X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=rsa.c;h=efcb650fc216c3a2965b2bb45d0b85e3158478f3;hb=564022994befb8f71b89ae015751b22c34ae3ee8;hp=8fc976b9fdc4c964d600cd88bd0f7e7bc520b320;hpb=9fe002edfab58aac700bb3b5a8ada0f38e3ac5ea;p=secnet.git

diff --git a/rsa.c b/rsa.c
index 8fc976b..efcb650 100644
--- a/rsa.c
+++ b/rsa.c
@@ -53,6 +53,7 @@ struct load_ctx {
 		   const char *message, va_list args);
     bool_t (*postreadcheck)(struct load_ctx *l, FILE *f);
     const char *what;
+    dict_t *deprdict; /* used only to look up hash */
     struct cloc loc;
     union {
 	struct {
@@ -85,7 +86,7 @@ static void verror_cfgfatal(struct load_ctx *l, struct cloc loc,
 			    FILE *maybe_f,
 			    const char *message, va_list args)
 {
-    vcfgfatal_maybefile(maybe_f,l->loc,l->what,message,args);
+    vcfgfatal_maybefile(maybe_f,l->loc,l->what,message,args,"");
 }
 
 struct rsapriv {
@@ -127,23 +128,19 @@ struct rsapub {
 
 static const char *hexchars="0123456789abcdef";
 
-static void rsa_sethash(struct rsacommon *c, struct hash_if *hash,
+static void rsa_sethash(struct load_ctx *l,
+			struct rsacommon *c,
 			const struct hash_if **in_ops)
 {
-    free(c->hashbuf);
+    struct hash_if *hash=0;
+    if (l->deprdict)
+	hash=find_cl_if(l->deprdict,"hash",CL_HASH,False,"site",l->loc);
+    if (!hash)
+	hash=sha1_hash_if;
     c->hashbuf=safe_malloc(hash->hlen, "generate_msg");
     *in_ops=hash;
 }
-static void rsa_pub_sethash(void *sst, struct hash_if *hash)
-{
-    struct rsapub *st=sst;
-    rsa_sethash(&st->common, hash, &st->ops.hash);
-}
-static void rsa_priv_sethash(void *sst, struct hash_if *hash)
-{
-    struct rsapriv *st=sst;
-    rsa_sethash(&st->common, hash, &st->ops.hash);
-}
+
 static void rsacommon_dispose(struct rsacommon *c)
 {
     free(c->hashbuf);
@@ -344,7 +341,6 @@ static struct rsapub *rsa_loadpub_core(RSAPUB_BNS(RSAPUB_LOADCORE_DEFBN)
     st->cl.apply=NULL;
     st->cl.interface=&st->ops;
     st->ops.st=st;
-    st->ops.sethash=rsa_pub_sethash;
     st->common.hashbuf=NULL;
     st->ops.unpick=rsa_sig_unpick;
     st->ops.check=rsa_sig_check;
@@ -364,6 +360,8 @@ static struct rsapub *rsa_loadpub_core(RSAPUB_BNS(RSAPUB_LOADCORE_DEFBN)
 
     RSAPUB_BNS(RSAPUB_LOADCORE_GETBN)
 
+    rsa_sethash(l,&st->common,&st->ops.hash);
+
     return st;
 
  error_out:
@@ -378,6 +376,7 @@ static list_t *rsapub_apply(closure_t *self, struct cloc loc, dict_t *context,
     l->verror=verror_cfgfatal;
     l->postreadcheck=0;
     l->what="rsa-public";
+    l->deprdict=context;
     l->loc=loc;
 
 #define RSAPUB_APPLY_GETBN(ix,en,what)				\
@@ -413,6 +412,7 @@ bool_t rsa1_loadpub(const struct sigscheme_info *algo,
     l->verror=verror_tryload;
     l->postreadcheck=0;
     l->what="rsa1_loadpub";
+    l->deprdict=0;
     l->loc=loc;
     l->u.tryload.log=log;
 
@@ -504,7 +504,6 @@ static struct rsapriv *rsa_loadpriv_core(struct load_ctx *l,
     st->cl.apply=NULL;
     st->cl.interface=&st->ops;
     st->ops.st=st;
-    st->ops.sethash=rsa_priv_sethash;
     st->common.hashbuf=NULL;
     st->ops.sign=rsa_sign;
     st->ops.hash=0;
@@ -632,6 +631,8 @@ static struct rsapriv *rsa_loadpriv_core(struct load_ctx *l,
 	fatal_perror("rsa-private (%s:%d): ferror",loc.file,loc.line);
     }
 
+    rsa_sethash(l,&st->common,&st->ops.hash);
+
     /*
      * Now verify the validity of the key, and set up the auxiliary
      * values for fast CRT signing.
@@ -719,6 +720,7 @@ static bool_t postreadcheck_tryload(struct load_ctx *l, FILE *f)
 bool_t rsa1_loadpriv(const struct sigscheme_info *algo,
 		     struct buffer_if *privkeydata,
 		     struct sigprivkey_if **sigpriv_r,
+		     closure_t **closure_r,
 		     struct log_if *log, struct cloc loc)
 {
     FILE *f=0;
@@ -734,6 +736,7 @@ bool_t rsa1_loadpriv(const struct sigscheme_info *algo,
     l->what="rsa1priv load";
     l->verror=verror_tryload;
     l->postreadcheck=postreadcheck_tryload;
+    l->deprdict=0;
     l->loc=loc;
     l->u.tryload.log=log;
 
@@ -747,6 +750,7 @@ bool_t rsa1_loadpriv(const struct sigscheme_info *algo,
     if (f) fclose(f);
     if (!st) return False;
     *sigpriv_r=&st->ops;
+    *closure_r=&st->cl;
     return True;
 }
 
@@ -768,6 +772,7 @@ static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
     l->what="rsa-private";
     l->verror=verror_cfgfatal;
     l->postreadcheck=postreadcheck_apply;
+    l->deprdict=context;
     l->loc=loc;
 
     /* Argument is filename pointing to SSH1 private key file */
@@ -786,8 +791,10 @@ static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
     if (!f) {
 	if (just_check_config) {
 	    Message(M_WARNING,"rsa-private (%s:%d): cannot open keyfile "
-		    "\"%s\"; assuming it's valid while we check the "
-		    "rest of the configuration\n",loc.file,loc.line,filename);
+		    "\"%s\" (%s); assuming it's valid while we check the "
+		    "rest of the configuration\n",
+		    loc.file,loc.line,filename,strerror(errno));
+	    return list_new();
 	} else {
 	    fatal_perror("rsa-private (%s:%d): cannot open file \"%s\"",
 			 loc.file,loc.line,filename);