*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.57 2000/03/16 20:56:14 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.58 2000/03/23 22:15:33 markus Exp $");
#ifdef HAVE_OPENSSL
-#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
#include <openssl/md5.h>
+#include <openssl/bn.h>
#endif
#ifdef HAVE_SSL
-#include <ssl/bn.h>
+#include <ssl/rsa.h>
+#include <ssl/dsa.h>
#include <ssl/md5.h>
+#include <ssl/bn.h>
#endif
#include "xmalloc.h"
#include "uidswap.h"
#include "compat.h"
#include "readconf.h"
-#include "fingerprint.h"
+#include "key.h"
+#include "hostfile.h"
/* Session id for the current session. */
unsigned char session_id[16];
*/
void
-check_host_key(char *host, struct sockaddr *hostaddr, RSA *host_key)
+check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
{
- RSA *file_key;
+ Key *file_key;
char *ip = NULL;
char hostline[1000], *hostp;
HostStatus host_status;
* Store the host key from the known host file in here so that we can
* compare it with the key for the IP address.
*/
- file_key = RSA_new();
- file_key->n = BN_new();
- file_key->e = BN_new();
+ file_key = key_new(host_key->type);
/*
* Check if the host key is present in the user\'s list of known
* hosts or in the systemwide list.
*/
- host_status = check_host_in_hostfile(options.user_hostfile, host,
- host_key->e, host_key->n,
- file_key->e, file_key->n);
+ host_status = check_host_in_hostfile(options.user_hostfile, host, host_key, file_key);
if (host_status == HOST_NEW)
- host_status = check_host_in_hostfile(options.system_hostfile, host,
- host_key->e, host_key->n,
- file_key->e, file_key->n);
+ host_status = check_host_in_hostfile(options.system_hostfile, host, host_key, file_key);
/*
* Also perform check for the ip address, skip the check if we are
* localhost or the hostname was an ip address to begin with
*/
if (options.check_host_ip && !local && strcmp(host, ip)) {
- RSA *ip_key = RSA_new();
- ip_key->n = BN_new();
- ip_key->e = BN_new();
- ip_status = check_host_in_hostfile(options.user_hostfile, ip,
- host_key->e, host_key->n,
- ip_key->e, ip_key->n);
+ Key *ip_key = key_new(host_key->type);
+ ip_status = check_host_in_hostfile(options.user_hostfile, ip, host_key, ip_key);
if (ip_status == HOST_NEW)
- ip_status = check_host_in_hostfile(options.system_hostfile, ip,
- host_key->e, host_key->n,
- ip_key->e, ip_key->n);
+ ip_status = check_host_in_hostfile(options.system_hostfile, ip, host_key, ip_key);
if (host_status == HOST_CHANGED &&
- (ip_status != HOST_CHANGED ||
- (BN_cmp(ip_key->e, file_key->e) || BN_cmp(ip_key->n, file_key->n))))
+ (ip_status != HOST_CHANGED || !key_equal(ip_key, file_key)))
host_ip_differ = 1;
- RSA_free(ip_key);
+ key_free(ip_key);
} else
ip_status = host_status;
- RSA_free(file_key);
+ key_free(file_key);
switch (host_status) {
case HOST_OK:
debug("Host '%.200s' is known and matches the host key.", host);
if (options.check_host_ip) {
if (ip_status == HOST_NEW) {
- if (!add_host_to_hostfile(options.user_hostfile, ip,
- host_key->e, host_key->n))
+ if (!add_host_to_hostfile(options.user_hostfile, ip, host_key))
log("Failed to add the host key for IP address '%.30s' to the list of known hosts (%.30s).",
ip, options.user_hostfile);
else
} else if (options.strict_host_key_checking == 2) {
/* The default */
char prompt[1024];
- char *fp = fingerprint(host_key->e, host_key->n);
+ char *fp = key_fingerprint(host_key);
snprintf(prompt, sizeof(prompt),
"The authenticity of host '%.200s' can't be established.\n"
- "Key fingerprint is %d %s.\n"
+ "Key fingerprint is %s.\n"
"Are you sure you want to continue connecting (yes/no)? ",
- host, BN_num_bits(host_key->n), fp);
+ host, fp);
if (!read_yes_or_no(prompt, -1))
fatal("Aborted by user!\n");
}
hostp = host;
/* If not in strict mode, add the key automatically to the local known_hosts file. */
- if (!add_host_to_hostfile(options.user_hostfile, hostp,
- host_key->e, host_key->n))
+ if (!add_host_to_hostfile(options.user_hostfile, hostp, host_key))
log("Failed to add the host to the list of known hosts (%.500s).",
options.user_hostfile);
else
if (options.check_host_ip)
xfree(ip);
}
+void
+check_rsa_host_key(char *host, struct sockaddr *hostaddr, RSA *host_key)
+{
+ Key k;
+ k.type = KEY_RSA;
+ k.rsa = host_key;
+ check_host_key(host, hostaddr, &k);
+}
/*
* SSH1 key exchange
8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
SSH_SMSG_PUBLIC_KEY);
- check_host_key(host, hostaddr, host_key);
+ check_rsa_host_key(host, hostaddr, host_key);
client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN;
fatal("Permission denied.");
/* NOTREACHED */
}
-
/*
* Starts a dialog with the server, and authenticates the current user on the
* server. This does not need any extra privileges. The basic connection
ssh_kex(host, hostaddr);
if (supported_authentications == 0)
fatal("supported_authentications == 0.");
+
/* authenticate user */
ssh_userauth(host_key_valid, own_host_key, original_real_uid, host);
}
andersk / openssh.git / blobdiff