diff options
Diffstat (limited to 'dns.c')
| -rw-r--r-- | dns.c | 41 |
1 files changed, 22 insertions, 19 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dns.c,v 1.31 2014/06/24 01:13:21 djm Exp $ */ | 1 | /* $OpenBSD: dns.c,v 1.34 2015/01/28 22:36:00 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2003 Wesley Griffin. All rights reserved. | 4 | * Copyright (c) 2003 Wesley Griffin. All rights reserved. |
| @@ -38,9 +38,11 @@ | |||
| 38 | #include <stdlib.h> | 38 | #include <stdlib.h> |
| 39 | 39 | ||
| 40 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
| 41 | #include "key.h" | 41 | #include "sshkey.h" |
| 42 | #include "ssherr.h" | ||
| 42 | #include "dns.h" | 43 | #include "dns.h" |
| 43 | #include "log.h" | 44 | #include "log.h" |
| 45 | #include "digest.h" | ||
| 44 | 46 | ||
| 45 | static const char *errset_text[] = { | 47 | static const char *errset_text[] = { |
| 46 | "success", /* 0 ERRSET_SUCCESS */ | 48 | "success", /* 0 ERRSET_SUCCESS */ |
| @@ -77,10 +79,10 @@ dns_result_totext(unsigned int res) | |||
| 77 | */ | 79 | */ |
| 78 | static int | 80 | static int |
| 79 | dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, | 81 | dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, |
| 80 | u_char **digest, u_int *digest_len, Key *key) | 82 | u_char **digest, size_t *digest_len, struct sshkey *key) |
| 81 | { | 83 | { |
| 82 | int success = 0; | 84 | int r, success = 0; |
| 83 | enum fp_type fp_type = 0; | 85 | int fp_alg = -1; |
| 84 | 86 | ||
| 85 | switch (key->type) { | 87 | switch (key->type) { |
| 86 | case KEY_RSA: | 88 | case KEY_RSA: |
| @@ -110,19 +112,20 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, | |||
| 110 | 112 | ||
| 111 | switch (*digest_type) { | 113 | switch (*digest_type) { |
| 112 | case SSHFP_HASH_SHA1: | 114 | case SSHFP_HASH_SHA1: |
| 113 | fp_type = SSH_FP_SHA1; | 115 | fp_alg = SSH_DIGEST_SHA1; |
| 114 | break; | 116 | break; |
| 115 | case SSHFP_HASH_SHA256: | 117 | case SSHFP_HASH_SHA256: |
| 116 | fp_type = SSH_FP_SHA256; | 118 | fp_alg = SSH_DIGEST_SHA256; |
| 117 | break; | 119 | break; |
| 118 | default: | 120 | default: |
| 119 | *digest_type = SSHFP_HASH_RESERVED; /* 0 */ | 121 | *digest_type = SSHFP_HASH_RESERVED; /* 0 */ |
| 120 | } | 122 | } |
| 121 | 123 | ||
| 122 | if (*algorithm && *digest_type) { | 124 | if (*algorithm && *digest_type) { |
| 123 | *digest = key_fingerprint_raw(key, fp_type, digest_len); | 125 | if ((r = sshkey_fingerprint_raw(key, fp_alg, digest, |
| 124 | if (*digest == NULL) | 126 | digest_len)) != 0) |
| 125 | fatal("dns_read_key: null from key_fingerprint_raw()"); | 127 | fatal("%s: sshkey_fingerprint_raw: %s", __func__, |
| 128 | ssh_err(r)); | ||
| 126 | success = 1; | 129 | success = 1; |
| 127 | } else { | 130 | } else { |
| 128 | *digest = NULL; | 131 | *digest = NULL; |
| @@ -138,7 +141,7 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, | |||
| 138 | */ | 141 | */ |
| 139 | static int | 142 | static int |
| 140 | dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type, | 143 | dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type, |
| 141 | u_char **digest, u_int *digest_len, u_char *rdata, int rdata_len) | 144 | u_char **digest, size_t *digest_len, u_char *rdata, int rdata_len) |
| 142 | { | 145 | { |
| 143 | int success = 0; | 146 | int success = 0; |
| 144 | 147 | ||
| @@ -199,7 +202,7 @@ is_numeric_hostname(const char *hostname) | |||
| 199 | */ | 202 | */ |
| 200 | int | 203 | int |
| 201 | verify_host_key_dns(const char *hostname, struct sockaddr *address, | 204 | verify_host_key_dns(const char *hostname, struct sockaddr *address, |
| 202 | Key *hostkey, int *flags) | 205 | struct sshkey *hostkey, int *flags) |
