=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.c,v retrieving revision 1.254 retrieving revision 1.270 diff -u -r1.254 -r1.270 --- src/usr.bin/ssh/ssh-keygen.c 2015/01/16 15:55:07 1.254 +++ src/usr.bin/ssh/ssh-keygen.c 2015/04/24 01:36:01 1.270 @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.254 2015/01/16 15:55:07 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.270 2015/04/24 01:36:01 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -174,28 +174,29 @@ unsigned long); static void -type_bits_valid(int type, u_int32_t *bitsp) +type_bits_valid(int type, const char *name, u_int32_t *bitsp) { - u_int maxbits; + u_int maxbits, nid; - if (type == KEY_UNSPEC) { - fprintf(stderr, "unknown key type %s\n", key_type_name); - exit(1); - } + if (type == KEY_UNSPEC) + fatal("unknown key type %s", key_type_name); if (*bitsp == 0) { if (type == KEY_DSA) *bitsp = DEFAULT_BITS_DSA; - else if (type == KEY_ECDSA) - *bitsp = DEFAULT_BITS_ECDSA; + else if (type == KEY_ECDSA) { + if (name != NULL && + (nid = sshkey_ecdsa_nid_from_name(name)) > 0) + *bitsp = sshkey_curve_nid_to_bits(nid); + if (*bitsp == 0) + *bitsp = DEFAULT_BITS_ECDSA; + } else *bitsp = DEFAULT_BITS; } maxbits = (type == KEY_DSA) ? OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; - if (*bitsp > maxbits) { - fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); - exit(1); - } + if (*bitsp > maxbits) + fatal("key bits exceeds maximum %d", maxbits); #ifdef WITH_OPENSSL if (type == KEY_DSA && *bitsp != 1024) fatal("DSA keys must be 1024 bits"); @@ -239,13 +240,13 @@ name = _PATH_SSH_CLIENT_ID_ED25519; break; default: - fprintf(stderr, "bad key type\n"); - exit(1); - break; + fatal("bad key type"); } } - snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name); - fprintf(stderr, "%s (%s): ", prompt, identity_file); + snprintf(identity_file, sizeof(identity_file), + "%s/%s", pw->pw_dir, name); + printf("%s (%s): ", prompt, identity_file); + fflush(stdout); if (fgets(buf, sizeof(buf), stdin) == NULL) exit(1); buf[strcspn(buf, "\n")] = '\0'; @@ -291,14 +292,10 @@ char comment[61]; int r; - if (k->type == KEY_RSA1) { - fprintf(stderr, "version 1 keys are not supported\n"); - exit(1); - } - if ((r = sshkey_to_blob(k, &blob, &len)) != 0) { - fprintf(stderr, "key_to_blob failed: %s\n", ssh_err(r)); - exit(1); - } + if (k->type == KEY_RSA1) + fatal("version 1 keys are not supported"); + if ((r = sshkey_to_blob(k, &blob, &len)) != 0) + fatal("key_to_blob failed: %s", ssh_err(r)); /* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ snprintf(comment, sizeof(comment), "%u-bit %s, converted by %s@%s from OpenSSH", @@ -525,17 +522,13 @@ line[0] = '\0'; while ((c = fgetc(fp)) != EOF) { - if (pos >= len - 1) { - fprintf(stderr, "input line too long.\n"); - exit(1); - } + if (pos >= len - 1) + fatal("input line too long."); switch (c) { case '\r': c = fgetc(fp); - if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) { - fprintf(stderr, "unget: %s\n", strerror(errno)); - exit(1); - } + if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) + fatal("unget: %s", strerror(errno)); return pos; case '\n': return pos; @@ -587,16 +580,12 @@ (encoded[len-3] == '=')) encoded[len-3] = '\0'; blen = uudecode(encoded, blob, sizeof(blob)); - if (blen < 0) { - fprintf(stderr, "uudecode failed.