- OpenBSD CVS Sync

- markus@cvs.openbsd.org 2001/03/12 22:02:02
     [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
     remove old key_fingerprint interface, s/_ex//

ChangeLog

@@ -1,3 +1,9 @@
+20010313
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/12 22:02:02
+     [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
+     remove old key_fingerprint interface, s/_ex//
+
 20010312
  - OpenBSD CVS Sync
    - markus@cvs.openbsd.org 2001/03/11 13:25:36
@@ -4525,4 +4531,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.950 2001/03/12 05:16:18 mouring Exp $
+$Id: ChangeLog,v 1.951 2001/03/13 04:57:58 mouring Exp $

key.c

@@ -32,7 +32,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.21 2001/03/11 18:29:51 markus Exp $");
+RCSID("$OpenBSD: key.c,v 1.22 2001/03/12 22:02:01 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -275,7 +275,7 @@ key_fingerprint_bubblebabble(u_char* dgst_raw, size_t dgst_raw_len)
 }
 
 char*
-key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
+key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
 {
 	char *retval = NULL; 
 	u_char *dgst_raw;
@@ -283,7 +283,7 @@ key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
 	
 	dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len);
 	if (!dgst_raw)
-		fatal("key_fingerprint_ex: null value returned from key_fingerprint_raw()");
+		fatal("key_fingerprint: null from key_fingerprint_raw()");
 	switch(dgst_rep) {
 	case SSH_FP_HEX:
 		retval = key_fingerprint_hex(dgst_raw, dgst_raw_len);
@@ -301,18 +301,6 @@ key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
 	return retval;
 }
 
-char *
-key_fingerprint(Key *k)
-{
-	static char retval[(EVP_MAX_MD_SIZE + 1) * 3];
-	char *digest;
-
-	digest = key_fingerprint_ex(k, SSH_FP_MD5, SSH_FP_HEX);
-	strlcpy(retval, digest, sizeof(retval));
-	xfree(digest);
-	return retval;
-}
-
 /*
  * Reads a multiple-precision integer in decimal from the buffer, and advances
  * the pointer.  The integer must already be initialized.  This function is

key.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: key.h,v 1.10 2001/03/11 15:03:16 jakob Exp $	*/
+/*	$OpenBSD: key.h,v 1.11 2001/03/12 22:02:01 markus Exp $	*/
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -54,8 +54,7 @@ Key	*key_new(int type);
 Key	*key_new_private(int type);
 void	key_free(Key *k);
 int	key_equal(Key *a, Key *b);
-char	*key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep);
-char	*key_fingerprint(Key *k);
+char	*key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep);
 char	*key_type(Key *k);
 int	key_write(Key *key, FILE *f);
 int	key_read(Key *key, char **cpp);

ssh-add.c

@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.29 2001/03/02 18:54:31 deraadt Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.30 2001/03/12 22:02:02 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -211,10 +211,10 @@ add_file(AuthenticationConnection *ac, const char *filename)
 }
 
 void
-list_identities(AuthenticationConnection *ac, int fp)
+list_identities(AuthenticationConnection *ac, int do_fp)
 {
 	Key *key;
-	char *comment;
+	char *comment, *fp;
 	int had_identities = 0;
 	int version;
 
@@ -223,10 +223,12 @@ list_identities(AuthenticationConnection *ac, int fp)
 		     key != NULL;
 		     key = ssh_get_next_identity(ac, &comment, version)) {
 			had_identities = 1;
-			if (fp) {
+			if (do_fp) {
+				fp = key_fingerprint(key, SSH_FP_MD5,
+				    SSH_FP_HEX);
 				printf("%d %s %s (%s)\n",
-				    key_size(key), key_fingerprint(key),
-				    comment, key_type(key));
+				    key_size(key), fp, comment, key_type(key));
+				xfree(fp);
 			} else {
 				if (!key_write(key, stdout))
 					fprintf(stderr, "key_write failed");

