version 1.281, 2015/11/19 01:08:55 |
version 1.292, 2016/09/12 03:29:16 |
|
|
*bitsp = sshkey_curve_nid_to_bits(nid); |
*bitsp = sshkey_curve_nid_to_bits(nid); |
if (*bitsp == 0) |
if (*bitsp == 0) |
*bitsp = DEFAULT_BITS_ECDSA; |
*bitsp = DEFAULT_BITS_ECDSA; |
} |
} else |
else |
|
#endif |
#endif |
*bitsp = DEFAULT_BITS; |
*bitsp = DEFAULT_BITS; |
} |
} |
|
|
sshbuf_free(b); |
sshbuf_free(b); |
|
|
/* try the key */ |
/* try the key */ |
if (sshkey_sign(key, &sig, &slen, data, sizeof(data), 0) != 0 || |
if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 || |
sshkey_verify(key, sig, slen, data, sizeof(data), 0) != 0) { |
sshkey_verify(key, sig, slen, data, sizeof(data), 0) != 0) { |
sshkey_free(key); |
sshkey_free(key); |
free(sig); |
free(sig); |
|
|
{ |
{ |
FILE *f; |
FILE *f; |
struct sshkey *public = NULL; |
struct sshkey *public = NULL; |
char *comment = NULL, *cp, *ep, line[16*1024]; |
char *comment = NULL, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; |
int i, invalid = 1; |
int i, invalid = 1; |
const char *path; |
const char *path; |
long int lnum = 0; |
u_long lnum = 0; |
|
|
if (!have_identity) |
if (!have_identity) |
ask_filename(pw, "Enter file in which the key is"); |
ask_filename(pw, "Enter file in which the key is"); |
|
|
} |
} |
/* Retry after parsing leading hostname/key options */ |
/* Retry after parsing leading hostname/key options */ |
if (public == NULL && (public = try_read_key(&cp)) == NULL) { |
if (public == NULL && (public = try_read_key(&cp)) == NULL) { |
debug("%s:%ld: not a public key", path, lnum); |
debug("%s:%lu: not a public key", path, lnum); |
continue; |
continue; |
} |
} |
|
|
|
|
foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0; |
foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0; |
if ((r = hostkeys_foreach(identity_file, |
if ((r = hostkeys_foreach(identity_file, |
hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx, |
hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx, |
name, NULL, foreach_options)) != 0) |
name, NULL, foreach_options)) != 0) { |
|
if (inplace) |
|
unlink(tmp); |
fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); |
fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); |
|
} |
|
|
if (inplace) |
if (inplace) |
fclose(ctx.out); |
fclose(ctx.out); |
|
|
identity_file, ssh_err(r)); |
identity_file, ssh_err(r)); |
} |
} |
} |
} |
/* XXX what about new-format keys? */ |
|
if (private->type != KEY_RSA1) { |
if (private->type != KEY_RSA1 && private->type != KEY_ED25519 && |
error("Comments are only supported for RSA1 keys."); |
!use_new_format) { |
|
error("Comments are only supported for RSA1 or keys stored in " |
|
"the new format (-o)."); |
explicit_bzero(passphrase, strlen(passphrase)); |
explicit_bzero(passphrase, strlen(passphrase)); |
sshkey_free(private); |
sshkey_free(private); |
exit(1); |
exit(1); |
|
|
ca = load_identity(tmp); |
ca = load_identity(tmp); |
free(tmp); |
free(tmp); |
|
|
|
if (key_type_name != NULL && |
|
sshkey_type_from_name(key_type_name) != ca->type) { |
|
fatal("CA key type %s doesn't match specified %s", |
|
sshkey_ssh_name(ca), key_type_name); |
|
} |
|
|
for (i = 0; i < argc; i++) { |
for (i = 0; i < argc; i++) { |
/* Split list of principals */ |
/* Split list of principals */ |
n = 0; |
n = 0; |
|
|
&public->cert->signature_key)) != 0) |
&public->cert->signature_key)) != 0) |
fatal("key_from_private (ca key): %s", ssh_err(r)); |
fatal("key_from_private (ca key): %s", ssh_err(r)); |
|
|
if (sshkey_certify(public, ca) != 0) |
if ((r = sshkey_certify(public, ca, key_type_name)) != 0) |
fatal("Couldn't not certify key %s", tmp); |
fatal("Couldn't certify key %s: %s", tmp, ssh_err(r)); |
|
|
if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0) |
if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0) |
*cp = '\0'; |
*cp = '\0'; |
|
|
fclose(f); |
fclose(f); |
|
|
if (!quiet) { |
if (!quiet) { |
sshkey_format_cert_validity(public->cert, |
sshkey_format_cert_validity(public->cert, |
valid, sizeof(valid)); |
valid, sizeof(valid)); |
logit("Signed %s key %s: id \"%s\" serial %llu%s%s " |
logit("Signed %s key %s: id \"%s\" serial %llu%s%s " |
"valid %s", sshkey_cert_type(public), |
"valid %s", sshkey_cert_type(public), |
out, public->cert->key_id, |
out, public->cert->key_id, |
(unsigned long long)public->cert->serial, |
(unsigned long long)public->cert->serial, |
cert_principals != NULL ? " for " : "", |
cert_principals != NULL ? " for " : "", |
|
|
char buf[32], *fmt; |
char buf[32], *fmt; |
|
|
/* |
/* |
* POSIX strptime says "The application shall ensure that there |
* POSIX strptime says "The application shall ensure that there |
* is white-space or other non-alphanumeric characters between |
* is white-space or other non-alphanumeric characters between |
* any two conversion specifications" so arrange things this way. |
* any two conversion specifications" so arrange things this way. |
*/ |
*/ |
|
|
struct stat st; |
struct stat st; |
int r, is_stdin = 0, ok = 0; |
int r, is_stdin = 0, ok = 0; |
FILE *f; |
FILE *f; |
char *cp, line[2048]; |
char *cp, line[SSH_MAX_PUBKEY_BYTES]; |
const char *path; |
const char *path; |
long int lnum = 0; |
u_long lnum = 0; |
|
|
if (!have_identity) |
if (!have_identity) |
ask_filename(pw, "Enter file in which the key is"); |
ask_filename(pw, "Enter file in which the key is"); |
|
|
close(fd); |
close(fd); |
sshbuf_free(kbuf); |
sshbuf_free(kbuf); |
ssh_krl_free(krl); |
ssh_krl_free(krl); |
if (ca != NULL) |
sshkey_free(ca); |
sshkey_free(ca); |
|
} |
} |
|
|
static void |
static void |
|
|
extern int optind; |
extern int optind; |
extern char *optarg; |
extern char *optarg; |
|
|
|
ssh_malloc_init(); /* must be called before any mallocs */ |
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
sanitise_stdfd(); |
sanitise_stdfd(); |
|
|
|
|
break; |
break; |
case 'J': |
case 'J': |
lines_to_process = strtoul(optarg, NULL, 10); |
lines_to_process = strtoul(optarg, NULL, 10); |
break; |
break; |
case 'j': |
case 'j': |
start_lineno = strtoul(optarg, NULL, 10); |
start_lineno = strtoul(optarg, NULL, 10); |
break; |
break; |
case 'K': |
case 'K': |
if (strlen(optarg) >= PATH_MAX) |
if (strlen(optarg) >= PATH_MAX) |
fatal("Checkpoint filename too long"); |
fatal("Checkpoint filename too long"); |