===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshconnect.c,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- src/usr.bin/ssh/sshconnect.c	2000/03/16 20:56:14	1.57
+++ src/usr.bin/ssh/sshconnect.c	2000/03/23 22:15:33	1.58
@@ -8,7 +8,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.57 2000/03/16 20:56:14 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.58 2000/03/23 22:15:33 markus Exp $");
 
 #include <ssl/bn.h>
 #include "xmalloc.h"
@@ -21,9 +21,12 @@
 #include "uidswap.h"
 #include "compat.h"
 #include "readconf.h"
-#include "fingerprint.h"
 
+#include <ssl/rsa.h>
+#include <ssl/dsa.h>
 #include <ssl/md5.h>
+#include "key.h"
+#include "hostfile.h"
 
 /* Session id for the current session. */
 unsigned char session_id[16];
@@ -1067,9 +1070,9 @@
  */
 
 void
-check_host_key(char *host, struct sockaddr *hostaddr, RSA *host_key)
+check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
 {
-	RSA *file_key;
+	Key *file_key;
 	char *ip = NULL;
 	char hostline[1000], *hostp;
 	HostStatus host_status;
@@ -1119,47 +1122,34 @@
 	 * Store the host key from the known host file in here so that we can
 	 * compare it with the key for the IP address.
 	 */
-	file_key = RSA_new();
-	file_key->n = BN_new();
-	file_key->e = BN_new();
+	file_key = key_new(host_key->type);
 
 	/*
 	 * Check if the host key is present in the user\'s list of known
 	 * hosts or in the systemwide list.
 	 */
-	host_status = check_host_in_hostfile(options.user_hostfile, host,
-					     host_key->e, host_key->n,
-					     file_key->e, file_key->n);
+	host_status = check_host_in_hostfile(options.user_hostfile, host, host_key, file_key);
 	if (host_status == HOST_NEW)
-		host_status = check_host_in_hostfile(options.system_hostfile, host,
-						host_key->e, host_key->n,
-					       file_key->e, file_key->n);
+		host_status = check_host_in_hostfile(options.system_hostfile, host, host_key, file_key);
 	/*
 	 * Also perform check for the ip address, skip the check if we are
 	 * localhost or the hostname was an ip address to begin with
 	 */
 	if (options.check_host_ip && !local && strcmp(host, ip)) {
-		RSA *ip_key = RSA_new();
-		ip_key->n = BN_new();
-		ip_key->e = BN_new();
-		ip_status = check_host_in_hostfile(options.user_hostfile, ip,
-						host_key->e, host_key->n,
-						   ip_key->e, ip_key->n);
+		Key *ip_key = key_new(host_key->type);
+		ip_status = check_host_in_hostfile(options.user_hostfile, ip, host_key, ip_key);
 
 		if (ip_status == HOST_NEW)
-			ip_status = check_host_in_hostfile(options.system_hostfile, ip,
-						host_key->e, host_key->n,
-						   ip_key->e, ip_key->n);
+			ip_status = check_host_in_hostfile(options.system_hostfile, ip, host_key, ip_key);
 		if (host_status == HOST_CHANGED &&
-		    (ip_status != HOST_CHANGED ||
-		     (BN_cmp(ip_key->e, file_key->e) || BN_cmp(ip_key->n, file_key->n))))
+		    (ip_status != HOST_CHANGED || !key_equal(ip_key, file_key)))
 			host_ip_differ = 1;
 
-		RSA_free(ip_key);
+		key_free(ip_key);
 	} else
 		ip_status = host_status;
 
-	RSA_free(file_key);
+	key_free(file_key);
 
 	switch (host_status) {
 	case HOST_OK:
@@ -1167,8 +1157,7 @@
 		debug("Host '%.200s' is known and matches the host key.", host);
 		if (options.check_host_ip) {
 			if (ip_status == HOST_NEW) {
-				if (!add_host_to_hostfile(options.user_hostfile, ip,
-					       host_key->e, host_key->n))
+				if (!add_host_to_hostfile(options.user_hostfile, ip, host_key))
 					log("Failed to add the host key for IP address '%.30s' to the list of known hosts (%.30s).",
 					    ip, options.user_hostfile);
 				else
@@ -1188,12 +1177,12 @@
 		} else if (options.strict_host_key_checking == 2) {
 			/* The default */
 			char prompt[1024];
-			char *fp = fingerprint(host_key->e, host_key->n);
+			char *fp = key_fingerprint(host_key);
 			snprintf(prompt, sizeof(prompt),
 			    "The authenticity of host '%.200s' can't be established.\n"
-			    "Key fingerprint is %d %s.\n"
+			    "Key fingerprint is %s.\n"
 			    "Are you sure you want to continue connecting (yes/no)? ",
-			    host, BN_num_bits(host_key->n), fp);
+			    host, fp);
 			if (!read_yes_or_no(prompt, -1))
 				fatal("Aborted by user!\n");
 		}
@@ -1204,8 +1193,7 @@
 			hostp = host;
 
 		/* If not in strict mode, add the key automatically to the local known_hosts file. */
-		if (!add_host_to_hostfile(options.user_hostfile, hostp,
-					  host_key->e, host_key->n))
+		if (!add_host_to_hostfile(options.user_hostfile, hostp, host_key))
 			log("Failed to add the host to the list of known hosts (%.500s).",
 			    options.user_hostfile);
 		else
@@ -1273,6 +1261,14 @@
 	if (options.check_host_ip)
 		xfree(ip);
 }
+void
+check_rsa_host_key(char *host, struct sockaddr *hostaddr, RSA *host_key)
+{
+	Key k;
+	k.type = KEY_RSA;
+	k.rsa = host_key;
+	check_host_key(host, hostaddr, &k);
+}
 
 /*
  * SSH1 key exchange
@@ -1348,7 +1344,7 @@
 			       8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
 			       SSH_SMSG_PUBLIC_KEY);
 
-	check_host_key(host, hostaddr, host_key);
+	check_rsa_host_key(host, hostaddr, host_key);
 
 	client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN;
 
@@ -1607,7 +1603,6 @@
 	fatal("Permission denied.");
 	/* NOTREACHED */
 }
-
 /*
  * Starts a dialog with the server, and authenticates the current user on the
  * server.  This does not need any extra privileges.  The basic connection
@@ -1638,6 +1633,7 @@
 	ssh_kex(host, hostaddr);
 	if (supported_authentications == 0)
 		fatal("supported_authentications == 0.");
+
 	/* authenticate user */
 	ssh_userauth(host_key_valid, own_host_key, original_real_uid, host);
 }