Improve known_hosts checking.

author: Matt Johnston <matt@ucc.asn.au> 2007-02-22 15:29:32 +0000
committer: Matt Johnston <matt@ucc.asn.au> 2007-02-22 15:29:32 +0000
commit: 5c65b0e57494d09ce05a625479885b20b7f91ee0 (patch)
tree: 1b0afcec80903245b25773f5e000fd6e72e393d9 /signkey.c
parent: 02b8e1410a4b458b45f3ab4a0dd8cd42ed340d04 (diff)
download: dropbear-5c65b0e57494d09ce05a625479885b20b7f91ee0.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/signkey.c b/signkey.c
index b8afb58..c1ef5e2 100644
--- a/signkey.c
+++ b/signkey.c
@@ -432,9 +432,11 @@ int buf_verify(buffer * buf, sign_key *key, const unsigned char *data,
 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE when given a buffer containing
  * a key, a key, and a type. The buffer is positioned at the start of the
  * base64 data, and contains no trailing data */
+/* If fingerprint is non-NULL, it will be set to a malloc()ed fingerprint
+   of the key if it is successfully decoded */
 int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen, 
 					const unsigned char* algoname, unsigned int algolen, 
-					buffer * line) {
+					buffer * line, char ** fingerprint) {
 
 	buffer * decodekey = NULL;
 	int ret = DROPBEAR_FAILURE;
@@ -456,6 +458,11 @@ int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen,
 	TRACE(("checkpubkey: base64_decode success"))
 	buf_incrlen(decodekey, decodekeylen);
 	
+	if (fingerprint) {
+		*fingerprint = sign_key_fingerprint(buf_getptr(decodekey, decodekeylen),
+											decodekeylen);
+	}
+	
 	/* compare the keys */
 	if ( ( decodekeylen != keybloblen )
 			|| memcmp( buf_getptr(decodekey, decodekey->len),
author	Matt Johnston <matt@ucc.asn.au>	2007-02-22 15:29:32 +0000
committer	Matt Johnston <matt@ucc.asn.au>	2007-02-22 15:29:32 +0000
commit	5c65b0e57494d09ce05a625479885b20b7f91ee0 (patch)
tree	1b0afcec80903245b25773f5e000fd6e72e393d9 /signkey.c
parent	02b8e1410a4b458b45f3ab4a0dd8cd42ed340d04 (diff)
download	dropbear-5c65b0e57494d09ce05a625479885b20b7f91ee0.tar.gz