diff options
Diffstat (limited to 'sshconnect.c')
-rw-r--r-- | sshconnect.c | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/sshconnect.c b/sshconnect.c index af7307eb5..d4894b9f1 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.c,v 1.279 2017/05/30 08:52:19 markus Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.280 2017/05/30 14:13:40 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -779,7 +779,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
779 | const struct hostkey_entry *host_found, *ip_found; | 779 | const struct hostkey_entry *host_found, *ip_found; |
780 | int len, cancelled_forwarding = 0; | 780 | int len, cancelled_forwarding = 0; |
781 | int local = sockaddr_is_local(hostaddr); | 781 | int local = sockaddr_is_local(hostaddr); |
782 | int r, want_cert = key_is_cert(host_key), host_ip_differ = 0; | 782 | int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0; |
783 | int hostkey_trusted = 0; /* Known or explicitly accepted by user */ | 783 | int hostkey_trusted = 0; /* Known or explicitly accepted by user */ |
784 | struct hostkeys *host_hostkeys, *ip_hostkeys; | 784 | struct hostkeys *host_hostkeys, *ip_hostkeys; |
785 | u_int i; | 785 | u_int i; |
@@ -830,8 +830,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
830 | 830 | ||
831 | retry: | 831 | retry: |
832 | /* Reload these as they may have changed on cert->key downgrade */ | 832 | /* Reload these as they may have changed on cert->key downgrade */ |
833 | want_cert = key_is_cert(host_key); | 833 | want_cert = sshkey_is_cert(host_key); |
834 | type = key_type(host_key); | 834 | type = sshkey_type(host_key); |
835 | 835 | ||
836 | /* | 836 | /* |
837 | * Check if the host key is present in the user's list of known | 837 | * Check if the host key is present in the user's list of known |
@@ -851,7 +851,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
851 | if (host_status == HOST_CHANGED && | 851 | if (host_status == HOST_CHANGED && |
852 | (ip_status != HOST_CHANGED || | 852 | (ip_status != HOST_CHANGED || |
853 | (ip_found != NULL && | 853 | (ip_found != NULL && |
854 | !key_equal(ip_found->key, host_found->key)))) | 854 | !sshkey_equal(ip_found->key, host_found->key)))) |
855 | host_ip_differ = 1; | 855 | host_ip_differ = 1; |
856 | } else | 856 | } else |
857 | ip_status = host_status; | 857 | ip_status = host_status; |
@@ -1048,7 +1048,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
1048 | warn_changed_key(host_key); | 1048 | warn_changed_key(host_key); |
1049 | error("Add correct host key in %.100s to get rid of this message.", | 1049 | error("Add correct host key in %.100s to get rid of this message.", |
1050 | user_hostfiles[0]); | 1050 | user_hostfiles[0]); |
1051 | error("Offending %s key in %s:%lu", key_type(host_found->key), | 1051 | error("Offending %s key in %s:%lu", |
1052 | sshkey_type(host_found->key), | ||
1052 | host_found->file, host_found->line); | 1053 | host_found->file, host_found->line); |
1053 | 1054 | ||
1054 | /* | 1055 | /* |
@@ -1177,14 +1178,16 @@ fail: | |||
1177 | * search normally. | 1178 | * search normally. |
1178 | */ | 1179 | */ |
1179 | debug("No matching CA found. Retry with plain key"); | 1180 | debug("No matching CA found. Retry with plain key"); |
1180 | raw_key = key_from_private(host_key); | 1181 | if ((r = sshkey_from_private(host_key, &raw_key)) != 0) |
1181 | if (key_drop_cert(raw_key) != 0) | 1182 | fatal("%s: sshkey_from_private: %s", |
1182 | fatal("Couldn't drop certificate"); | 1183 | __func__, ssh_err(r)); |
1184 | if ((r = sshkey_drop_cert(raw_key)) != 0) | ||
1185 | fatal("Couldn't drop certificate: %s", ssh_err(r)); | ||
1183 | host_key = raw_key; | 1186 | host_key = raw_key; |
1184 | goto retry; | 1187 | goto retry; |
1185 | } | 1188 | } |
1186 | if (raw_key != NULL) | 1189 | if (raw_key != NULL) |
1187 | key_free(raw_key); | 1190 | sshkey_free(raw_key); |
1188 | free(ip); | 1191 | free(ip); |
1189 | free(host); | 1192 | free(host); |
1190 | if (host_hostkeys != NULL) | 1193 | if (host_hostkeys != NULL) |
@@ -1300,8 +1303,8 @@ out: | |||
1300 | free(fp); | 1303 | free(fp); |
1301 | free(cafp); | 1304 | free(cafp); |
1302 | if (r == 0 && host_key != NULL) { | 1305 | if (r == 0 && host_key != NULL) { |
1303 | key_free(previous_host_key); | 1306 | sshkey_free(previous_host_key); |
1304 | previous_host_key = key_from_private(host_key); | 1307 | r = sshkey_from_private(host_key, &previous_host_key); |
1305 | } | 1308 | } |
1306 | 1309 | ||
1307 | return r; | 1310 | return r; |