1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00

cgtest: update OpenSSH fingerprinting mechanism.

We can only get fingerprints compatible with our own system by passing
the '-E md5' option to ssh-keygen. Also, we must strip the "MD5:"
prefix from the hash component of the returned fingerprint.

Since that hash appears in the middle of the string we were previously
extracting, I've reworked the whole cleanup_fp function to use the new
ptrlen_get_word, which makes it easy to extract two words from the
string and then strip a prefix off the second one.
This commit is contained in:
Simon Tatham 2019-03-24 14:06:17 +00:00
parent d159a6efac
commit 8c710dddc5

View File

@ -1214,19 +1214,21 @@ void filecmp(char *file1, char *file2, char *fmt, ...)
char *cleanup_fp(char *s)
{
char *p;
ptrlen pl = ptrlen_from_asciz(s);
static const char separators[] = " \n\t";
if (!strncmp(s, "ssh-", 4)) {
s += strcspn(s, " \n\t");
s += strspn(s, " \n\t");
}
/* Skip initial key type word if we find one */
if (ptrlen_startswith(pl, PTRLEN_LITERAL("ssh-"), NULL))
ptrlen_get_word(&pl, separators);
p = s;
s += strcspn(s, " \n\t");
s += strspn(s, " \n\t");
s += strcspn(s, " \n\t");
/* Expect two words giving the key length and the hash */
ptrlen bits = ptrlen_get_word(&pl, separators);
ptrlen hash = ptrlen_get_word(&pl, separators);
return dupprintf("%.*s", (int)(s - p), p);
/* Strip "MD5:" prefix if it's present, and do nothing if it isn't */
ptrlen_startswith(hash, PTRLEN_LITERAL("MD5:"), &hash);
return dupprintf("%.*s %.*s", PTRLEN_PRINTF(bits), PTRLEN_PRINTF(hash));
}
char *get_fp(char *filename)
@ -1316,7 +1318,7 @@ int main(int argc, char **argv)
{
char *cmdbuf;
fp = NULL;
cmdbuf = dupprintf("ssh-keygen -l -f '%s' > '%s'",
cmdbuf = dupprintf("ssh-keygen -E md5 -l -f '%s' > '%s'",
pubfilename, tmpfilename1);
if (system(cmdbuf) ||
(fp = get_fp(tmpfilename1)) == NULL) {