From 9ce86c926dfa6e0635161b035e3944e611cbccf0 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Wed, 28 Jan 2015 22:36:00 +0000
Subject: upstream commit

update to new API (key_fingerprint => sshkey_fingerprint)
 check sshkey_fingerprint return values; ok markus
---
 auth2-pubkey.c | 29 +++++++++++++++++------------
 1 file changed, 17 insertions(+), 12 deletions(-)

(limited to 'auth2-pubkey.c')

diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index d922eea26..d8f0aa3e2 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.45 2015/01/13 07:39:19 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.46 2015/01/28 22:36:00 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -228,18 +228,20 @@ pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...)
 	}
 
 	if (key_is_cert(key)) {
-		fp = key_fingerprint(key->cert->signature_key,
+		fp = sshkey_fingerprint(key->cert->signature_key,
 		    options.fingerprint_hash, SSH_FP_DEFAULT);
 		auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s", 
 		    key_type(key), key->cert->key_id,
 		    (unsigned long long)key->cert->serial,
-		    key_type(key->cert->signature_key), fp,
+		    key_type(key->cert->signature_key),
+		    fp == NULL ? "(null)" : "",
 		    extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
 		free(fp);
 	} else {
-		fp = key_fingerprint(key, options.fingerprint_hash,
+		fp = sshkey_fingerprint(key, options.fingerprint_hash,
 		    SSH_FP_DEFAULT);
-		auth_info(authctxt, "%s %s%s%s", key_type(key), fp,
+		auth_info(authctxt, "%s %s%s%s", key_type(key),
+		    fp == NULL ? "(null)" : "",
 		    extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
 		free(fp);
 	}
@@ -382,8 +384,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
 				continue;
 			if (!key_is_cert_authority)
 				continue;
-			fp = key_fingerprint(found, options.fingerprint_hash,
-			    SSH_FP_DEFAULT);
+			if ((fp = sshkey_fingerprint(found,
+			    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+				continue;
 			debug("matching CA found: file %s, line %lu, %s %s",
 			    file, linenum, key_type(found), fp);
 			/*
@@ -422,12 +425,13 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
 				continue;
 			if (key_is_cert_authority)
 				continue;
-			found_key = 1;
-			fp = key_fingerprint(found, options.fingerprint_hash,
-			    SSH_FP_DEFAULT);
+			if ((fp = sshkey_fingerprint(found,
+			    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+				continue;
 			debug("matching key found: file %s, line %lu %s %s",
 			    file, linenum, key_type(found), fp);
 			free(fp);
+			found_key = 1;
 			break;
 		}
 	}
@@ -449,8 +453,9 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
 	if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL)
 		return 0;
 
-	ca_fp = key_fingerprint(key->cert->signature_key,
-	    options.fingerprint_hash, SSH_FP_DEFAULT);
+	if ((ca_fp = sshkey_fingerprint(key->cert->signature_key,
+	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+		return 0;
 
 	if (sshkey_in_file(key->cert->signature_key,
 	    options.trusted_user_ca_keys, 1, 0) != 0) {
-- 
cgit v1.2.3