\n"); - exit(1); - } + if (blen < 0) + fatal("uudecode failed."); if (*private) *k = do_convert_private_ssh2_from_blob(blob, blen); - else if ((r = sshkey_from_blob(blob, blen, k)) != 0) { - fprintf(stderr, "decode blob failed: %s\n", ssh_err(r)); - exit(1); - } + else if ((r = sshkey_from_blob(blob, blen, k)) != 0) + fatal("decode blob failed: %s", ssh_err(r)); fclose(fp); } @@ -701,12 +690,12 @@ fatal("%s: unknown key format %d", __func__, convert_format); } - if (!private) + if (!private) { if ((r = sshkey_write(k, stdout)) == 0) ok = 1; if (ok) fprintf(stdout, "\n"); - else { + } else { switch (k->type) { case KEY_DSA: ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, @@ -726,10 +715,8 @@ } } - if (!ok) { - fprintf(stderr, "key write failed\n"); - exit(1); - } + if (!ok) + fatal("key write failed"); sshkey_free(k); exit(0); } @@ -744,13 +731,11 @@ if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) { - perror(identity_file); - exit(1); - } + if (stat(identity_file, &st) < 0) + fatal("%s: %s", identity_file, strerror(errno)); prv = load_identity(identity_file); if ((r = sshkey_write(prv, stdout)) != 0) - fprintf(stderr, "key_write failed: %s", ssh_err(r)); + error("key_write failed: %s", ssh_err(r)); sshkey_free(prv); fprintf(stdout, "\n"); exit(0); @@ -778,6 +763,8 @@ fp = sshkey_fingerprint(keys[i], fptype, rep); ra = sshkey_fingerprint(keys[i], fingerprint_hash, SSH_FP_RANDOMART); + if (fp == NULL || ra == NULL) + fatal("%s: sshkey_fingerprint fail", __func__); printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]), fp, sshkey_type(keys[i])); if (log_level >= SYSLOG_LEVEL_VERBOSE) @@ -813,17 +800,17 @@ rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) { - perror(identity_file); - exit(1); - } + if (stat(identity_file, &st) < 0) + fatal("%s: %s", identity_file, strerror(errno)); if ((r = sshkey_load_public(identity_file, &public, &comment)) != 0) - error("Error loading public key \"%s\": %s", + debug2("Error loading public key \"%s\": %s", identity_file, ssh_err(r)); else { fp = sshkey_fingerprint(public, fptype, rep); ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART); + if (fp == NULL || ra == NULL) + fatal("%s: sshkey_fingerprint fail", __func__); printf("%u %s %s (%s)\n", sshkey_size(public), fp, comment, sshkey_type(public)); if (log_level >= SYSLOG_LEVEL_VERBOSE) @@ -893,6 +880,8 @@ fp = sshkey_fingerprint(public, fptype, rep); ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART); + if (fp == NULL || ra == NULL) + fatal("%s: sshkey_fingerprint fail", __func__); printf("%u %s %s (%s)\n", sshkey_size(public), fp, comment ? comment : "no comment", sshkey_type(public)); if (log_level >= SYSLOG_LEVEL_VERBOSE) @@ -904,10 +893,8 @@ } fclose(f); - if (invalid) { - printf("%s is not a public key file.\n", identity_file); - exit(1); - } + if (invalid) + fatal("%s is not a public key file.", identity_file); exit(0); } @@ -919,10 +906,14 @@ char *key_type_display; char *path; } key_types[] = { +#ifdef WITH_OPENSSL +#ifdef WITH_SSH1 { "rsa1", "RSA1", _PATH_HOST_KEY_FILE }, +#endif /* WITH_SSH1 */ { "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE }, { "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE }, { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE }, +#endif /* WITH_OPENSSL */ { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE }, { NULL, NULL, NULL } }; @@ -938,7 +929,7 @@ if (stat(key_types[i].path, &st) == 0) continue; if (errno != ENOENT) { - printf("Could not stat %s: %s", key_types[i].path, + error("Could not stat %s: %s", key_types[i].path, strerror(errno)); first = 0; continue; @@ -953,10 +944,9 @@ type = sshkey_type_from_name(key_types[i].key_type); strlcpy(identity_file, key_types[i].path, sizeof(identity_file)); bits = 0; - type_bits_valid(type, &bits); + type_bits_valid(type, NULL, &bits); if ((r = sshkey_generate(type, bits, &private)) != 0) { - fprintf(stderr, "key_generate failed: %s\n", - ssh_err(r)); + error("key_generate failed: %s", ssh_err(r)); first = 0; continue; } @@ -966,8 +956,8 @@ hostname); if ((r = sshkey_save_private(private, identity_file, "", comment, use_new_format, new_format_cipher, rounds)) != 0) { - printf("Saving key \"%s\" failed: %s\n", identity_file, - ssh_err(r)); + error("Saving key \"%s\" failed: %s", + identity_file, ssh_err(r)); sshkey_free(private); sshkey_free(public); first = 0; @@ -977,7 +967,7 @@ strlcat(identity_file, ".pub", sizeof(identity_file)); fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); if (fd == -1) { - printf("Could not save your public key in %s\n", + error("Could not save your public key in %s", identity_file); sshkey_free(public); first = 0; @@ -985,14 +975,14 @@ } f = fdopen(fd, "w"); if (f == NULL) { - printf("fdopen %s failed\n", identity_file); + error("fdopen %s failed", identity_file); close(fd); sshkey_free(public); first = 0; continue; } if ((r = sshkey_write(public, f)) != 0) { - fprintf(stderr, "write key failed: %s\n", ssh_err(r)); + error("write key failed: %s", ssh_err(r)); fclose(f); sshkey_free(public); first = 0; @@ -1007,50 +997,117 @@ printf("\n"); } -static void -printhost(FILE *f, const char *name, struct sshkey *public, - int ca, int revoked, int hash) +struct known_hosts_ctx { + const char *host; /* Hostname searched for in find/delete case */ + FILE *out; /* Output file, stdout for find_hosts case */ + int has_unhashed; /* When hashing, original had unhashed hosts */ + int found_key; /* For find/delete, host was found */ + int invalid; /* File contained invalid items; don't delete */ +}; + +static int +known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) { - if (print_fingerprint) { - enum sshkey_fp_rep rep; - int fptype; - char *fp, *ra; + struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx; + char *hashed, *cp, *hosts, *ohosts; + int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts); - fptype = print_bubblebabble ? - SSH_DIGEST_SHA1 : fingerprint_hash; - rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; - fp = sshkey_fingerprint(public, fptype, rep); - ra = sshkey_fingerprint(public, fingerprint_hash, - SSH_FP_RANDOMART); - printf("%u %s %s (%s)\n", sshkey_size(public), fp, name, - sshkey_type(public)); - if (log_level >= SYSLOG_LEVEL_VERBOSE) - printf("%s\n", ra); - free(ra); - free(fp); - } else { - int r; + switch (l->status) { + case HKF_STATUS_OK: + case HKF_STATUS_MATCHED: + /* + * Don't hash hosts already already hashed, with wildcard + * characters or a CA/revocation marker. + */ + if ((l->match & HKF_MATCH_HOST_HASHED) != 0 || + has_wild || l->marker != MRK_NONE) { + fprintf(ctx->out, "%s\n", l->line); + if (has_wild && !find_host) { + logit("%s:%ld: ignoring host name " + "with wildcard: %.64s", l->path, + l->linenum, l->hosts); + } + return 0; + } + /* + * Split any comma-separated hostnames from the host list, + * hash and store separately. + */ + ohosts = hosts = xstrdup(l->hosts); + while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') { + if ((hashed = host_hash(cp, NULL, 0)) == NULL) + fatal("hash_host failed"); + fprintf(ctx->out, "%s %s\n", hashed, l->rawkey); + ctx->has_unhashed = 1; + } + free(ohosts); + return 0; + case HKF_STATUS_INVALID: + /* Retain invalid lines, but mark file as invalid. */ + ctx->invalid = 1; + logit("%s:%ld: invalid