diff options
author | Matt Johnston <matt@ucc.asn.au> | 2007-02-22 15:29:32 +0000 |
---|---|---|
committer | Matt Johnston <matt@ucc.asn.au> | 2007-02-22 15:29:32 +0000 |
commit | 5c65b0e57494d09ce05a625479885b20b7f91ee0 (patch) | |
tree | 1b0afcec80903245b25773f5e000fd6e72e393d9 /signkey.c | |
parent | 02b8e1410a4b458b45f3ab4a0dd8cd42ed340d04 (diff) | |
download | dropbear-5c65b0e57494d09ce05a625479885b20b7f91ee0.tar.gz |
Improve known_hosts checking.
Diffstat (limited to 'signkey.c')
-rw-r--r-- | signkey.c | 9 |
1 files changed, 8 insertions, 1 deletions
@@ -432,9 +432,11 @@ int buf_verify(buffer * buf, sign_key *key, const unsigned char *data, /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE when given a buffer containing * a key, a key, and a type. The buffer is positioned at the start of the * base64 data, and contains no trailing data */ +/* If fingerprint is non-NULL, it will be set to a malloc()ed fingerprint + of the key if it is successfully decoded */ int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen, const unsigned char* algoname, unsigned int algolen, - buffer * line) { + buffer * line, char ** fingerprint) { buffer * decodekey = NULL; int ret = DROPBEAR_FAILURE; @@ -456,6 +458,11 @@ int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen, TRACE(("checkpubkey: base64_decode success")) buf_incrlen(decodekey, decodekeylen); + if (fingerprint) { + *fingerprint = sign_key_fingerprint(buf_getptr(decodekey, decodekeylen), + decodekeylen); + } + /* compare the keys */ if ( ( decodekeylen != keybloblen ) || memcmp( buf_getptr(decodekey, decodekey->len), |