[Pkg-gnupg-commit] [gnupg2] 12/185: common: Support different digest algorithms for ssh fingerprints.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Aug 7 11:55:15 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit 3ac1a9d3a018816233a855faff059b4e0657a0f1
Author: Justus Winter <justus at g10code.com>
Date: Fri Dec 4 15:19:07 2015 +0100
common: Support different digest algorithms for ssh fingerprints.
* common/ssh-utils.c (get_fingerprint): Add and honor 'algo' parameter.
(ssh_get_fingerprint{,_string}): Likewise.
* common/ssh-utils.h (ssh_get_fingerprint{,_string}): Update prototypes.
* common/t-ssh-utils.c (main): Adapt accordingly.
* agent/command-ssh.c (agent_raw_key_from_file): Likewise.
(ssh_identity_register): Likewise.
* agent/command.c (do_one_keyinfo): Likewise.
* agent/findkey.c (modify_description): Likewise.
--
This lays the foundation to support other algorithms.
GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus at g10code.com>
---
agent/command-ssh.c | 4 ++--
agent/command.c | 2 +-
agent/findkey.c | 2 +-
common/ssh-utils.c | 59 +++++++++++++++++++++++++++-------------------------
common/ssh-utils.h | 6 ++++--
common/t-ssh-utils.c | 4 ++--
6 files changed, 41 insertions(+), 36 deletions(-)
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 99c80c0..3dd3dd7 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -2760,7 +2760,7 @@ data_sign (ctrl_t ctrl, ssh_key_type_spec_t *spec,
err = agent_raw_key_from_file (ctrl, ctrl->keygrip, &key);
if (err)
goto out;
- err = ssh_get_fingerprint_string (key, &fpr);
+ err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &fpr);
if (!err)
{
gcry_sexp_t tmpsxp = gcry_sexp_find_token (key, "comment", 0);
@@ -3038,7 +3038,7 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
bin2hex (key_grip_raw, 20, key_grip);
- err = ssh_get_fingerprint_string (key, &key_fpr);
+ err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &key_fpr);
if (err)
goto out;
diff --git a/agent/command.c b/agent/command.c
index df788ef..d370821 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -1201,7 +1201,7 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
if (!agent_raw_key_from_file (ctrl, grip, &key))
{
- ssh_get_fingerprint_string (key, &fpr);
+ ssh_get_fingerprint_string (key, GCRY_MD_MD5, &fpr);
gcry_sexp_release (key);
}
}
diff --git a/agent/findkey.c b/agent/findkey.c
index b24d8f1..1f547b0 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -412,7 +412,7 @@ agent_modify_description (const char *in, const char *comment,
case 'F': /* SSH style fingerprint. */
if (!ssh_fpr && key)
- ssh_get_fingerprint_string (key, &ssh_fpr);
+ ssh_get_fingerprint_string (key, GCRY_MD_MD5, &ssh_fpr);
if (ssh_fpr)
{
if (out)
diff --git a/common/ssh-utils.c b/common/ssh-utils.c
index 60aa07b..3925602 100644
--- a/common/ssh-utils.c
+++ b/common/ssh-utils.c
@@ -65,12 +65,13 @@ is_eddsa (gcry_sexp_t keyparms)
}
-/* Return the Secure Shell type fingerprint for KEY. The length of
- the fingerprint is returned at R_LEN and the fingerprint itself at
- R_FPR. In case of a error code is returned and NULL stored at
- R_FPR. */
+/* Return the Secure Shell type fingerprint for KEY using digest ALGO.