line", l->path, l->linenum); + /* FALLTHROUGH */ + default: + fprintf(ctx->out, "%s\n", l->line); + return 0; + } + /* NOTREACHED */ + return -1; +} - if (hash && (name = host_hash(name, NULL, 0)) == NULL) - fatal("hash_host failed"); - fprintf(f, "%s%s%s ", ca ? CA_MARKER " " : "", - revoked ? REVOKE_MARKER " " : "" , name); - if ((r = sshkey_write(public, f)) != 0) - fatal("key_write failed: %s", ssh_err(r)); - fprintf(f, "\n"); +static int +known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) +{ + struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx; + + if (l->status == HKF_STATUS_MATCHED) { + if (delete_host) { + if (l->marker != MRK_NONE) { + /* Don't remove CA and revocation lines */ + fprintf(ctx->out, "%s\n", l->line); + } else { + /* + * Hostname matches and has no CA/revoke + * marker, delete it by *not* writing the + * line to ctx->out. + */ + ctx->found_key = 1; + if (!quiet) + printf("# Host %s found: line %ld\n", + ctx->host, l->linenum); + } + return 0; + } else if (find_host) { + ctx->found_key = 1; + if (!quiet) { + printf("# Host %s found: line %ld %s\n", + ctx->host, + l->linenum, l->marker == MRK_CA ? "CA" : + (l->marker == MRK_REVOKE ? "REVOKED" : "")); + } + if (hash_hosts) + known_hosts_hash(l, ctx); + else + fprintf(ctx->out, "%s\n", l->line); + return 0; + } + } else if (delete_host) { + /* Retain non-matching hosts when deleting */ + if (l->status == HKF_STATUS_INVALID) { + ctx->invalid = 1; + logit("%s:%ld: invalid line", l->path, l->linenum); + } + fprintf(ctx->out, "%s\n", l->line); } + return 0; } static void do_known_hosts(struct passwd *pw, const char *name) { - FILE *in, *out = stdout; - struct sshkey *pub; - char *cp, *cp2, *kp, *kp2; - char line[16*1024], tmp[PATH_MAX], old[PATH_MAX]; - int c, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0; - int r, ca, revoked; - int found_key = 0; + char *cp, tmp[PATH_MAX], old[PATH_MAX]; + int r, fd, oerrno, inplace = 0; + struct known_hosts_ctx ctx; if (!have_identity) { cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); @@ -1060,10 +1117,11 @@ free(cp); have_identity = 1; } - if ((in = fopen(identity_file, "r")) == NULL) - fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); - /* XXX this code is a mess; refactor -djm */ + memset(&ctx, 0, sizeof(ctx)); + ctx.out = stdout; + ctx.host = name; + /* * Find hosts goes to stdout, hash and deletions happen in-place * A corner case is ssh-keygen -HF foo, which should go to stdout @@ -1075,184 +1133,37 @@ strlcat(old, ".old", sizeof(old)) >= sizeof(old)) fatal("known_hosts path too long"); umask(077); - if ((c = mkstemp(tmp)) == -1) + if ((fd = mkstemp(tmp)) == -1) fatal("mkstemp: %s", strerror(errno)); - if ((out = fdopen(c, "w")) == NULL) { - c = errno; + if ((ctx.out = fdopen(fd, "w")) == NULL) { + oerrno = errno; unlink(tmp); - fatal("fdopen: %s", strerror(c)); + fatal("fdopen: %s", strerror(oerrno)); } inplace = 1; } - while (fgets(line, sizeof(line), in)) { - if ((cp = strchr(line, '\n')) == NULL) { - error("line %d too long: %.40s...", num + 1, line); - skip = 1; - invalid = 1; - continue; - } - num++; - if (skip) { - skip = 0; - continue; - } - *cp = '\0'; + /* XXX support identity_file == "-" for stdin */ + if ((r = hostkeys_foreach(identity_file, + hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx, + name, NULL, find_host ? HKF_WANT_MATCH : 0)) != 0) + fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); - /* Skip leading whitespace, empty and comment lines. */ - for (cp = line; *cp == ' ' || *cp == '\t'; cp++) - ; - if (!