| 203 | { | 206 | { |
| 204 | u_int counter; | 207 | u_int counter; |
| 205 | int result; | 208 | int result; |
| @@ -208,12 +211,12 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, | |||
| 208 | u_int8_t hostkey_algorithm; | 211 | u_int8_t hostkey_algorithm; |
| 209 | u_int8_t hostkey_digest_type = SSHFP_HASH_RESERVED; | 212 | u_int8_t hostkey_digest_type = SSHFP_HASH_RESERVED; |
| 210 | u_char *hostkey_digest; | 213 | u_char *hostkey_digest; |
| 211 | u_int hostkey_digest_len; | 214 | size_t hostkey_digest_len; |
| 212 | 215 | ||
| 213 | u_int8_t dnskey_algorithm; | 216 | u_int8_t dnskey_algorithm; |
| 214 | u_int8_t dnskey_digest_type; | 217 | u_int8_t dnskey_digest_type; |
| 215 | u_char *dnskey_digest; | 218 | u_char *dnskey_digest; |
| 216 | u_int dnskey_digest_len; | 219 | size_t dnskey_digest_len; |
| 217 | 220 | ||
| 218 | *flags = 0; | 221 | *flags = 0; |
| 219 | 222 | ||
| @@ -291,7 +294,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, | |||
| 291 | free(dnskey_digest); | 294 | free(dnskey_digest); |
| 292 | } | 295 | } |
| 293 | 296 | ||
| 294 | free(hostkey_digest); /* from key_fingerprint_raw() */ | 297 | free(hostkey_digest); /* from sshkey_fingerprint_raw() */ |
| 295 | freerrset(fingerprints); | 298 | freerrset(fingerprints); |
| 296 | 299 | ||
| 297 | if (*flags & DNS_VERIFY_FOUND) | 300 | if (*flags & DNS_VERIFY_FOUND) |
| @@ -309,13 +312,13 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, | |||
| 309 | * Export the fingerprint of a key as a DNS resource record | 312 | * Export the fingerprint of a key as a DNS resource record |
| 310 | */ | 313 | */ |
| 311 | int | 314 | int |
| 312 | export_dns_rr(const char *hostname, Key *key, FILE *f, int generic) | 315 | export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic) |
| 313 | { | 316 | { |
| 314 | u_int8_t rdata_pubkey_algorithm = 0; | 317 | u_int8_t rdata_pubkey_algorithm = 0; |
| 315 | u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED; | 318 | u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED; |
| 316 | u_int8_t dtype; | 319 | u_int8_t dtype; |
| 317 | u_char *rdata_digest; | 320 | u_char *rdata_digest; |
| 318 | u_int i, rdata_digest_len; | 321 | size_t i, rdata_digest_len; |
| 319 | int success = 0; | 322 | int success = 0; |
| 320 | 323 | ||
| 321 | for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) { | 324 | for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) { |
| @@ -323,7 +326,7 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic) | |||
| 323 | if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, | 326 | if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, |
| 324 | &rdata_digest, &rdata_digest_len, key)) { | 327 | &rdata_digest, &rdata_digest_len, key)) { |
| 325 | if (generic) { | 328 | if (generic) { |
| 326 | fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", | 329 | fprintf(f, "%s IN TYPE%d \\# %zu %02x %02x ", |
| 327 | hostname, DNS_RDATATYPE_SSHFP, | 330 | hostname, DNS_RDATATYPE_SSHFP, |
| 328 | 2 + rdata_digest_len, | 331 | 2 + rdata_digest_len, |
| 329 | rdata_pubkey_algorithm, rdata_digest_type); | 332 | rdata_pubkey_algorithm, rdata_digest_type); |
| @@ -334,7 +337,7 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic) | |||
| 334 | for (i = 0; i < rdata_digest_len; i++) | 337 | for (i = 0; i < rdata_digest_len; i++) |
| 335 | fprintf(f, "%02x", rdata_digest[i]); | 338 | fprintf(f, "%02x", rdata_digest[i]); |
| 336 | fprintf(f, "\n"); | 339 | fprintf(f, "\n"); |
| 337 | free(rdata_digest); /* from key_fingerprint_raw() */ | 340 | free(rdata_digest); /* from sshkey_fingerprint_raw() */ |
| 338 | success = 1; | 341 | success = 1; |
| 339 | } | 342 | } |
| 340 | } | 343 | } |