diff options
Diffstat (limited to 'key.c')
-rw-r--r-- | key.c | 42 |
1 files changed, 20 insertions, 22 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.c,v 1.114 2013/12/29 04:20:04 djm Exp $ */ | 1 | /* $OpenBSD: key.c,v 1.115 2014/01/09 23:20:00 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * read_bignum(): | 3 | * read_bignum(): |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -56,6 +56,7 @@ | |||
56 | #include "log.h" | 56 | #include "log.h" |
57 | #include "misc.h" | 57 | #include "misc.h" |
58 | #include "ssh2.h" | 58 | #include "ssh2.h" |
59 | #include "digest.h" | ||
59 | 60 | ||
60 | static int to_blob(const Key *, u_char **, u_int *, int); | 61 | static int to_blob(const Key *, u_char **, u_int *, int); |
61 | static Key *key_from_blob2(const u_char *, u_int, int); | 62 | static Key *key_from_blob2(const u_char *, u_int, int); |
@@ -358,30 +359,26 @@ u_char* | |||
358 | key_fingerprint_raw(const Key *k, enum fp_type dgst_type, | 359 | key_fingerprint_raw(const Key *k, enum fp_type dgst_type, |
359 | u_int *dgst_raw_length) | 360 | u_int *dgst_raw_length) |
360 | { | 361 | { |
361 | const EVP_MD *md = NULL; | ||
362 | EVP_MD_CTX ctx; | ||
363 | u_char *blob = NULL; | 362 | u_char *blob = NULL; |
364 | u_char *retval = NULL; | 363 | u_char *retval = NULL; |
365 | u_int len = 0; | 364 | u_int len = 0; |
366 | int nlen, elen; | 365 | int nlen, elen, hash_alg = -1; |
367 | 366 | ||
368 | *dgst_raw_length = 0; | 367 | *dgst_raw_length = 0; |
369 | 368 | ||
369 | /* XXX switch to DIGEST_* directly? */ | ||
370 | switch (dgst_type) { | 370 | switch (dgst_type) { |
371 | case SSH_FP_MD5: | 371 | case SSH_FP_MD5: |
372 | md = EVP_md5(); | 372 | hash_alg = SSH_DIGEST_MD5; |
373 | break; | 373 | break; |
374 | case SSH_FP_SHA1: | 374 | case SSH_FP_SHA1: |
375 | md = EVP_sha1(); | 375 | hash_alg = SSH_DIGEST_SHA1; |
376 | break; | 376 | break; |
377 | #ifdef HAVE_EVP_SHA256 | ||
378 | case SSH_FP_SHA256: | 377 | case SSH_FP_SHA256: |
379 | md = EVP_sha256(); | 378 | hash_alg = SSH_DIGEST_SHA256; |
380 | break; | 379 | break; |
381 | #endif | ||
382 | default: | 380 | default: |
383 | fatal("key_fingerprint_raw: bad digest type %d", | 381 | fatal("%s: bad digest type %d", __func__, dgst_type); |
384 | dgst_type); | ||
385 | } | 382 | } |
386 | switch (k->type) { | 383 | switch (k->type) { |
387 | case KEY_RSA1: | 384 | case KEY_RSA1: |
@@ -410,18 +407,19 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type, | |||
410 | case KEY_UNSPEC: | 407 | case KEY_UNSPEC: |
411 | return retval; | 408 | return retval; |
412 | default: | 409 | default: |
413 | fatal("key_fingerprint_raw: bad key type %d", k->type); | 410 | fatal("%s: bad key type %d", __func__, k->type); |
414 | break; | 411 | break; |
415 | } | 412 | } |
416 | if (blob != NULL) { | 413 | if (blob != NULL) { |
417 | retval = xmalloc(EVP_MAX_MD_SIZE); | 414 | retval = xmalloc(SSH_DIGEST_MAX_LENGTH); |
418 | EVP_DigestInit(&ctx, md); | 415 | if ((ssh_digest_memory(hash_alg, blob, len, |
419 | EVP_DigestUpdate(&ctx, blob, len); | 416 | retval, SSH_DIGEST_MAX_LENGTH)) != 0) |
420 | EVP_DigestFinal(&ctx, retval, dgst_raw_length); | 417 | fatal("%s: digest_memory failed", __func__); |
421 | memset(blob, 0, len); | 418 | memset(blob, 0, len); |
422 | free(blob); | 419 | free(blob); |
420 | *dgst_raw_length = ssh_digest_bytes(hash_alg); | ||
423 | } else { | 421 | } else { |
424 | fatal("key_fingerprint_raw: blob is null"); | 422 | fatal("%s: blob is null", __func__); |
425 | } | 423 | } |
426 | return retval; | 424 | return retval; |
427 | } | 425 | } |
@@ -2211,8 +2209,8 @@ key_curve_nid_to_name(int nid) | |||
2211 | } | 2209 | } |
2212 | 2210 | ||
2213 | #ifdef OPENSSL_HAS_ECC | 2211 | #ifdef OPENSSL_HAS_ECC |
2214 | const EVP_MD * | 2212 | int |
2215 | key_ec_nid_to_evpmd(int nid) | 2213 | key_ec_nid_to_hash_alg(int nid) |
2216 | { | 2214 | { |
2217 | int kbits = key_curve_nid_to_bits(nid); | 2215 | int kbits = key_curve_nid_to_bits(nid); |
2218 | 2216 | ||
@@ -2220,11 +2218,11 @@ key_ec_nid_to_evpmd(int nid) | |||
2220 | fatal("%s: invalid nid %d", __func__, nid); | 2218 | fatal("%s: invalid nid %d", __func__, nid); |
2221 | /* RFC5656 section 6.2.1 */ | 2219 | /* RFC5656 section 6.2.1 */ |
2222 | if (kbits <= 256) | 2220 | if (kbits <= 256) |
2223 | return EVP_sha256(); | 2221 | return SSH_DIGEST_SHA256; |
2224 | else if (kbits <= 384) | 2222 | else if (kbits <= 384) |
2225 | return EVP_sha384(); | 2223 | return SSH_DIGEST_SHA384; |
2226 | else | 2224 | else |
2227 | return EVP_sha512(); | 2225 | return SSH_DIGEST_SHA512; |
2228 | } | 2226 | } |
2229 | 2227 | ||
2230 | int | 2228 | int |