X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/08345971c656fd29ea2c50a96780d3f14536a8d6..c48c32c1d58312e02017c436b7725a5793abfd42:/key.c

diff --git a/key.c b/key.c
index 17a6c787..57df5b93 100644
--- a/key.c
+++ b/key.c
@@ -9,7 +9,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  *
  *
- * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -32,7 +32,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.20 2001/03/11 15:13:09 jakob Exp $");
+RCSID("$OpenBSD: key.c,v 1.33 2001/10/04 14:34:16 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -54,6 +54,7 @@ key_new(int type)
 	DSA *dsa;
 	k = xmalloc(sizeof(*k));
 	k->type = type;
+	k->flags = 0;
 	k->dsa = NULL;
 	k->rsa = NULL;
 	switch (k->type) {
@@ -153,9 +154,11 @@ key_equal(Key *a, Key *b)
 	return 0;
 }
 
-u_char*
+static u_char*
 key_fingerprint_raw(Key *k, enum fp_type dgst_type, size_t *dgst_raw_length)
 {
+	EVP_MD *md = NULL;
+	EVP_MD_CTX ctx;
 	u_char *blob = NULL;
 	u_char *retval = NULL;
 	int len = 0;
@@ -163,6 +166,17 @@ key_fingerprint_raw(Key *k, enum fp_type dgst_type, size_t *dgst_raw_length)
 
 	*dgst_raw_length = 0;
 
+	switch (dgst_type) {
+	case SSH_FP_MD5:
+		md = EVP_md5();
+		break;
+	case SSH_FP_SHA1:
+		md = EVP_sha1();
+		break;
+	default:
+		fatal("key_fingerprint_raw: bad digest type %d",
+		    dgst_type);
+	}
 	switch (k->type) {
 	case KEY_RSA1:
 		nlen = BN_num_bytes(k->rsa->n);
@@ -184,23 +198,7 @@ key_fingerprint_raw(Key *k, enum fp_type dgst_type, size_t *dgst_raw_length)
 		break;
 	}
 	if (blob != NULL) {
-		EVP_MD *md = NULL;
-		EVP_MD_CTX ctx;
-
 		retval = xmalloc(EVP_MAX_MD_SIZE);
-
-		switch (dgst_type) {
-		case SSH_FP_MD5:
-			md = EVP_md5();
-			break;
-		case SSH_FP_SHA1:
-			md = EVP_sha1();
-			break;
-		default:
-			fatal("key_fingerprint_raw: bad digest type %d",
-			    dgst_type);
-		}
-
 		EVP_DigestInit(&ctx, md);
 		EVP_DigestUpdate(&ctx, blob, len);
 		EVP_DigestFinal(&ctx, retval, NULL);
@@ -213,13 +211,13 @@ key_fingerprint_raw(Key *k, enum fp_type dgst_type, size_t *dgst_raw_length)
 	return retval;
 }
 
-char*
-key_fingerprint_hex(u_char* dgst_raw, size_t dgst_raw_len) 
+static char*
+key_fingerprint_hex(u_char* dgst_raw, size_t dgst_raw_len)
 {
 	char *retval;
 	int i;
 
-	retval = xmalloc(dgst_raw_len * 3);
+	retval = xmalloc(dgst_raw_len * 3 + 1);
 	retval[0] = '\0';
 	for(i = 0; i < dgst_raw_len; i++) {
 		char hex[4];
@@ -230,8 +228,8 @@ key_fingerprint_hex(u_char* dgst_raw, size_t dgst_raw_len)
 	return retval;
 }
 
-char*
-key_fingerprint_bubblebabble(u_char* dgst_raw, size_t dgst_raw_len) 
+static char*
+key_fingerprint_bubblebabble(u_char* dgst_raw, size_t dgst_raw_len)
 {
 	char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' };
 	char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm',
@@ -278,15 +276,15 @@ key_fingerprint_bubblebabble(u_char* dgst_raw, size_t dgst_raw_len)
 }
 
 char*
-key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
+key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
 {
-	char *retval = NULL; 
+	char *retval = NULL;
 	u_char *dgst_raw;
-	size_t dgst_raw_len; 
+	size_t dgst_raw_len;
 	
 	dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len);
 	if (!dgst_raw)
-		fatal("key_fingerprint_ex: null value returned from key_fingerprint_raw()");
+		fatal("key_fingerprint: null from key_fingerprint_raw()");
 	switch(dgst_rep) {
 	case SSH_FP_HEX:
 		retval = key_fingerprint_hex(dgst_raw, dgst_raw_len);
@@ -304,18 +302,6 @@ key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
 	return retval;
 }
 