+ The length of the fingerprint is returned at R_LEN and the
+ fingerprint itself at R_FPR. In case of a error code is returned
+ and NULL stored at R_FPR. */
static gpg_error_t
-get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, int as_string)
+get_fingerprint (gcry_sexp_t key, int algo,
+ void **r_fpr, size_t *r_len, int as_string)
{
gpg_error_t err;
gcry_sexp_t list = NULL;
@@ -111,7 +112,7 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, int as_string)
goto leave;
}
- err = gcry_md_open (&md, GCRY_MD_MD5, 0);
+ err = gcry_md_open (&md, algo, 0);
if (err)
goto leave;
@@ -229,23 +230,23 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, int as_string)
}
}
- *r_fpr = gcry_malloc (as_string? 61:20);
- if (!*r_fpr)
- {
- err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
- goto leave;
- }
-
if (as_string)
{
- bin2hexcolon (gcry_md_read (md, GCRY_MD_MD5), 16, *r_fpr);
- *r_len = 3*16+1;
+ *r_fpr = (algo == GCRY_MD_MD5 ? bin2hexcolon : /* XXX we need base64 */ bin2hex)
+ (gcry_md_read (md, algo), gcry_md_get_algo_dlen (algo), NULL);
+ *r_len = strlen (*r_fpr) + 1;
strlwr (*r_fpr);
}
else
{
- memcpy (*r_fpr, gcry_md_read (md, GCRY_MD_MD5), 16);
- *r_len = 16;
+ *r_len = gcry_md_get_algo_dlen (algo);
+ *r_fpr = xtrymalloc (*r_len);
+ if (!*r_fpr)
+ {
+ err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+ goto leave;
+ }
+ memcpy (*r_fpr, gcry_md_read (md, algo), *r_len);
}
err = 0;
@@ -257,28 +258,30 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, int as_string)
return err;
}
-/* Return the Secure Shell type fingerprint for KEY. The length of
- the fingerprint is returned at R_LEN and the fingerprint itself at
- R_FPR. In case of an error an error code is returned and NULL
- stored at R_FPR. */
+/* Return the Secure Shell type fingerprint for KEY using digest ALGO.
+ The length of the fingerprint is returned at R_LEN and the
+ fingerprint itself at R_FPR. In case of an error an error code is
+ returned and NULL stored at R_FPR. */
gpg_error_t
-ssh_get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len)
+ssh_get_fingerprint (gcry_sexp_t key, int algo,
+ void **r_fpr, size_t *r_len)
{
- return get_fingerprint (key, r_fpr, r_len, 0);
+ return get_fingerprint (key, algo, r_fpr, r_len, 0);
}
-/* Return the Secure Shell type fingerprint for KEY as a string. The
- fingerprint is mallcoed and stored at R_FPRSTR. In case of an
- error an error code is returned and NULL stored at R_FPRSTR. */
+/* Return the Secure Shell type fingerprint for KEY using digest ALGO
+ as a string. The fingerprint is mallcoed and stored at R_FPRSTR.
+ In case of an error an error code is returned and NULL stored at
+ R_FPRSTR. */
gpg_error_t
-ssh_get_fingerprint_string (gcry_sexp_t key, char **r_fprstr)
+ssh_get_fingerprint_string (gcry_sexp_t key, int algo, char **r_fprstr)
{
gpg_error_t err;
size_t dummy;
void *string;
- err = get_fingerprint (key, &string, &dummy, 1);
+ err = get_fingerprint (key, algo, &string, &dummy, 1);
*r_fprstr = string;
return err;
}
diff --git a/common/ssh-utils.h b/common/ssh-utils.h
index 36d38a3..53d9f55 100644
--- a/common/ssh-utils.h
+++ b/common/ssh-utils.h
@@ -31,9 +31,11 @@
#define GNUPG_COMMON_SSH_UTILS_H
-gpg_error_t ssh_get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len);
+gpg_error_t ssh_get_fingerprint (gcry_sexp_t key, int algo,
+ void **r_fpr, size_t *r_len);
-gpg_error_t ssh_get_fingerprint_string (gcry_sexp_t key, char **r_fprstr);
+gpg_error_t ssh_get_fingerprint_string (gcry_sexp_t key, int algo,
+ char **r_fprstr);
#endif /*GNUPG_COMMON_SSH_UTILS_H*/
diff --git a/common/t-ssh-utils.c b/common/t-ssh-utils.c
index f63ea95..a4e948f 100644
--- a/common/t-ssh-utils.c
+++ b/common/t-ssh-utils.c
@@ -262,7 +262,7 @@ main (int argc, char **argv)
if (argc == 2)
{
key = read_key (argv[1]);
- err = ssh_get_fingerprint_string (key, &string);
+ err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &string);
if (err)
{
fprintf (stderr, "%s:%d: error getting fingerprint: %s\n",
@@ -287,7 +287,7 @@ main (int argc, char **argv)
exit (1);
}
- err = ssh_get_fingerprint_string (key, &string);
+ err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &string);
gcry_sexp_release (key);
if (err)
{
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list