ssh-keygen.c

@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.49 2001/03/11 22:33:24 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.50 2001/03/12 22:02:02 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -353,7 +353,7 @@ do_fingerprint(struct passwd *pw)
 			debug("try_load_public_key KEY_UNSPEC failed");
 	}
 	if (success) {
-		fp = key_fingerprint_ex(public, type, rep);
+		fp = key_fingerprint(public, type, rep);
 		printf("%d %s %s\n", key_size(public),
 		    fp, comment);
 		key_free(public);
@@ -409,7 +409,7 @@ do_fingerprint(struct passwd *pw)
 				}
 			}
 			comment = *cp ? cp : comment;
-			fp = key_fingerprint_ex(public, type, rep);
+			fp = key_fingerprint(public, type, rep);
 			printf("%d %s %s\n", key_size(public), fp,
 			    comment ? comment : "no comment");
 			xfree(fp);
@@ -857,10 +857,12 @@ passphrase_again:
 	fclose(f);
 
 	if (!quiet) {
+		char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX);
 		printf("Your public key has been saved in %s.\n",
 		    identity_file);
 		printf("The key fingerprint is:\n");
-		printf("%s %s\n", key_fingerprint(public), comment);
+		printf("%s %s\n", fp, comment);
+		xfree(fp);
 	}
 
 	key_free(public);

sshconnect.c

@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.99 2001/03/10 15:31:00 deraadt Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.100 2001/03/12 22:02:02 markus Exp $");
 
 #include <openssl/bn.h>
 
@@ -481,7 +481,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 	Key *file_key;
 	char *type = key_type(host_key);
 	char *ip = NULL;
-	char hostline[1000], *hostp;
+	char hostline[1000], *hostp, *fp;
 	HostStatus host_status;
 	HostStatus ip_status;
 	int local = 0, host_ip_differ = 0;
@@ -612,11 +612,13 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 		} else if (options.strict_host_key_checking == 2) {
 			/* The default */
 			char prompt[1024];
+			fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
 			snprintf(prompt, sizeof(prompt),
 			    "The authenticity of host '%.200s (%s)' can't be established.\n"
 			    "%s key fingerprint is %s.\n"
 			    "Are you sure you want to continue connecting (yes/no)? ",
-			    host, ip, type, key_fingerprint(host_key));
+			    host, ip, type, fp);
+			xfree(fp);
 			if (!read_yes_or_no(prompt, -1))
 				fatal("Aborted by user!");
 		}
@@ -655,6 +657,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 				error("Offending key for IP in %s:%d", ip_file, ip_line);
 		}
 		/* The host key has changed. */
+		fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
 		error("@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @");
 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
@@ -662,11 +665,12 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 		error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
 		error("It is also possible that the %s host key has just been changed.", type);
 		error("The fingerprint for the %s key sent by the remote host is\n%s.",
-		    type, key_fingerprint(host_key));
+		    type, fp);
 		error("Please contact your system administrator.");
 		error("Add correct host key in %.100s to get rid of this message.",
 		    user_hostfile);
 		error("Offending key in %s:%d", host_file, host_line);
+		xfree(fp);
 
 		/*
 		 * If strict host key checking is in use, the user will have

sshconnect2.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.53 2001/03/10 17:51:04 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.54 2001/03/12 22:02:02 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -660,7 +660,7 @@ input_userauth_pk_ok(int type, int plen, void *ctxt)
 	Key *key = NULL;
 	Buffer b;
 	int alen, blen, pktype, sent = 0;
-	char *pkalg, *pkblob;
+	char *pkalg, *pkblob, *fp;
 
 	if (authctxt == NULL)
 		fatal("input_userauth_pk_ok: no authentication context");
@@ -687,7 +687,6 @@ input_userauth_pk_ok(int type, int plen, void *ctxt)
 			debug("no last key or no sign cb");
 			break;
 		}
-		debug2("last_key %s", key_fingerprint(authctxt->last_key));
 		if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
 			debug("unknown pkalg %s", pkalg);
 			break;
@@ -696,7 +695,9 @@ input_userauth_pk_ok(int type, int plen, void *ctxt)
 			debug("no key from blob. pkalg %s", pkalg);
 			break;
 		}
-		debug2("input_userauth_pk_ok: fp %s", key_fingerprint(key));
+		fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+		debug2("input_userauth_pk_ok: fp %s", fp);
+		xfree(fp);
 		if (!key_equal(key, authctxt->last_key)) {
 			debug("key != last_key");
 			break;