[openssh-commits] [openssh] 01/01: upstream commit
git+noreply at mindrot.org
git+noreply at mindrot.org
Thu Jan 29 10:19:02 AEDT 2015
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 9ce86c926dfa6e0635161b035e3944e611cbccf0
Author: djm at openbsd.org <djm at openbsd.org>
Date: Wed Jan 28 22:36:00 2015 +0000
upstream commit
update to new API (key_fingerprint => sshkey_fingerprint)
check sshkey_fingerprint return values; ok markus
---
auth-rsa.c | 7 ++++---
auth2-hostbased.c | 12 +++++++-----
auth2-pubkey.c | 29 +++++++++++++++++------------
dns.c | 6 +++---
key.c | 19 +------------------
key.h | 5 +----
ssh-add.c | 5 +++--
ssh-agent.c | 5 +++--
ssh-keygen.c | 18 ++++++++++++++----
ssh-keysign.c | 7 ++++---
sshconnect.c | 26 +++++++++++++++++---------
sshconnect2.c | 10 +++++++---
12 files changed, 81 insertions(+), 68 deletions(-)
diff --git a/auth-rsa.c b/auth-rsa.c
index 422c196..cbd971b 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rsa.c,v 1.89 2014/12/21 22:27:56 djm Exp $ */
+/* $OpenBSD: auth-rsa.c,v 1.90 2015/01/28 22:36:00 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -238,8 +238,9 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
"actual %d vs. announced %d.",
file, linenum, BN_num_bits(key->rsa->n), bits);
- fp = key_fingerprint(key, options.fingerprint_hash,
- SSH_FP_DEFAULT);
+ if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
+ SSH_FP_DEFAULT)) == NULL)
+ continue;
debug("matching key found: file %s, line %lu %s %s",
file, linenum, key_type(key), fp);
free(fp);
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 6f69e89..eebfe8f 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.23 2015/01/28 11:07:25 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.24 2015/01/28 22:36:00 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -224,15 +224,17 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
if (host_status == HOST_OK) {
if (key_is_cert(key)) {
- fp = key_fingerprint(key->cert->signature_key,
- options.fingerprint_hash, SSH_FP_DEFAULT);
+ if ((fp = sshkey_fingerprint(key->cert->signature_key,
+ options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
verbose("Accepted certificate ID \"%s\" signed by "
"%s CA %s from %s@%s", key->cert->key_id,
key_type(key->cert->signature_key), fp,
cuser, lookup);
} else {
- fp = key_fingerprint(key, options.fingerprint_hash,
- SSH_FP_DEFAULT);
+ if ((fp = sshkey_fingerprint(key,
+ options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
verbose("Accepted %s public key %s from %s@%s",
key_type(key), fp, cuser, lookup);
}
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index d922eea..d8f0aa3 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.45 2015/01/13 07:39:19 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.46 2015/01/28 22:36:00 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -228,18 +228,20 @@ pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...)
}
if (key_is_cert(key)) {
- fp = key_fingerprint(key->cert->signature_key,
+ fp = sshkey_fingerprint(key->cert->signature_key,
options.fingerprint_hash, SSH_FP_DEFAULT);
auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s",
key_type(key), key->cert->key_id,
(unsigned long long)key->cert->serial,
- key_type(key->cert->signature_key), fp,
+ key_type(key->cert->signature_key),
+ fp == NULL ? "(null)" : "",
extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
free(fp);
} else {
- fp = key_fingerprint(key, options.fingerprint_hash,
+ fp = sshkey_fingerprint(key, options.fingerprint_hash,
SSH_FP_DEFAULT);
- auth_info(authctxt, "%s %s%s%s", key_type(key), fp,
+ auth_info(authctxt, "%s %s%s%s", key_type(key),
+ fp == NULL ? "(null)" : "",
extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
free(fp);
}
@@ -382,8 +384,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
continue;
if (!key_is_cert_authority)
continue;
- fp = key_fingerprint(found, options.fingerprint_hash,