-char *
-key_fingerprint(Key *k)
-{
-	static char retval[(EVP_MAX_MD_SIZE + 1) * 3];
-	char *digest;
-
-	digest = key_fingerprint_ex(k, SSH_FP_MD5, SSH_FP_HEX);
-	strlcpy(retval, digest, sizeof(retval));
-	xfree(digest);
-	return retval;
-}
-
 /*
  * Reads a multiple-precision integer in decimal from the buffer, and advances
  * the pointer.  The integer must already be initialized.  This function is
@@ -323,7 +309,7 @@ key_fingerprint(Key *k)
  * last processed (and maybe modified) character.  Note that this may modify
  * the buffer containing the number.
  */
-int
+static int
 read_bignum(char **cpp, BIGNUM * value)
 {
 	char *cp = *cpp;
@@ -359,7 +345,7 @@ read_bignum(char **cpp, BIGNUM * value)
 	*cpp = cp;
 	return 1;
 }
-int
+static int
 write_bignum(FILE *f, BIGNUM *num)
 {
 	char *buf = BN_bn2dec(num);
@@ -368,11 +354,11 @@ write_bignum(FILE *f, BIGNUM *num)
 		return 0;
 	}
 	fprintf(f, " %s", buf);
-	xfree(buf);
+	OPENSSL_free(buf);
 	return 1;
 }
 
-/* returns 1 ok, -1 error, 0 type mismatch */
+/* returns 1 ok, -1 error */
 int
 key_read(Key *ret, char **cpp)
 {
@@ -427,7 +413,7 @@ key_read(Key *ret, char **cpp)
 		} else if (ret->type != type) {
 			/* is a key, but different type */
 			debug3("key_read: type mismatch");
-			return 0;
+			return -1;
 		}
 		len = 2*strlen(cp);
 		blob = xmalloc(len);
@@ -559,7 +545,7 @@ key_size(Key *k){
 	return 0;
 }
 
-RSA *
+static RSA *
 rsa_generate_private_key(u_int bits)
 {
 	RSA *private;
@@ -569,7 +555,7 @@ rsa_generate_private_key(u_int bits)
 	return private;
 }
 
-DSA*
+static DSA*
 dsa_generate_private_key(u_int bits)
 {
 	DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
@@ -644,8 +630,30 @@ key_type_from_name(char *name)
 	return KEY_UNSPEC;
 }
 
+int
+key_names_valid2(const char *names)
+{
+	char *s, *cp, *p;
+
+	if (names == NULL || strcmp(names, "") == 0)
+		return 0;
+	s = cp = xstrdup(names);
+	for ((p = strsep(&cp, ",")); p && *p != '\0';
+	     (p = strsep(&cp, ","))) {
+		switch (key_type_from_name(p)) {
+		case KEY_RSA1:
+		case KEY_UNSPEC:
+			xfree(s);
+			return 0;
+		}
+	}
+	debug3("key names ok: [%s]", names);
+	xfree(s);
+	return 1;
+}
+
 Key *
-key_from_blob(char *blob, int blen)
+key_from_blob(u_char *blob, int blen)
 {
 	Buffer b;
 	char *ktype;
@@ -720,8 +728,9 @@ key_to_blob(Key *key, u_char **blobp, u_int *lenp)
 		buffer_put_bignum2(&b, key->rsa->n);
 		break;
 	default:
-		error("key_to_blob: illegal key type %d", key->type);
-		break;
+		error("key_to_blob: unsupported key type %d", key->type);
+		buffer_free(&b);
+		return 0;
 	}
 	len = buffer_len(&b);
 	buf = xmalloc(len);
@@ -761,6 +770,9 @@ key_verify(
     u_char *signature, int signaturelen,
     u_char *data, int datalen)
 {
+	if (signaturelen == 0)
+		return -1;
+
 	switch(key->type){
 	case KEY_DSA:
 		return ssh_dss_verify(key, signature, signaturelen, data, datalen);