- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/12 22:02:02
[key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
remove old key_fingerprint interface, s/_ex//
diff --git a/ChangeLog b/ChangeLog
index c6ce558..033e483 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20010313
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2001/03/12 22:02:02
+ [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
+ remove old key_fingerprint interface, s/_ex//
+
20010312
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/11 13:25:36
@@ -4525,4 +4531,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.950 2001/03/12 05:16:18 mouring Exp $
+$Id: ChangeLog,v 1.951 2001/03/13 04:57:58 mouring Exp $
diff --git a/key.c b/key.c
index d05c86a..e01f2cc 100644
--- a/key.c
+++ b/key.c
@@ -32,7 +32,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.21 2001/03/11 18:29:51 markus Exp $");
+RCSID("$OpenBSD: key.c,v 1.22 2001/03/12 22:02:01 markus Exp $");
#include <openssl/evp.h>
@@ -275,7 +275,7 @@
}
char*
-key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
+key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
{
char *retval = NULL;
u_char *dgst_raw;
@@ -283,7 +283,7 @@
dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len);
if (!dgst_raw)
- fatal("key_fingerprint_ex: null value returned from key_fingerprint_raw()");
+ fatal("key_fingerprint: null from key_fingerprint_raw()");
switch(dgst_rep) {
case SSH_FP_HEX:
retval = key_fingerprint_hex(dgst_raw, dgst_raw_len);
@@ -301,18 +301,6 @@
return retval;
}
-char *
-key_fingerprint(Key *k)
-{
- static char retval[(EVP_MAX_MD_SIZE + 1) * 3];
- char *digest;
-
- digest = key_fingerprint_ex(k, SSH_FP_MD5, SSH_FP_HEX);
- strlcpy(retval, digest, sizeof(retval));
- xfree(digest);
- return retval;
-}
-
/*
* Reads a multiple-precision integer in decimal from the buffer, and advances
* the pointer. The integer must already be initialized. This function is
diff --git a/key.h b/key.h
index e46c06e..251c565 100644
--- a/key.h
+++ b/key.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.h,v 1.10 2001/03/11 15:03:16 jakob Exp $ */
+/* $OpenBSD: key.h,v 1.11 2001/03/12 22:02:01 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -54,8 +54,7 @@
Key *key_new_private(int type);
void key_free(Key *k);
int key_equal(Key *a, Key *b);
-char *key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep);
-char *key_fingerprint(Key *k);
+char *key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep);
char *key_type(Key *k);
int key_write(Key *key, FILE *f);
int key_read(Key *key, char **cpp);
diff --git a/ssh-add.c b/ssh-add.c
index dc93052..c80b4fb 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.29 2001/03/02 18:54:31 deraadt Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.30 2001/03/12 22:02:02 markus Exp $");
#include <openssl/evp.h>
@@ -211,10 +211,10 @@
}
void
-list_identities(AuthenticationConnection *ac, int fp)
+list_identities(AuthenticationConnection *ac, int do_fp)
{
Key *key;
- char *comment;
+ char *comment, *fp;
int had_identities = 0;
int version;
@@ -223,10 +223,12 @@
key != NULL;
key = ssh_get_next_identity(ac, &comment, version)) {
had_identities = 1;
- if (fp) {
+ if (do_fp) {
+ fp = key_fingerprint(key, SSH_FP_MD5,
+ SSH_FP_HEX);
printf("%d %s %s (%s)\n",
- key_size(key), key_fingerprint(key),
- comment, key_type(key));
+ key_size(key), fp, comment, key_type(key));
+ xfree(fp);
} else {
if (!key_write(key, stdout))
fprintf(stderr, "key_write failed");
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 45a5114..b9ea017 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.49 2001/03/11 22:33:24 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.50 2001/03/12 22:02:02 markus Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -353,7 +353,7 @@
debug("try_load_public_key KEY_UNSPEC failed");
}
if (success) {
- fp = key_fingerprint_ex(public, type, rep);
+ fp = key_fingerprint(public, type, rep);
printf("%d %s %s\n", key_size(public),
fp, comment);
key_free(public);
@@ -409,7 +409,7 @@
}
}
comment = *cp ? cp : comment;
- fp = key_fingerprint_ex(public, type, rep);
+ fp = key_fingerprint(public, type, rep);
printf("%d %s %s\n", key_size(public), fp,
comment ? comment : "no comment");
xfree(fp);
@@ -857,10 +857,12 @@
fclose(f);
if (!quiet) {
+ char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX);
printf("Your public key has been saved in %s.\n",
identity_file);
printf("The key fingerprint is:\n");
- printf("%s %s\n", key_fingerprint(public), comment);
+ printf("%s %s\n", fp, comment);
+ xfree(fp);
}
key_free(public);
diff --git a/sshconnect.c b/sshconnect.c
index 573ae76..d82be89 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.99 2001/03/10 15:31:00 deraadt Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.100 2001/03/12 22:02:02 markus Exp $");
#include <openssl/bn.h>
@@ -481,7 +481,7 @@
Key *file_key;
char *type = key_type(host_key);
char *ip = NULL;
- char hostline[1000], *hostp;
+ char hostline[1000], *hostp, *fp;
HostStatus host_status;
HostStatus ip_status;
int local = 0, host_ip_differ = 0;
@@ -612,11 +612,13 @@
} else if (options.strict_host_key_checking == 2) {
/* The default */
char prompt[1024];
+ fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
snprintf(prompt, sizeof(prompt),
"The authenticity of host '%.200s (%s)' can't be established.\n"
"%s key fingerprint is %s.\n"
"Are you sure you want to continue connecting (yes/no)? ",
- host, ip, type, key_fingerprint(host_key));
+ host, ip, type, fp);
+ xfree(fp);
if (!read_yes_or_no(prompt, -1))
fatal("Aborted by user!");
}
@@ -655,6 +657,7 @@
error("Offending key for IP in %s:%d", ip_file, ip_line);
}
/* The host key has changed. */
+ fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
@@ -662,11 +665,12 @@
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
error("It is also possible that the %s host key has just been changed.", type);
error("The fingerprint for the %s key sent by the remote host is\n%s.",
- type, key_fingerprint(host_key));
+ type, fp);
error("Please contact your system administrator.");
error("Add correct host key in %.100s to get rid of this message.",
user_hostfile);
error("Offending key in %s:%d", host_file, host_line);
+ xfree(fp);
/*
* If strict host key checking is in use, the user will have
diff --git a/sshconnect2.c b/sshconnect2.c
index 19d079b..046d746 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.53 2001/03/10 17:51:04 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.54 2001/03/12 22:02:02 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -660,7 +660,7 @@
Key *key = NULL;
Buffer b;
int alen, blen, pktype, sent = 0;
- char *pkalg, *pkblob;
+ char *pkalg, *pkblob, *fp;
if (authctxt == NULL)
fatal("input_userauth_pk_ok: no authentication context");
@@ -687,7 +687,6 @@
debug("no last key or no sign cb");
break;
}
- debug2("last_key %s", key_fingerprint(authctxt->last_key));
if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
debug("unknown pkalg %s", pkalg);
break;
@@ -696,7 +695,9 @@
debug("no key from blob. pkalg %s", pkalg);
break;
}
- debug2("input_userauth_pk_ok: fp %s", key_fingerprint(key));
+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ debug2("input_userauth_pk_ok: fp %s", fp);
+ xfree(fp);
if (!key_equal(key, authctxt->last_key)) {
debug("key != last_key");
break;