- SSH_FP_DEFAULT);
+ if ((fp = sshkey_fingerprint(found,
+ options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+ continue;
debug("matching CA found: file %s, line %lu, %s %s",
file, linenum, key_type(found), fp);
/*
@@ -422,12 +425,13 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
continue;
if (key_is_cert_authority)
continue;
- found_key = 1;
- fp = key_fingerprint(found, options.fingerprint_hash,
- SSH_FP_DEFAULT);
+ if ((fp = sshkey_fingerprint(found,
+ options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+ continue;
debug("matching key found: file %s, line %lu %s %s",
file, linenum, key_type(found), fp);
free(fp);
+ found_key = 1;
break;
}
}
@@ -449,8 +453,9 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL)
return 0;
- ca_fp = key_fingerprint(key->cert->signature_key,
- options.fingerprint_hash, SSH_FP_DEFAULT);
+ if ((ca_fp = sshkey_fingerprint(key->cert->signature_key,
+ options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+ return 0;
if (sshkey_in_file(key->cert->signature_key,
options.trusted_user_ca_keys, 1, 0) != 0) {
diff --git a/dns.c b/dns.c
index f45bec0..f201b60 100644
--- a/dns.c
+++ b/dns.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.c,v 1.33 2015/01/15 09:40:00 djm Exp $ */
+/* $OpenBSD: dns.c,v 1.34 2015/01/28 22:36:00 djm Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -294,7 +294,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
free(dnskey_digest);
}
- free(hostkey_digest); /* from key_fingerprint_raw() */
+ free(hostkey_digest); /* from sshkey_fingerprint_raw() */
freerrset(fingerprints);
if (*flags & DNS_VERIFY_FOUND)
@@ -337,7 +337,7 @@ export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic)
for (i = 0; i < rdata_digest_len; i++)
fprintf(f, "%02x", rdata_digest[i]);
fprintf(f, "\n");
- free(rdata_digest); /* from key_fingerprint_raw() */
+ free(rdata_digest); /* from sshkey_fingerprint_raw() */
success = 1;
}
}
diff --git a/key.c b/key.c
index c2b696a..bbe027b 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.126 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: key.c,v 1.127 2015/01/28 22:36:00 djm Exp $ */
/*
* placed in the public domain
*/
@@ -39,23 +39,6 @@ key_new_private(int type)
return ret;
}
-u_char*
-key_fingerprint_raw(const Key *k, int dgst_alg, u_int *dgst_raw_length)
-{
- u_char *ret = NULL;
- size_t dlen;
- int r;
-
- if (dgst_raw_length != NULL)
- *dgst_raw_length = 0;
- if ((r = sshkey_fingerprint_raw(k, dgst_alg, &ret, &dlen)) != 0)
- fatal("%s: %s", __func__, ssh_err(r));
- if (dlen > INT_MAX)
- fatal("%s: giant len %zu", __func__, dlen);
- *dgst_raw_length = dlen;
- return ret;
-}
-
int
key_read(Key *ret, char **cpp)
{
diff --git a/key.h b/key.h
index bf88497..89fd5cf 100644
--- a/key.h
+++ b/key.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.h,v 1.46 2015/01/13 07:39:19 djm Exp $ */
+/* $OpenBSD: key.h,v 1.47 2015/01/28 22:36:00 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -39,7 +39,6 @@ typedef struct sshkey Key;
#define key_free sshkey_free
#define key_equal_public sshkey_equal_public
#define key_equal sshkey_equal
-#define key_fingerprint sshkey_fingerprint
#define key_type sshkey_type
#define key_cert_type sshkey_cert_type
#define key_ssh_name sshkey_ssh_name
@@ -59,14 +58,12 @@ typedef struct sshkey Key;
#define key_ec_nid_to_hash_alg sshkey_ec_nid_to_hash_alg
#define key_dump_ec_point sshkey_dump_ec_point
#define key_dump_ec_key sshkey_dump_ec_key
-#define key_fingerprint sshkey_fingerprint
#endif
void key_add_private(Key *);
Key *key_new_private(int);
void key_free(Key *);
Key *key_demote(const Key *);
-u_char *key_fingerprint_raw(const Key *, int, u_int *);
int key_write(const Key *, FILE *);
int key_read(Key *, char **);
diff --git a/ssh-add.c b/ssh-add.c
index 5ac5108..676e65d 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.117 2015/01/16 06:40:12 deraadt Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.118 2015/01/28 22:36:00 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -375,7 +375,8 @@ list_identities(int agent_fd, int do_fp)
