X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/301e8e5bfb0c19507f3d327e38566d5ec2726a3a..c10d042a23de5112ea63dbd8a67d1d9564026bb7:/key.c?ds=sidebyside diff --git a/key.c b/key.c index d8f994b5..84306a9b 100644 --- a/key.c +++ b/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.19 2001/03/11 15:03:15 jakob Exp $"); +RCSID("$OpenBSD: key.c,v 1.26 2001/06/23 05:26:02 markus Exp $"); #include @@ -156,6 +156,8 @@ key_equal(Key *a, Key *b) u_char* key_fingerprint_raw(Key *k, enum fp_type dgst_type, size_t *dgst_raw_length) { + EVP_MD *md = NULL; + EVP_MD_CTX ctx; u_char *blob = NULL; u_char *retval = NULL; int len = 0; @@ -163,6 +165,17 @@ key_fingerprint_raw(Key *k, enum fp_type dgst_type, size_t *dgst_raw_length) *dgst_raw_length = 0; + switch (dgst_type) { + case SSH_FP_MD5: + md = EVP_md5(); + break; + case SSH_FP_SHA1: + md = EVP_sha1(); + break; + default: + fatal("key_fingerprint_raw: bad digest type %d", + dgst_type); + } switch (k->type) { case KEY_RSA1: nlen = BN_num_bytes(k->rsa->n); @@ -184,23 +197,7 @@ key_fingerprint_raw(Key *k, enum fp_type dgst_type, size_t *dgst_raw_length) break; } if (blob != NULL) { - EVP_MD *md = NULL; - EVP_MD_CTX ctx; - retval = xmalloc(EVP_MAX_MD_SIZE); - - switch (dgst_type) { - case SSH_FP_MD5: - md = EVP_md5(); - break; - case SSH_FP_SHA1: - md = EVP_sha1(); - break; - default: - fatal("key_fingerprint_raw: bad digest type %d", - dgst_type); - } - EVP_DigestInit(&ctx, md); EVP_DigestUpdate(&ctx, blob, len); EVP_DigestFinal(&ctx, retval, NULL); @@ -214,12 +211,12 @@ key_fingerprint_raw(Key *k, enum fp_type dgst_type, size_t *dgst_raw_length) } char* -key_fingerprint_hex(u_char* dgst_raw, size_t dgst_raw_len) +key_fingerprint_hex(u_char* dgst_raw, size_t dgst_raw_len) { char *retval; int i; - retval = xmalloc(dgst_raw_len * 3); + retval = xmalloc(dgst_raw_len * 3 + 1); retval[0] = '\0'; for(i = 0; i < dgst_raw_len; i++) { char hex[4]; @@ -231,64 +228,62 @@ key_fingerprint_hex(u_char* dgst_raw, size_t dgst_raw_len) } char* -key_fingerprint_bubblebabble(u_char* dgst_raw, size_t dgst_raw_len) +key_fingerprint_bubblebabble(u_char* dgst_raw, size_t dgst_raw_len) { char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' }; char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm', 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' }; - u_int rounds, idx, retval_idx, seed; + u_int i, j = 0, rounds, seed = 1; char *retval; rounds = (dgst_raw_len / 2) + 1; retval = xmalloc(sizeof(char) * (rounds*6)); - seed = 1; - retval_idx = 0; - retval[retval_idx++] = 'x'; - for (idx=0;idx> 6) & 3) + + if ((i + 1 < rounds) || (dgst_raw_len % 2 != 0)) { + idx0 = (((((u_int)(dgst_raw[2 * i])) >> 6) & 3) + seed) % 6; - idx1 = (((u_int)(dgst_raw[2 * idx])) >> 2) & 15; - idx2 = ((((u_int)(dgst_raw[2 * idx])) & 3) + + idx1 = (((u_int)(dgst_raw[2 * i])) >> 2) & 15; + idx2 = ((((u_int)(dgst_raw[2 * i])) & 3) + (seed / 6)) % 6; - retval[retval_idx++] = vowels[idx0]; - retval[retval_idx++] = consonants[idx1]; - retval[retval_idx++] = vowels[idx2]; - if ((idx + 1) < rounds) { - idx3 = (((u_int)(dgst_raw[(2 * idx) + 1])) >> 4) & 15; - idx4 = (((u_int)(dgst_raw[(2 * idx) + 1]))) & 15; - retval[retval_idx++] = consonants[idx3]; - retval[retval_idx++] = '-'; - retval[retval_idx++] = consonants[idx4]; + retval[j++] = vowels[idx0]; + retval[j++] = consonants[idx1]; + retval[j++] = vowels[idx2]; + if ((i + 1) < rounds) { + idx3 = (((u_int)(dgst_raw[(2 * i) + 1])) >> 4) & 15; + idx4 = (((u_int)(dgst_raw[(2 * i) + 1]))) & 15; + retval[j++] = consonants[idx3]; + retval[j++] = '-'; + retval[j++] = consonants[idx4]; seed = ((seed * 5) + - ((((u_int)(dgst_raw[2 * idx])) * 7) + - ((u_int)(dgst_raw[(2 * idx) + 1])))) % 36; + ((((u_int)(dgst_raw[2 * i])) * 7) + + ((u_int)(dgst_raw[(2 * i) + 1])))) % 36; } } else { idx0 = seed % 6; idx1 = 16; idx2 = seed / 6; - retval[retval_idx++] = vowels[idx0]; - retval[retval_idx++] = consonants[idx1]; - retval[retval_idx++] = vowels[idx2]; + retval[j++] = vowels[idx0]; + retval[j++] = consonants[idx1]; + retval[j++] = vowels[idx2]; } } - retval[retval_idx++] = 'x'; - retval[retval_idx++] = '\0'; + retval[j++] = 'x'; + retval[j++] = '\0'; return retval; } char* -key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) +key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) { - char *retval = NULL; + char *retval = NULL; u_char *dgst_raw; - size_t dgst_raw_len; + size_t dgst_raw_len; dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len); if (!dgst_raw) - fatal("key_fingerprint_ex: null value returned from key_fingerprint_raw()"); + fatal("key_fingerprint: null from key_fingerprint_raw()"); switch(dgst_rep) { case SSH_FP_HEX: retval = key_fingerprint_hex(dgst_raw, dgst_raw_len); @@ -306,18 +301,6 @@ key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) return retval; } -char * -key_fingerprint(Key *k) -{ - static char retval[(EVP_MAX_MD_SIZE + 1) * 3]; - char *digest; - - digest = key_fingerprint_ex(k, SSH_FP_MD5, SSH_FP_HEX); - strlcpy(retval, digest, sizeof(retval)); - xfree(digest); - return retval; -} - /* * Reads a multiple-precision integer in decimal from the buffer, and advances * the pointer. The integer must already be initialized. This function is @@ -646,6 +629,28 @@ key_type_from_name(char *name) return KEY_UNSPEC; } +int +key_names_valid2(const char *names) +{ + char *s, *cp, *p; + + if (names == NULL || strcmp(names, "") == 0) + return 0; + s = cp = xstrdup(names); + for ((p = strsep(&cp, ",")); p && *p != '\0'; + (p = strsep(&cp, ","))) { + switch (key_type_from_name(p)) { + case KEY_RSA1: + case KEY_UNSPEC: + xfree(s); + return 0; + } + } + debug3("key names ok: [%s]", names); + xfree(s); + return 1; +} + Key * key_from_blob(char *blob, int blen) { @@ -763,6 +768,9 @@ key_verify( u_char *signature, int signaturelen, u_char *data, int datalen) { + if (signaturelen == 0) + return -1; + switch(key->type){ case KEY_DSA: return ssh_dss_verify(key, signature, signaturelen, data, datalen);