changelog: document changes since 0.6.0

[secnet.git] / rsa.c

diff --git a/rsa.c b/rsa.c
index 3f6c7f92f8ea57e4c999cb0ff09a9b4a59e2f49b..efcb650fc216c3a2965b2bb45d0b85e3158478f3 100644 (file)
--- a/rsa.c
+++ b/rsa.c
@@ -53,6 +53,7 @@ struct load_ctx {
                   const char *message, va_list args);
     bool_t (*postreadcheck)(struct load_ctx *l, FILE *f);
     const char *what;
+    dict_t *deprdict; /* used only to look up hash */
     struct cloc loc;
     union {
        struct {
@@ -127,23 +128,19 @@ struct rsapub {
 
 static const char *hexchars="0123456789abcdef";
 
-static void rsa_sethash(struct rsacommon *c, struct hash_if *hash,
+static void rsa_sethash(struct load_ctx *l,
+                       struct rsacommon *c,
                        const struct hash_if **in_ops)
 {
-    free(c->hashbuf);
+    struct hash_if *hash=0;
+    if (l->deprdict)
+       hash=find_cl_if(l->deprdict,"hash",CL_HASH,False,"site",l->loc);
+    if (!hash)
+       hash=sha1_hash_if;
     c->hashbuf=safe_malloc(hash->hlen, "generate_msg");
     *in_ops=hash;
 }
-static void rsa_pub_sethash(void *sst, struct hash_if *hash)
-{
-    struct rsapub *st=sst;
-    rsa_sethash(&st->common, hash, &st->ops.hash);
-}
-static void rsa_priv_sethash(void *sst, struct hash_if *hash)
-{
-    struct rsapriv *st=sst;
-    rsa_sethash(&st->common, hash, &st->ops.hash);
-}
+
 static void rsacommon_dispose(struct rsacommon *c)
 {
     free(c->hashbuf);
@@ -344,7 +341,6 @@ static struct rsapub *rsa_loadpub_core(RSAPUB_BNS(RSAPUB_LOADCORE_DEFBN)
     st->cl.apply=NULL;
     st->cl.interface=&st->ops;
     st->ops.st=st;
-    st->ops.sethash=rsa_pub_sethash;
     st->common.hashbuf=NULL;
     st->ops.unpick=rsa_sig_unpick;
     st->ops.check=rsa_sig_check;
@@ -364,6 +360,8 @@ static struct rsapub *rsa_loadpub_core(RSAPUB_BNS(RSAPUB_LOADCORE_DEFBN)
 
     RSAPUB_BNS(RSAPUB_LOADCORE_GETBN)
 
+    rsa_sethash(l,&st->common,&st->ops.hash);
+
     return st;
 
  error_out:
@@ -378,6 +376,7 @@ static list_t *rsapub_apply(closure_t *self, struct cloc loc, dict_t *context,
     l->verror=verror_cfgfatal;
     l->postreadcheck=0;
     l->what="rsa-public";
+    l->deprdict=context;
     l->loc=loc;
 
 #define RSAPUB_APPLY_GETBN(ix,en,what)                         \
@@ -413,6 +412,7 @@ bool_t rsa1_loadpub(const struct sigscheme_info *algo,
     l->verror=verror_tryload;
     l->postreadcheck=0;
     l->what="rsa1_loadpub";
+    l->deprdict=0;
     l->loc=loc;
     l->u.tryload.log=log;
 
@@ -504,7 +504,6 @@ static struct rsapriv *rsa_loadpriv_core(struct load_ctx *l,
     st->cl.apply=NULL;
     st->cl.interface=&st->ops;
     st->ops.st=st;
-    st->ops.sethash=rsa_priv_sethash;
     st->common.hashbuf=NULL;
     st->ops.sign=rsa_sign;
     st->ops.hash=0;
@@ -632,6 +631,8 @@ static struct rsapriv *rsa_loadpriv_core(struct load_ctx *l,
        fatal_perror("rsa-private (%s:%d): ferror",loc.file,loc.line);
     }
 
+    rsa_sethash(l,&st->common,&st->ops.hash);
+
     /*
      * Now verify the validity of the key, and set up the auxiliary
      * values for fast CRT signing.
@@ -735,6 +736,7 @@ bool_t rsa1_loadpriv(const struct sigscheme_info *algo,
     l->what="rsa1priv load";
     l->verror=verror_tryload;
     l->postreadcheck=postreadcheck_tryload;
+    l->deprdict=0;
     l->loc=loc;
     l->u.tryload.log=log;
 
@@ -770,6 +772,7 @@ static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
     l->what="rsa-private";
     l->verror=verror_cfgfatal;
     l->postreadcheck=postreadcheck_apply;
+    l->deprdict=context;
     l->loc=loc;
 
     /* Argument is filename pointing to SSH1 private key file */
@@ -788,8 +791,10 @@ static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
     if (!f) {
        if (just_check_config) {
            Message(M_WARNING,"rsa-private (%s:%d): cannot open keyfile "
-                   "\"%s\"; assuming it's valid while we check the "
-                   "rest of the configuration\n",loc.file,loc.line,filename);
+                   "\"%s\" (%s); assuming it's valid while we check the "
+                   "rest of the configuration\n",
+                   loc.file,loc.line,filename,strerror(errno));
+           return list_new();
        } else {
            fatal_perror("rsa-private (%s:%d): cannot open file \"%s\"",
                         loc.file,loc.line,filename);