diff options
Diffstat (limited to 'dns.c')
-rw-r--r-- | dns.c | 41 |
1 files changed, 22 insertions, 19 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: dns.c,v 1.31 2014/06/24 01:13:21 djm Exp $ */ | 1 | /* $OpenBSD: dns.c,v 1.34 2015/01/28 22:36:00 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2003 Wesley Griffin. All rights reserved. | 4 | * Copyright (c) 2003 Wesley Griffin. All rights reserved. |
@@ -38,9 +38,11 @@ | |||
38 | #include <stdlib.h> | 38 | #include <stdlib.h> |
39 | 39 | ||
40 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
41 | #include "key.h" | 41 | #include "sshkey.h" |
42 | #include "ssherr.h" | ||
42 | #include "dns.h" | 43 | #include "dns.h" |
43 | #include "log.h" | 44 | #include "log.h" |
45 | #include "digest.h" | ||
44 | 46 | ||
45 | static const char *errset_text[] = { | 47 | static const char *errset_text[] = { |
46 | "success", /* 0 ERRSET_SUCCESS */ | 48 | "success", /* 0 ERRSET_SUCCESS */ |
@@ -77,10 +79,10 @@ dns_result_totext(unsigned int res) | |||
77 | */ | 79 | */ |
78 | static int | 80 | static int |
79 | dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, | 81 | dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, |
80 | u_char **digest, u_int *digest_len, Key *key) | 82 | u_char **digest, size_t *digest_len, struct sshkey *key) |
81 | { | 83 | { |
82 | int success = 0; | 84 | int r, success = 0; |
83 | enum fp_type fp_type = 0; | 85 | int fp_alg = -1; |
84 | 86 | ||
85 | switch (key->type) { | 87 | switch (key->type) { |
86 | case KEY_RSA: | 88 | case KEY_RSA: |
@@ -110,19 +112,20 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, | |||
110 | 112 | ||
111 | switch (*digest_type) { | 113 | switch (*digest_type) { |
112 | case SSHFP_HASH_SHA1: | 114 | case SSHFP_HASH_SHA1: |
113 | fp_type = SSH_FP_SHA1; | 115 | fp_alg = SSH_DIGEST_SHA1; |
114 | break; | 116 | break; |
115 | case SSHFP_HASH_SHA256: | 117 | case SSHFP_HASH_SHA256: |
116 | fp_type = SSH_FP_SHA256; | 118 | fp_alg = SSH_DIGEST_SHA256; |
117 | break; | 119 | break; |
118 | default: | 120 | default: |
119 | *digest_type = SSHFP_HASH_RESERVED; /* 0 */ | 121 | *digest_type = SSHFP_HASH_RESERVED; /* 0 */ |
120 | } | 122 | } |
121 | 123 | ||
122 | if (*algorithm && *digest_type) { | 124 | if (*algorithm && *digest_type) { |
123 | *digest = key_fingerprint_raw(key, fp_type, digest_len); | 125 | if ((r = sshkey_fingerprint_raw(key, fp_alg, digest, |
124 | if (*digest == NULL) | 126 | digest_len)) != 0) |
125 | fatal("dns_read_key: null from key_fingerprint_raw()"); | 127 | fatal("%s: sshkey_fingerprint_raw: %s", __func__, |
128 | ssh_err(r)); | ||
126 | success = 1; | 129 | success = 1; |
127 | } else { | 130 | } else { |
128 | *digest = NULL; | 131 | *digest = NULL; |
@@ -138,7 +141,7 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, | |||
138 | */ | 141 | */ |
139 | static int | 142 | static int |
140 | dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type, | 143 | dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type, |
141 | u_char **digest, u_int *digest_len, u_char *rdata, int rdata_len) | 144 | u_char **digest, size_t *digest_len, u_char *rdata, int rdata_len) |
142 | { | 145 | { |
143 | int success = 0; | 146 | int success = 0; |
144 | 147 | ||
@@ -199,7 +202,7 @@ is_numeric_hostname(const char *hostname) | |||
199 | */ | 202 | */ |
200 | int | 203 | int |
201 | verify_host_key_dns(const char *hostname, struct sockaddr *address, | 204 | verify_host_key_dns(const char *hostname, struct sockaddr *address, |
202 | Key *hostkey, int *flags) | 205 | struct sshkey *hostkey, int *flags) |