fp = sshkey_fingerprint(idlist->keys[i],
fingerprint_hash, SSH_FP_DEFAULT);
printf("%d %s %s (%s)\n",
- sshkey_size(idlist->keys[i]), fp,
+ sshkey_size(idlist->keys[i]),
+ fp == NULL ? "(null)" : fp,
idlist->comments[i],
sshkey_type(idlist->keys[i]));
free(fp);
diff --git a/ssh-agent.c b/ssh-agent.c
index ba8d020..41e12ac 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.196 2015/01/16 06:40:12 deraadt Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.197 2015/01/28 22:36:00 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -212,7 +212,8 @@ confirm_key(Identity *id)
int ret = -1;
p = sshkey_fingerprint(id->key, fingerprint_hash, SSH_FP_DEFAULT);
- if (ask_permission("Allow use of key %s?\nKey fingerprint %s.",
+ if (p != NULL &&
+ ask_permission("Allow use of key %s?\nKey fingerprint %s.",
id->comment, p))
ret = 0;
free(p);
diff --git a/ssh-keygen.c b/ssh-keygen.c
index ac20723..b8489dc 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.258 2015/01/19 00:32:54 deraadt Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.259 2015/01/28 22:36:00 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -800,6 +800,8 @@ do_download(struct passwd *pw)
fp = sshkey_fingerprint(keys[i], fptype, rep);
ra = sshkey_fingerprint(keys[i], fingerprint_hash,
SSH_FP_RANDOMART);
+ if (fp == NULL || ra == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]),
fp, sshkey_type(keys[i]));
if (log_level >= SYSLOG_LEVEL_VERBOSE)
@@ -846,6 +848,8 @@ do_fingerprint(struct passwd *pw)
fp = sshkey_fingerprint(public, fptype, rep);
ra = sshkey_fingerprint(public, fingerprint_hash,
SSH_FP_RANDOMART);
+ if (fp == NULL || ra == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
printf("%u %s %s (%s)\n", sshkey_size(public), fp, comment,
sshkey_type(public));
if (log_level >= SYSLOG_LEVEL_VERBOSE)
@@ -915,6 +919,8 @@ do_fingerprint(struct passwd *pw)
fp = sshkey_fingerprint(public, fptype, rep);
ra = sshkey_fingerprint(public, fingerprint_hash,
SSH_FP_RANDOMART);
+ if (fp == NULL || ra == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
printf("%u %s %s (%s)\n", sshkey_size(public), fp,
comment ? comment : "no comment", sshkey_type(public));
if (log_level >= SYSLOG_LEVEL_VERBOSE)
@@ -1902,6 +1908,8 @@ do_show_cert(struct passwd *pw)
key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT);
ca_fp = sshkey_fingerprint(key->cert->signature_key,
fingerprint_hash, SSH_FP_DEFAULT);
+ if (key_fp == NULL || ca_fp == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
printf("%s:\n", identity_file);
printf(" Type: %s %s certificate\n", sshkey_ssh_name(key),
@@ -2216,7 +2224,7 @@ main(int argc, char **argv)
{
char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2;
char *checkpoint = NULL;
- char out_file[PATH_MAX], *rr_hostname = NULL, *ep;
+ char out_file[PATH_MAX], *rr_hostname = NULL, *ep, *fp, *ra;
struct sshkey *private, *public;
struct passwd *pw;
struct stat st;
@@ -2709,10 +2717,12 @@ passphrase_again:
fclose(f);
if (!quiet) {
- char *fp = sshkey_fingerprint(public, fingerprint_hash,
+ fp = sshkey_fingerprint(public, fingerprint_hash,
SSH_FP_DEFAULT);
- char *ra = sshkey_fingerprint(public, fingerprint_hash,
+ ra = sshkey_fingerprint(public, fingerprint_hash,
SSH_FP_RANDOMART);
+ if (fp == NULL || ra == NULL)
+ fatal("sshkey_fingerprint failed");
printf("Your public key has been saved in %s.\n",
identity_file);
printf("The key fingerprint is:\n");
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 222327e..bcf897a 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.46 2015/01/15 09:40:00 djm Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.47 2015/01/28 22:36:00 djm Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*
@@ -274,8 +274,9 @@ main(int argc, char **argv)
}
}
if (!found) {
