src/usr.bin/ssh/ssh-keygen.c - diff

Return to ssh-keygen.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/ssh-keygen.c between version 1.280 and 1.290

version 1.280, 2015/11/18 08:37:28

version 1.290, 2016/05/02 09:36:42

Line 514

sshbuf_free(b);

/* try the key */

if (sshkey_sign(key, &sig, &slen, data, sizeof(data), 0) != 0 ||

if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 ||

sshkey_verify(key, sig, slen, data, sizeof(data), 0) != 0) {

sshkey_free(key);

free(sig);

Line 867

{

FILE *f;

struct sshkey *public = NULL;

char *comment = NULL, *cp, *ep, line[16*1024];

char *comment = NULL, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES];

int i, invalid = 1;

const char *path;

long int lnum = 0;

u_long lnum = 0;

if (!have_identity)

ask_filename(pw, "Enter file in which the key is");

Line 933

}

/* Retry after parsing leading hostname/key options */

if (public == NULL && (public = try_read_key(&cp)) == NULL) {

debug("%s:%ld: not a public key", path, lnum);

debug("%s:%lu: not a public key", path, lnum);

continue;

}

Line 1216

foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0;

if ((r = hostkeys_foreach(identity_file,

hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx,

name, NULL, foreach_options)) != 0)

name, NULL, foreach_options)) != 0) {

if (inplace)

unlink(tmp);

fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));

}

if (inplace)

fclose(ctx.out);

Line 1414

Line 1417

identity_file, ssh_err(r));

}

/* XXX what about new-format keys? */

if (private->type != KEY_RSA1) {

if (private->type != KEY_RSA1 && private->type != KEY_ED25519 &&

error("Comments are only supported for RSA1 keys.");

!use_new_format) {

error("Comments are only supported for RSA1 or keys stored in "

"the new format (-o).");

explicit_bzero(passphrase, strlen(passphrase));

sshkey_free(private);

exit(1);

Line 1472

Line 1477

exit(0);

}

static const char *

fmt_validity(u_int64_t valid_from, u_int64_t valid_to)

{

char from[32], to[32];

static char ret[64];

time_t tt;

struct tm *tm;

*from = *to = '\0';

if (valid_from == 0 && valid_to == 0xffffffffffffffffULL)

return "forever";

if (valid_from != 0) {

/* XXX revisit INT_MAX in 2038 :) */

tt = valid_from > INT_MAX ? INT_MAX : valid_from;

tm = localtime(&tt);

strftime(from, sizeof(from), "%Y-%m-%dT%H:%M:%S", tm);

}

if (valid_to != 0xffffffffffffffffULL) {

/* XXX revisit INT_MAX in 2038 :) */

tt = valid_to > INT_MAX ? INT_MAX : valid_to;

tm = localtime(&tt);

strftime(to, sizeof(to), "%Y-%m-%dT%H:%M:%S", tm);

}

if (valid_from == 0) {

snprintf(ret, sizeof(ret), "before %s", to);

return ret;

}

if (valid_to == 0xffffffffffffffffULL) {

snprintf(ret, sizeof(ret), "after %s", from);

return ret;

}

snprintf(ret, sizeof(ret), "from %s to %s", from, to);

return ret;

}

static void

add_flag_option(struct sshbuf *c, const char *name)

{

Line 1603

Line 1570

int r, i, fd;

u_int n;

struct sshkey *ca, *public;

char *otmp, *tmp, *cp, *out, *comment, **plist = NULL;

char valid[64], *otmp, *tmp, *cp, *out, *comment, **plist = NULL;

FILE *f;

#ifdef ENABLE_PKCS11

Line 1617

Line 1584

ca = load_identity(tmp);

free(tmp);

if (key_type_name != NULL &&

sshkey_type_from_name(key_type_name) != ca->type) {

fatal("CA key type %s doesn't match specified %s",

sshkey_ssh_name(ca), key_type_name);

}

for (i = 0; i < argc; i++) {

/* Split list of principals */

n = 0;

Line 1658

Line 1631

&public->cert->signature_key)) != 0)

fatal("key_from_private (ca key): %s", ssh_err(r));

if (sshkey_certify(public, ca) != 0)

if ((r = sshkey_certify(public, ca, key_type_name)) != 0)

fatal("Couldn't not certify key %s", tmp);

fatal("Couldn't certify key %s: %s", tmp, ssh_err(r));

if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0)

*cp = '\0';

Line 1678

Line 1651

fclose(f);

if (!quiet) {

sshkey_format_cert_validity(public->cert,

valid, sizeof(valid));

logit("Signed %s key %s: id \"%s\" serial %llu%s%s "

"valid %s", sshkey_cert_type(public),

out, public->cert->key_id,

(unsigned long long)public->cert->serial,

cert_principals != NULL ? " for " : "",

cert_principals != NULL ? cert_principals : "",

fmt_validity(cert_valid_from, cert_valid_to));

valid);

}

sshkey_free(public);

Line 1718

Line 1693

char buf[32], *fmt;

* POSIX strptime says "The application shall ensure that there

* is white-space or other non-alphanumeric characters between

* any two conversion specifications" so arrange things this way.

Line 1884

Line 1859

static void

print_cert(struct sshkey *key)

{

char *key_fp, *ca_fp;

char valid[64], *key_fp, *ca_fp;

u_int i;

key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT);

Line 1892

Line 1867

fingerprint_hash, SSH_FP_DEFAULT);

if (key_fp == NULL || ca_fp == NULL)

fatal("%s: sshkey_fingerprint fail", __func__);

sshkey_format_cert_validity(key->cert, valid, sizeof(valid));

printf(" Type: %s %s certificate\n", sshkey_ssh_name(key),

sshkey_cert_type(key));

Line 1900

Line 1876

sshkey_type(key->cert->signature_key), ca_fp);

printf(" Key ID: \"%s\"\n", key->cert->key_id);

printf(" Serial: %llu\n", (unsigned long long)key->cert->serial);

printf(" Valid: %s\n",

printf(" Valid: %s\n", valid);

fmt_validity(key->cert->valid_after, key->cert->valid_before));

printf(" Principals: ");

if (key->cert->nprincipals == 0)

printf("(none)\n");

Line 1934

Line 1909

struct stat st;

int r, is_stdin = 0, ok = 0;

FILE *f;

char *cp, line[2048];

char *cp, line[SSH_MAX_PUBKEY_BYTES];

const char *path;

long int lnum = 0;

u_long lnum = 0;

if (!have_identity)

ask_filename(pw, "Enter file in which the key is");

Line 2183

Line 2158

close(fd);

sshbuf_free(kbuf);

ssh_krl_free(krl);

if (ca != NULL)

sshkey_free(ca);

}

static void

Line 2280

Line 2254

extern int optind;

extern char *optarg;

ssh_malloc_init(); /* must be called before any mallocs */

/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */

sanitise_stdfd();