*cp || *cp == '\n' || *cp == '#') { - if (inplace) - fprintf(out, "%s\n", cp); - continue; - } - /* Check whether this is a CA key or revocation marker */ - if (strncasecmp(cp, CA_MARKER, sizeof(CA_MARKER) - 1) == 0 && - (cp[sizeof(CA_MARKER) - 1] == ' ' || - cp[sizeof(CA_MARKER) - 1] == '\t')) { - ca = 1; - cp += sizeof(CA_MARKER); - } else - ca = 0; - if (strncasecmp(cp, REVOKE_MARKER, - sizeof(REVOKE_MARKER) - 1) == 0 && - (cp[sizeof(REVOKE_MARKER) - 1] == ' ' || - cp[sizeof(REVOKE_MARKER) - 1] == '\t')) { - revoked = 1; - cp += sizeof(REVOKE_MARKER); - } else - revoked = 0; + if (inplace) + fclose(ctx.out); - /* Find the end of the host name portion. */ - for (kp = cp; *kp && *kp != ' ' && *kp != '\t'; kp++) - ; - - if (*kp == '\0' || *(kp + 1) == '\0') { - error("line %d missing key: %.40s...", - num, line); - invalid = 1; - continue; - } - *kp++ = '\0'; - kp2 = kp; - - if ((pub = sshkey_new(KEY_RSA1)) == NULL) - fatal("sshkey_new failed"); - if ((r = sshkey_read(pub, &kp)) != 0) { - kp = kp2; - sshkey_free(pub); - if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("sshkey_new failed"); - if ((r = sshkey_read(pub, &kp)) != 0) { - error("line %d invalid key: %.40s...", - num, line); - sshkey_free(pub); - invalid = 1; - continue; - } - } - - if (*cp == HASH_DELIM) { - if (find_host || delete_host) { - cp2 = host_hash(name, cp, strlen(cp)); - if (cp2 == NULL) { - error("line %d: invalid hashed " - "name: %.64s...", num, line); - invalid = 1; - continue; - } - c = (strcmp(cp2, cp) == 0); - if (find_host && c) { - if (!quiet) - printf("# Host %s found: " - "line %d type %s%s\n", name, - num, sshkey_type(pub), - ca ? " (CA key)" : - revoked? " (revoked)" : ""); - printhost(out, cp, pub, ca, revoked, 0); - found_key = 1; - } - if (delete_host) { - if (!c || ca || revoked) { - printhost(out, cp, pub, - ca, revoked, 0); - } else { - printf("# Host %s found: " - "line %d type %s\n", name, - num, sshkey_type(pub)); - } - } - } else if (hash_hosts) - printhost(out, cp, pub, ca, revoked, 0); - } else { - if (find_host || delete_host) { - c = (match_hostname(name, cp, - strlen(cp)) == 1); - if (find_host && c) { - if (!quiet) - printf("# Host %s found: " - "line %d type %s%s\n", name, - num, sshkey_type(pub), - ca ? " (CA key)" : ""); - printhost(out, name, pub, ca, revoked, - hash_hosts && !(ca || revoked)); - found_key = 1; - } - if (delete_host) { - if (!c || ca || revoked) { - printhost(out, cp, pub, - ca, revoked, 0); - } else { - printf("# Host %s found: " - "line %d type %s\n", name, - num, sshkey_type(pub)); - } - } - } else if (hash_hosts && (ca || revoked)) { - /* Don't hash CA and revoked keys' hostnames */ - printhost(out, cp, pub, ca, revoked, 0); - has_unhashed = 1; - } else if (hash_hosts) { - /* Hash each hostname separately */ - for (cp2 = strsep(&cp, ","); - cp2 != NULL && *cp2 != '\0'; - cp2 = strsep(&cp, ",")) { - if (strcspn(cp2, "*?!") != - strlen(cp2)) { - fprintf(stderr, "Warning: " - "ignoring host name with " - "metacharacters: %.64s\n", - cp2); - printhost(out, cp2, pub, ca, - revoked, 0); - has_unhashed = 1; - } else { - printhost(out, cp2, pub, ca, - revoked, 1); - } - } - } - } - sshkey_free(pub); - } - fclose(in); - - if (invalid) { - fprintf(stderr, "%s is not a valid known_hosts file.