203 | { | 206 | { |
204 | u_int counter; | 207 | u_int counter; |
205 | int result; | 208 | int result; |
@@ -208,12 +211,12 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, | |||
208 | u_int8_t hostkey_algorithm; | 211 | u_int8_t hostkey_algorithm; |
209 | u_int8_t hostkey_digest_type = SSHFP_HASH_RESERVED; | 212 | u_int8_t hostkey_digest_type = SSHFP_HASH_RESERVED; |
210 | u_char *hostkey_digest; | 213 | u_char *hostkey_digest; |
211 | u_int hostkey_digest_len; | 214 | size_t hostkey_digest_len; |
212 | 215 | ||
213 | u_int8_t dnskey_algorithm; | 216 | u_int8_t dnskey_algorithm; |
214 | u_int8_t dnskey_digest_type; | 217 | u_int8_t dnskey_digest_type; |
215 | u_char *dnskey_digest; | 218 | u_char *dnskey_digest; |
216 | u_int dnskey_digest_len; | 219 | size_t dnskey_digest_len; |
217 | 220 | ||
218 | *flags = 0; | 221 | *flags = 0; |
219 | 222 | ||
@@ -291,7 +294,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, | |||
291 | free(dnskey_digest); | 294 | free(dnskey_digest); |
292 | } | 295 | } |
293 | 296 | ||
294 | free(hostkey_digest); /* from key_fingerprint_raw() */ | 297 | free(hostkey_digest); /* from sshkey_fingerprint_raw() */ |
295 | freerrset(fingerprints); | 298 | freerrset(fingerprints); |
296 | 299 | ||
297 | if (*flags & DNS_VERIFY_FOUND) | 300 | if (*flags & DNS_VERIFY_FOUND) |
@@ -309,13 +312,13 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, | |||
309 | * Export the fingerprint of a key as a DNS resource record | 312 | * Export the fingerprint of a key as a DNS resource record |
310 | */ | 313 | */ |
311 | int | 314 | int |
312 | export_dns_rr(const char *hostname, Key *key, FILE *f, int generic) | 315 | export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic) |
313 | { | 316 | { |
314 | u_int8_t rdata_pubkey_algorithm = 0; | 317 | u_int8_t rdata_pubkey_algorithm = 0; |
315 | u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED; | 318 | u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED; |
316 | u_int8_t dtype; | 319 | u_int8_t dtype; |
317 | u_char *rdata_digest; | 320 | u_char *rdata_digest; |
318 | u_int i, rdata_digest_len; | 321 | size_t i, rdata_digest_len; |
319 | int success = 0; | 322 | int success = 0; |
320 | 323 | ||
321 | for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) { | 324 | for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) { |
@@ -323,7 +326,7 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic) | |||
323 | if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, | 326 | if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, |
324 | &rdata_digest, &rdata_digest_len, key)) { | 327 | &rdata_digest, &rdata_digest_len, key)) { |
325 | if (generic) { | 328 | if (generic) { |
326 | fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", | 329 | fprintf(f, "%s IN TYPE%d \\# %zu %02x %02x ", |
327 | hostname, DNS_RDATATYPE_SSHFP, | 330 | hostname, DNS_RDATATYPE_SSHFP, |
328 | 2 + rdata_digest_len, | 331 | 2 + rdata_digest_len, |
329 | rdata_pubkey_algorithm, rdata_digest_type); | 332 | rdata_pubkey_algorithm, rdata_digest_type); |
@@ -334,7 +337,7 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic) | |||
334 | for (i = 0; i < rdata_digest_len; i++) | 337 | for (i = 0; i < rdata_digest_len; i++) |
335 | fprintf(f, "%02x", rdata_digest[i]); | 338 | fprintf(f, "%02x", rdata_digest[i]); |
336 | fprintf(f, "\n"); | 339 | fprintf(f, "\n"); |
337 | free(rdata_digest); /* from key_fingerprint_raw() */ | 340 | free(rdata_digest); /* from sshkey_fingerprint_raw() */ |
338 | success = 1; | 341 | success = 1; |
339 | } | 342 | } |
340 | } | 343 | } |