- fp = sshkey_fingerprint(key, options.fingerprint_hash,
- SSH_FP_DEFAULT);
+ if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
+ SSH_FP_DEFAULT)) == NULL)
+ fatal("%s: sshkey_fingerprint failed", __func__);
fatal("no matching hostkey found for key %s %s",
sshkey_type(key), fp ? fp : "");
}
diff --git a/sshconnect.c b/sshconnect.c
index df921be..9e51506 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.258 2015/01/26 06:10:03 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.259 2015/01/28 22:36:00 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -770,7 +770,7 @@ get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr,
if (options.proxy_command == NULL) {
if (getnameinfo(hostaddr, addrlen,
ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0)
- fatal("check_host_key: getnameinfo failed");
+ fatal("%s: getnameinfo failed", __func__);
*hostfile_ipaddr = put_host_port(ntop, port);
} else {
*hostfile_ipaddr = xstrdup("<no hostip for proxy "
@@ -919,10 +919,12 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
"key for IP address '%.128s' to the list "
"of known hosts.", type, ip);
} else if (options.visual_host_key) {
- fp = key_fingerprint(host_key,
+ fp = sshkey_fingerprint(host_key,
options.fingerprint_hash, SSH_FP_DEFAULT);
- ra = key_fingerprint(host_key,
+ ra = sshkey_fingerprint(host_key,
options.fingerprint_hash, SSH_FP_RANDOMART);
+ if (fp == NULL || ra == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
logit("Host key fingerprint is %s\n%s\n", fp, ra);
free(ra);
free(fp);
@@ -962,10 +964,12 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
else
snprintf(msg1, sizeof(msg1), ".");
/* The default */
- fp = key_fingerprint(host_key,
+ fp = sshkey_fingerprint(host_key,
options.fingerprint_hash, SSH_FP_DEFAULT);
- ra = key_fingerprint(host_key,
+ ra = sshkey_fingerprint(host_key,
options.fingerprint_hash, SSH_FP_RANDOMART);
+ if (fp == NULL || ra == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
msg2[0] = '\0';
if (options.verify_host_key_dns) {
if (matching_host_key_dns)
@@ -1399,10 +1403,12 @@ show_other_keys(struct hostkeys *hostkeys, Key *key)
continue;
if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found))
continue;
- fp = key_fingerprint(found->key,
+ fp = sshkey_fingerprint(found->key,
options.fingerprint_hash, SSH_FP_DEFAULT);
- ra = key_fingerprint(found->key,
+ ra = sshkey_fingerprint(found->key,
options.fingerprint_hash, SSH_FP_RANDOMART);
+ if (fp == NULL || ra == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
logit("WARNING: %s key found for host %s\n"
"in %s:%lu\n"
"%s key fingerprint %s.",
@@ -1423,8 +1429,10 @@ warn_changed_key(Key *host_key)
{
char *fp;
- fp = key_fingerprint(host_key, options.fingerprint_hash,
+ fp = sshkey_fingerprint(host_key, options.fingerprint_hash,
SSH_FP_DEFAULT);
+ if (fp == NULL)
+ fatal("%s: sshkey_fingerprint fail", __func__);
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
diff --git a/sshconnect2.c b/sshconnect2.c
index 8da4d70..48882e3 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.221 2015/01/20 20:16:21 markus Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.222 2015/01/28 22:36:00 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -591,7 +591,9 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
key->type, pktype);
goto done;
}
- fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT);
+ if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
+ SSH_FP_DEFAULT)) == NULL)
+ goto done;
debug2("input_userauth_pk_ok: fp %s", fp);
free(fp);
@@ -1009,7 +1011,9 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
int have_sig = 1;
char *fp;
- fp = key_fingerprint(id->key, options.fingerprint_hash, SSH_FP_DEFAULT);
+ if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash,
+ SSH_FP_DEFAULT)) == NULL)
+ return 0;
debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);
free(fp);
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list