summaryrefslogtreecommitdiff
path: root/dns.c
diff options
context:
space:
mode:
Diffstat (limited to 'dns.c')
-rw-r--r--dns.c35
1 files changed, 13 insertions, 22 deletions
diff --git a/dns.c b/dns.c
index 4487c1aba..a71dd9bff 100644
--- a/dns.c
+++ b/dns.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $ */ 1/* $OpenBSD: dns.c,v 1.16 2005/10/17 14:13:35 stevesk Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2003 Wesley Griffin. All rights reserved. 4 * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -25,27 +25,16 @@
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */ 26 */
27 27
28
29#include "includes.h" 28#include "includes.h"
29RCSID("$OpenBSD: dns.c,v 1.16 2005/10/17 14:13:35 stevesk Exp $");
30 30
31#include <openssl/bn.h>
32#ifdef LWRES
33#include <lwres/netdb.h>
34#include <dns/result.h>
35#else /* LWRES */
36#include <netdb.h> 31#include <netdb.h>
37#endif /* LWRES */
38 32
39#include "xmalloc.h" 33#include "xmalloc.h"
40#include "key.h" 34#include "key.h"
41#include "dns.h" 35#include "dns.h"
42#include "log.h" 36#include "log.h"
43#include "uuencode.h"
44
45extern char *__progname;
46RCSID("$OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $");
47 37
48#ifndef LWRES
49static const char *errset_text[] = { 38static const char *errset_text[] = {
50 "success", /* 0 ERRSET_SUCCESS */ 39 "success", /* 0 ERRSET_SUCCESS */
51 "out of memory", /* 1 ERRSET_NOMEMORY */ 40 "out of memory", /* 1 ERRSET_NOMEMORY */
@@ -75,8 +64,6 @@ dns_result_totext(unsigned int res)
75 return "unknown error"; 64 return "unknown error";
76 } 65 }
77} 66}
78#endif /* LWRES */
79
80 67
81/* 68/*
82 * Read SSHFP parameters from key buffer. 69 * Read SSHFP parameters from key buffer.
@@ -95,12 +82,14 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type,
95 *algorithm = SSHFP_KEY_DSA; 82 *algorithm = SSHFP_KEY_DSA;
96 break; 83 break;
97 default: 84 default:
98 *algorithm = SSHFP_KEY_RESERVED; 85 *algorithm = SSHFP_KEY_RESERVED; /* 0 */
99 } 86 }
100 87
101 if (*algorithm) { 88 if (*algorithm) {
102 *digest_type = SSHFP_HASH_SHA1; 89 *digest_type = SSHFP_HASH_SHA1;
103 *digest = key_fingerprint_raw(key, SSH_FP_SHA1, digest_len); 90 *digest = key_fingerprint_raw(key, SSH_FP_SHA1, digest_len);
91 if (*digest == NULL)
92 fatal("dns_read_key: null from key_fingerprint_raw()");
104 success = 1; 93 success = 1;
105 } else { 94 } else {
106 *digest_type = SSHFP_HASH_RESERVED; 95 *digest_type = SSHFP_HASH_RESERVED;
@@ -133,7 +122,7 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
133 *digest = (u_char *) xmalloc(*digest_len); 122 *digest = (u_char *) xmalloc(*digest_len);
134 memcpy(*digest, rdata + 2, *digest_len); 123 memcpy(*digest, rdata + 2, *digest_len);
135 } else { 124 } else {
136 *digest = NULL; 125 *digest = xstrdup("");
137 } 126 }
138 127
139 success = 1; 128 success = 1;
@@ -187,7 +176,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
187 176
188 *flags = 0; 177 *flags = 0;
189 178
190 debug3("verify_hostkey_dns"); 179 debug3("verify_host_key_dns");
191 if (hostkey == NULL) 180 if (hostkey == NULL)
192 fatal("No key to look up!"); 181 fatal("No key to look up!");
193 182
@@ -223,7 +212,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
223 if (fingerprints->rri_nrdatas) 212 if (fingerprints->rri_nrdatas)
224 *flags |= DNS_VERIFY_FOUND; 213 *flags |= DNS_VERIFY_FOUND;
225 214
226 for (counter = 0 ; counter < fingerprints->rri_nrdatas ; counter++) { 215 for (counter = 0; counter < fingerprints->rri_nrdatas; counter++) {
227 /* 216 /*
228 * Extract the key from the answer. Ignore any badly 217 * Extract the key from the answer. Ignore any badly
229 * formatted fingerprints. 218 * formatted fingerprints.
@@ -247,8 +236,10 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
247 *flags |= DNS_VERIFY_MATCH; 236 *flags |= DNS_VERIFY_MATCH;
248 } 237 }
249 } 238 }
239 xfree(dnskey_digest);
250 } 240 }
251 241
242 xfree(hostkey_digest); /* from key_fingerprint_raw() */
252 freerrset(fingerprints); 243 freerrset(fingerprints);
253 244
254 if (*flags & DNS_VERIFY_FOUND) 245 if (*flags & DNS_VERIFY_FOUND)
@@ -262,7 +253,6 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
262 return 0; 253 return 0;
263} 254}
264 255
265
266/* 256/*
267 * Export the fingerprint of a key as a DNS resource record 257 * Export the fingerprint of a key as a DNS resource record
268 */ 258 */
@@ -278,7 +268,7 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic)
278 int success = 0; 268 int success = 0;
279 269
280 if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, 270 if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
281 &rdata_digest, &rdata_digest_len, key)) { 271 &rdata_digest, &rdata_digest_len, key)) {
282 272
283 if (generic) 273 if (generic)
284 fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", hostname, 274 fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", hostname,
@@ -291,9 +281,10 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic)
291 for (i = 0; i < rdata_digest_len; i++) 281 for (i = 0; i < rdata_digest_len; i++)
292 fprintf(f, "%02x", rdata_digest[i]); 282 fprintf(f, "%02x", rdata_digest[i]);
293 fprintf(f, "\n"); 283 fprintf(f, "\n");
284 xfree(rdata_digest); /* from key_fingerprint_raw() */
294 success = 1; 285 success = 1;
295 } else { 286 } else {
296 error("dns_export_rr: unsupported algorithm"); 287 error("export_dns_rr: unsupported algorithm");
297 } 288 }
298 289
299 return success; 290 return success;
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-11 00:43:32 +0000