\n", - identity_file); + if (ctx.invalid) { + error("%s is not a valid known_hosts file.", identity_file); if (inplace) { - fprintf(stderr, "Not replacing existing known_hosts " - "file because of errors\n"); - fclose(out); + error("Not replacing existing known_hosts " + "file because of errors"); unlink(tmp); } exit(1); - } - - if (inplace) { - fclose(out); - + } else if (delete_host && !ctx.found_key) { + logit("Host %s not found in %s", name, identity_file); + unlink(tmp); + } else if (inplace) { /* Backup existing file */ if (unlink(old) == -1 && errno != ENOENT) fatal("unlink %.100s: %s", old, strerror(errno)); @@ -1268,17 +1179,16 @@ exit(1); } - fprintf(stderr, "%s updated.\n", identity_file); - fprintf(stderr, "Original contents retained as %s\n", old); - if (has_unhashed) { - fprintf(stderr, "WARNING: %s contains unhashed " - "entries\n", old); - fprintf(stderr, "Delete this file to ensure privacy " - "of hostnames\n"); + printf("%s updated.\n", identity_file); + printf("Original contents retained as %s\n", old); + if (ctx.has_unhashed) { + logit("WARNING: %s contains unhashed entries", old); + logit("Delete this file to ensure privacy " + "of hostnames"); } } - exit (find_host && !found_key); + exit (find_host && !ctx.found_key); } /* @@ -1296,10 +1206,8 @@ if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) { - perror(identity_file); - exit(1); - } + if (stat(identity_file, &st) < 0) + fatal("%s: %s", identity_file, strerror(errno)); /* Try to load the file with empty passphrase. */ r = sshkey_load_private(identity_file, "", &private, &comment); if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) { @@ -1317,11 +1225,10 @@ goto badkey; } else if (r != 0) { badkey: - fprintf(stderr, "Failed to load key \"%s\": %s\n", - identity_file, ssh_err(r)); - exit(1); + fatal("Failed to load key %s: %s", identity_file, ssh_err(r)); } - printf("Key has comment '%s'\n", comment); + if (comment) + printf("Key has comment '%s'\n", comment); /* Ask the new passphrase (twice). */ if (identity_new_passphrase) { @@ -1351,7 +1258,7 @@ /* Save the file using the new passphrase. */ if ((r = sshkey_save_private(private, identity_file, passphrase1, comment, use_new_format, new_format_cipher, rounds)) != 0) { - printf("Saving key \"%s\" failed: %s.\n", + error("Saving key \"%s\" failed: %s.", identity_file, ssh_err(r)); explicit_bzero(passphrase1, strlen(passphrase1)); free(passphrase1); @@ -1385,14 +1292,11 @@ if (stat(fname, &st) < 0) { if (errno == ENOENT) return 0; - perror(fname); - exit(1); + fatal("%s: %s", fname, strerror(errno)); } - if ((r = sshkey_load_public(fname, &public, &comment)) != 0) { - printf("Failed to read v2 public key from \"%s\": %s.\n", + if ((r = sshkey_load_public(fname, &public, &comment)) != 0) + fatal("Failed to read v2 public key from \"%s\": %s.", fname, ssh_err(r)); - exit(1); - } export_dns_rr(hname, public, stdout, print_generic); sshkey_free(public); free(comment); @@ -1414,18 +1318,15 @@ if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) { - perror(identity_file); - exit(1); - } + if (stat(identity_file, &st) < 0) + fatal("%s: %s", identity_file, strerror(errno)); if ((r = sshkey_load_private(identity_file, "", &private, &comment)) == 0) passphrase = xstrdup(""); - else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) { - printf("Cannot load private key \"%s\": %s.\n", + else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) + fatal("Cannot load private key \"%s\": %s.", identity_file, ssh_err(r)); - exit(1); - } else { + else { if (identity_passphrase) passphrase = xstrdup(identity_passphrase); else if (identity_new_passphrase) @@ -1438,13 +1339,14 @@ &private, &comment)) != 0) { explicit_bzero(passphrase, strlen(passphrase)); free(passphrase); - printf("Cannot load private key \"%s\": %s.