17,6 → 17,36 |
|
liblsh_a_LIBADD = @LIBOBJS@ |
|
--- a/src/Makefile.in |
+++ b/src/Makefile.in |
@@ -94,7 +94,8 @@ am_liblsh_a_OBJECTS = abstract_io.$(OBJE |
tty.$(OBJEXT) unix_interact.$(OBJEXT) unix_process.$(OBJEXT) \ |
unix_random.$(OBJEXT) unix_user.$(OBJEXT) userauth.$(OBJEXT) \ |
werror.$(OBJEXT) write_buffer.$(OBJEXT) write_packet.$(OBJEXT) \ |
- xalloc.$(OBJEXT) xauth.$(OBJEXT) zlib.$(OBJEXT) |
+ xalloc.$(OBJEXT) xauth.$(OBJEXT) zlib.$(OBJEXT) \ |
+ blacklist.$(OBJEXT) |
liblsh_a_OBJECTS = $(am_liblsh_a_OBJECTS) |
am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" \ |
"$(DESTDIR)$(bindir)" |
@@ -554,7 +555,8 @@ liblsh_a_SOURCES = abstract_io.c abstrac |
unix_interact.c unix_process.c unix_random.c unix_user.c \ |
userauth.c \ |
werror.c write_buffer.c write_packet.c \ |
- xalloc.c xauth.c zlib.c |
+ xalloc.c xauth.c zlib.c \ |
+ blacklist.c |
|
liblsh_a_LIBADD = @LIBOBJS@ |
|
@@ -793,6 +795,7 @@ distclean-compile: |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/algorithms.Po@am__quote@ |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alist.Po@am__quote@ |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/atoms.Po@am__quote@ |
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/blacklist.Po@am__quote@ |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/channel.Po@am__quote@ |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/channel_commands.Po@am__quote@ |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/channel_forward.Po@am__quote@ |
--- a/src/abstract_crypto.h |
+++ b/src/abstract_crypto.h |
@@ -162,7 +162,9 @@ MAC_DIGEST((instance), lsh_string_alloc( |
51,7 → 81,7 |
#endif /* !GABA_DEFINE */ |
--- /dev/null |
+++ b/src/blacklist.c |
@@ -0,0 +1,150 @@ |
@@ -0,0 +1,152 @@ |
+#if HAVE_CONFIG_H |
+#include "config.h" |
+#endif |
199,6 → 229,8 |
+ if (ret > 0) { |
+ werror("Key is compromised: %z %i %fS\n", keytype, keysize, |
+ lsh_string_colonize(lsh_hash, 2, 0)); |
+ } else if (ret < 0) { |
+ verbose("No blacklist for key type %z size %i", keytype, keysize); |
+ } |
+ return ret; |
+} |
233,7 → 265,7 |
werror("Invalid dsa key.\n"); |
return NULL; |
} |
+ else if (blacklisted_key(v, type)) |
+ else if (blacklisted_key(v, type) > 0) |
+ { |
+ return NULL; |
+ } |
244,7 → 276,7 |
werror("Invalid rsa key.\n"); |
return NULL; |
} |
+ else if (blacklisted_key(v, type)) |
+ else if (blacklisted_key(v, type) > 0) |
+ { |
+ return NULL; |
+ } |
267,7 → 299,7 |
|
v = SIGNER_GET_VERIFIER(s); |
assert(v); |
+ if (blacklisted_key(v, algorithm_name)) { |
+ if (blacklisted_key(v, algorithm_name) > 0) { |
+ return NULL; |
+ } |
|