg); |
697 | break; | 696 | break; |
698 | } | 697 | } |
699 | debug2("input_userauth_pk_ok: fp %s", key_fingerprint(key)); | 698 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
699 | debug2("input_userauth_pk_ok: fp %s", fp); | ||
700 | xfree(fp); | ||
700 | if (!key_equal(key, authctxt->last_key)) { | 701 | if (!key_equal(key, authctxt->last_key)) { |
701 | debug("key != last_key"); | 702 | debug("key != last_key"); |
702 | break; | 703 | break; |