src/usr.bin/ssh/ssh-keygen.c - diff

Return to ssh-keygen.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/ssh-keygen.c between version 1.308 and 1.316

version 1.308, 2017/11/03 05:14:04

version 1.316, 2018/06/01 04:21:29

Line 267

case KEY_ED25519_CERT:

name = _PATH_SSH_CLIENT_ID_ED25519;

break;

case KEY_XMSS:

case KEY_XMSS_CERT:

name = _PATH_SSH_CLIENT_ID_XMSS;

break;

default:

fatal("bad key type");

}

Line 367

Line 371

if (!PEM_write_RSAPublicKey(stdout, k->rsa))

fatal("PEM_write_RSAPublicKey failed");

break;

#if notyet /* OpenSSH 0.9.8 lacks this function */

case KEY_DSA:

if (!PEM_write_DSAPublicKey(stdout, k->dsa))

fatal("PEM_write_DSAPublicKey failed");

break;

#endif

/* XXX ECDSA? */

default:

fatal("%s: unsupported key type %s", __func__, sshkey_type(k));

}

Line 529

Line 526

/* try the key */

if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 ||

sshkey_verify(key, sig, slen, data, sizeof(data), 0) != 0) {

sshkey_verify(key, sig, slen, data, sizeof(data), NULL, 0) != 0) {

sshkey_free(key);

free(sig);

return NULL;

Line 659

Line 656

{

FILE *fp;

RSA *rsa;

#ifdef notyet

DSA *dsa;

#endif

if ((fp = fopen(identity_file, "r")) == NULL)

fatal("%s: %s: %s", __progname, identity_file, strerror(errno));

Line 673

Line 667

fclose(fp);

return;

}

#if notyet /* OpenSSH 0.9.8 lacks this function */

rewind(fp);

if ((dsa = PEM_read_DSAPublicKey(fp, NULL, NULL, NULL)) != NULL) {

if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)

fatal("sshkey_new failed");

(*k)->type = KEY_DSA;

(*k)->dsa = dsa;

fclose(fp);

return;

}

/* XXX ECDSA */

#endif

fatal("%s: unrecognised raw private key format", __func__);

}

Line 975

Line 957

{ "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },

#endif /* WITH_OPENSSL */

{ "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },

#ifdef WITH_XMSS

{ "xmss", "XMSS",_PATH_HOST_XMSS_KEY_FILE },

#endif /* WITH_XMSS */

{ NULL, NULL, NULL }

};

Line 1253

Line 1238

}

inplace = 1;

}

/* XXX support identity_file == "-" for stdin */

foreach_options = find_host ? HKF_WANT_MATCH : 0;

foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0;

if ((r = hostkeys_foreach(identity_file,

if ((r = hostkeys_foreach(identity_file, (find_host || !hash_hosts) ?

hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx,

known_hosts_find_delete : known_hosts_hash, &ctx, name, NULL,

name, NULL, foreach_options)) != 0) {

foreach_options)) != 0) {

if (inplace)

unlink(tmp);

fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));

Line 1461

Line 1445

}

if (private->type != KEY_ED25519 && !use_new_format) {

if (private->type != KEY_ED25519 && private->type != KEY_XMSS &&

!use_new_format) {

error("Comments are only supported for keys stored in "

"the new format (-o).");

explicit_bzero(passphrase, strlen(passphrase));

Line 1703

Line 1688

}

free(otmp);

}

if (n > SSHKEY_CERT_MAX_PRINCIPALS)

fatal("Too many certificate principals specified");

tmp = tilde_expand_filename(argv[i], pw->pw_uid);

if ((r = sshkey_load_public(tmp, &public, &comment)) != 0)

fatal("%s: unable to open \"%s\": %s",

__func__, tmp, ssh_err(r));

if (public->type != KEY_RSA && public->type != KEY_DSA &&

public->type != KEY_ECDSA && public->type != KEY_ED25519)

public->type != KEY_ECDSA && public->type != KEY_ED25519 &&

public->type != KEY_XMSS)

fatal("%s: key \"%s\" type %s cannot be certified",

__func__, tmp, sshkey_type(public));

Line 1793

Line 1781

return now + (u_int64_t)(secs * mul);

}

static u_int64_t

parse_absolute_time(const char *s)

{

struct tm tm;

time_t tt;

char buf[32], *fmt;

* POSIX strptime says "The application shall ensure that there

* is white-space or other non-alphanumeric characters between

* any two conversion specifications" so arrange things this way.

switch (strlen(s)) {

case 8:

fmt = "%Y-%m-%d";

snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2s", s, s + 4, s + 6);

break;

case 14:

fmt = "%Y-%m-%dT%H:%M:%S";

snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2sT%.2s:%.2s:%.2s",

s, s + 4, s + 6, s + 8, s + 10, s + 12);

break;

default:

fatal("Invalid certificate time format \"%s\"", s);

}

memset(&tm, 0, sizeof(tm));

if (strptime(buf, fmt, &tm) == NULL)

fatal("Invalid certificate time %s", s);

if ((tt = mktime(&tm)) < 0)

fatal("Certificate time %s cannot be represented", s);

return (u_int64_t)tt;

}

static void

parse_cert_times(char *timespec)

{

Line 1862

Line 1816

cert_valid_from = parse_relative_time(from, now);

else if (strcmp(from, "always") == 0)

cert_valid_from = 0;

else

else if (parse_absolute_time(from, &cert_valid_from) != 0)

cert_valid_from = parse_absolute_time(from);

fatal("Invalid from time \"%s\"", from);

if (*to == '-' || *to == '+')

cert_valid_to = parse_relative_time(to, now);

else if (strcmp(to, "forever") == 0)

cert_valid_to = ~(u_int64_t)0;

else

else if (parse_absolute_time(to, &cert_valid_to) != 0)

cert_valid_to = parse_absolute_time(to);

fatal("Invalid to time \"%s\"", to);

if (cert_valid_to <= cert_valid_from)

fatal("Empty certificate validity interval");

Line 2405

Line 2359

gen_all_hostkeys = 1;

break;

case 'b':

bits = (u_int32_t)strtonum(optarg, 256, 32768, &errstr);

bits = (u_int32_t)strtonum(optarg, 10, 32768, &errstr);

if (errstr)

fatal("Bits has bad value %s (%s)",

optarg, errstr);

Line 2685

Line 2639

_PATH_HOST_ECDSA_KEY_FILE, rr_hostname);

n += do_print_resource_record(pw,

_PATH_HOST_ED25519_KEY_FILE, rr_hostname);

n += do_print_resource_record(pw,

_PATH_HOST_XMSS_KEY_FILE, rr_hostname);

if (n == 0)

fatal("no keys found.");

exit(0);

Line 2845

Line 2801

if ((r = sshkey_write(public, f)) != 0)

error("write key failed: %s", ssh_err(r));

fprintf(f, " %s\n", comment);

fclose(f);

if (ferror(f) || fclose(f) != 0)

fatal("write public failed: %s", strerror(errno));

if (!quiet) {

fp = sshkey_fingerprint(public, fingerprint_hash,