+20010313
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/12 22:02:02
+ [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
+ remove old key_fingerprint interface, s/_ex//
+
20010312
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/11 13:25:36
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.21 2001/03/11 18:29:51 markus Exp $");
+RCSID("$OpenBSD: key.c,v 1.22 2001/03/12 22:02:01 markus Exp $");
#include <openssl/evp.h>
}
char*
-key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
+key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
{
char *retval = NULL;
u_char *dgst_raw;
dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len);
if (!dgst_raw)
- fatal("key_fingerprint_ex: null value returned from key_fingerprint_raw()");
+ fatal("key_fingerprint: null from key_fingerprint_raw()");
switch(dgst_rep) {
case SSH_FP_HEX:
retval = key_fingerprint_hex(dgst_raw, dgst_raw_len);
return retval;
}
-char *
-key_fingerprint(Key *k)
-{
- static char retval[(EVP_MAX_MD_SIZE + 1) * 3];
- char *digest;
-
- digest = key_fingerprint_ex(k, SSH_FP_MD5, SSH_FP_HEX);
- strlcpy(retval, digest, sizeof(retval));
- xfree(digest);
- return retval;
-}
-
/*
* Reads a multiple-precision integer in decimal from the buffer, and advances
* the pointer. The integer must already be initialized. This function is
-/* $OpenBSD: key.h,v 1.10 2001/03/11 15:03:16 jakob Exp $ */
+/* $OpenBSD: key.h,v 1.11 2001/03/12 22:02:01 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
Key *key_new_private(int type);
void key_free(Key *k);
int key_equal(Key *a, Key *b);
-char *key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep);
-char *key_fingerprint(Key *k);
+char *key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep);
char *key_type(Key *k);
int key_write(Key *key, FILE *f);
int key_read(Key *key, char **cpp);
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.29 2001/03/02 18:54:31 deraadt Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.30 2001/03/12 22:02:02 markus Exp $");
#include <openssl/evp.h>
}
void
-list_identities(AuthenticationConnection *ac, int fp)
+list_identities(AuthenticationConnection *ac, int do_fp)
{
Key *key;
- char *comment;
+ char *comment, *fp;
int had_identities = 0;
int version;
key != NULL;
key = ssh_get_next_identity(ac, &comment, version)) {
had_identities = 1;
- if (fp) {
+ if (do_fp) {
+ fp = key_fingerprint(key, SSH_FP_MD5,
+ SSH_FP_HEX);
printf("%d %s %s (%s)\n",
- key_size(key), key_fingerprint(key),
- comment, key_type(key));
+ key_size(key), fp, comment, key_type(key));
+ xfree(fp);
} else {
if (!key_write(key, stdout))
fprintf(stderr, "key_write failed");
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.49 2001/03/11 22:33:24 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.50 2001/03/12 22:02:02 markus Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
debug("try_load_public_key KEY_UNSPEC failed");
}
if (success) {
- fp = key_fingerprint_ex(public, type, rep);
+ fp = key_fingerprint(public, type, rep);
printf("%d %s %s\n", key_size(public),
fp, comment);
key_free(public);
}
}
comment = *cp ? cp : comment;
- fp = key_fingerprint_ex(public, type, rep);
+ fp = key_fingerprint(public, type, rep);
printf("%d %s %s\n", key_size(public), fp,
comment ? comment : "no comment");
xfree(fp);
fclose(f);
if (!quiet) {
+ char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX);
printf("Your public key has been saved in %s.\n",
identity_file);
printf("The key fingerprint is:\n");
- printf("%s %s\n", key_fingerprint(public), comment);
+ printf("%s %s\n", fp, comment);
+ xfree(fp);
}
key_free(public);
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.99 2001/03/10 15:31:00 deraadt Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.100 2001/03/12 22:02:02 markus Exp $");
#include <openssl/bn.h>
Key *file_key;
char *type = key_type(host_key);
char *ip = NULL;
- char hostline[1000], *hostp;
+ char hostline[1000], *hostp, *fp;
HostStatus host_status;
HostStatus ip_status;
int local = 0, host_ip_differ = 0;
} else if (options.strict_host_key_checking == 2) {
/* The default */
char prompt[1024];
+ fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
snprintf(prompt, sizeof(prompt),
"The authenticity of host '%.200s (%s)' can't be established.\n"
"%s key fingerprint is %s.\n"
"Are you sure you want to continue connecting (yes/no)? ",
- host, ip, type, key_fingerprint(host_key));
+ host, ip, type, fp);
+ xfree(fp);
if (!read_yes_or_no(prompt, -1))
fatal("Aborted by user!");
}
error("Offending key for IP in %s:%d", ip_file, ip_line);
}
/* The host key has changed. */
+ fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
error("It is also possible that the %s host key has just been changed.", type);
error("The fingerprint for the %s key sent by the remote host is\n%s.",
- type, key_fingerprint(host_key));
+ type, fp);
error("Please contact your system administrator.");
error("Add correct host key in %.100s to get rid of this message.",
user_hostfile);
error("Offending key in %s:%d", host_file, host_line);
+ xfree(fp);
/*
* If strict host key checking is in use, the user will have
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.53 2001/03/10 17:51:04 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.54 2001/03/12 22:02:02 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
Key *key = NULL;
Buffer b;
int alen, blen, pktype, sent = 0;
- char *pkalg, *pkblob;
+ char *pkalg, *pkblob, *fp;
if (authctxt == NULL)
fatal("input_userauth_pk_ok: no authentication context");
debug("no last key or no sign cb");
break;
}
- debug2("last_key %s", key_fingerprint(authctxt->last_key));
if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
debug("unknown pkalg %s", pkalg);
break;
debug("no key from blob. pkalg %s", pkalg);
break;
}
- debug2("input_userauth_pk_ok: fp %s", key_fingerprint(key));
+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ debug2("input_userauth_pk_ok: fp %s", fp);
+ xfree(fp);
if (!key_equal(key, authctxt->last_key)) {
debug("key != last_key");
break;