\n", + fatal("Cannot load private key \"%s\": %s.", identity_file, ssh_err(r)); - exit(1); } } + /* XXX what about new-format keys? */ if (private->type != KEY_RSA1) { - fprintf(stderr, "Comments are only supported for RSA1 keys.\n"); + error("Comments are only supported for RSA1 keys."); + explicit_bzero(passphrase, strlen(passphrase)); sshkey_free(private); exit(1); } @@ -1466,7 +1368,7 @@ /* Save the file using the new passphrase. */ if ((r = sshkey_save_private(private, identity_file, passphrase, new_comment, use_new_format, new_format_cipher, rounds)) != 0) { - printf("Saving key \"%s\" failed: %s\n", + error("Saving key \"%s\" failed: %s", identity_file, ssh_err(r)); explicit_bzero(passphrase, strlen(passphrase)); free(passphrase); @@ -1482,17 +1384,13 @@ strlcat(identity_file, ".pub", sizeof(identity_file)); fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); - if (fd == -1) { - printf("Could not save your public key in %s\n", identity_file); - exit(1); - } + if (fd == -1) + fatal("Could not save your public key in %s", identity_file); f = fdopen(fd, "w"); - if (f == NULL) { - printf("fdopen %s failed\n", identity_file); - exit(1); - } + if (f == NULL) + fatal("fdopen %s failed: %s", identity_file, strerror(errno)); if ((r = sshkey_write(public, f)) != 0) - fprintf(stderr, "write key failed: %s\n", ssh_err(r)); + fatal("write key failed: %s", ssh_err(r)); sshkey_free(public); fprintf(f, " %s\n", new_comment); fclose(f); @@ -1652,8 +1550,7 @@ break; /* FALLTHROUGH */ default: - fprintf(stderr, "unknown key type %s\n", key_type_name); - exit(1); + fatal("unknown key type %s", key_type_name); } } @@ -1675,7 +1572,7 @@ otmp = tmp = xstrdup(cert_principals); plist = NULL; for (; (cp = strsep(&tmp, ",")) != NULL; n++) { - plist = xrealloc(plist, n + 1, sizeof(*plist)); + plist = xreallocarray(plist, n + 1, sizeof(*plist)); if (*(plist[n] = xstrdup(cp)) == '\0') fatal("Empty principal name"); } @@ -1961,6 +1858,8 @@ key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); ca_fp = sshkey_fingerprint(key->cert->signature_key, fingerprint_hash, SSH_FP_DEFAULT); + if (key_fp == NULL || ca_fp == NULL) + fatal("%s: sshkey_fingerprint fail", __func__); printf("%s:\n", identity_file); printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), @@ -2025,7 +1924,7 @@ } static void -update_krl_from_file(struct passwd *pw, const char *file, +update_krl_from_file(struct passwd *pw, const char *file, int wild_ca, const struct sshkey *ca, struct ssh_krl *krl) { struct sshkey *key = NULL; @@ -2067,7 +1966,7 @@ if (*cp == '\0') continue; if (strncasecmp(cp, "serial:", 7) == 0) { - if (ca == NULL) { + if (ca == NULL && !wild_ca) { fatal("revoking certificates by serial number " "requires specification of a CA key"); } @@ -2104,7 +2003,7 @@ __func__); } } else if (strncasecmp(cp, "id:", 3) == 0) { - if (ca == NULL) { + if (ca == NULL && !wild_ca) { fatal("revoking certificates by key ID " "requires specification of a CA key"); } @@ -2155,7 +2054,7 @@ struct ssh_krl *krl; struct stat sb; struct sshkey *ca = NULL; - int fd, i, r; + int fd, i, r, wild_ca = 0; char *tmp; struct sshbuf *kbuf; @@ -2169,11 +2068,15 @@ fatal("KRL \"%s\" does not exist", identity_file); } if (ca_key_path != NULL) { - tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); - if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0) - fatal("Cannot load CA public key %s: %s", - tmp, ssh_err(r)); - free(tmp); + if (strcasecmp(ca_key_path, "none") == 0) + wild_ca = 1; + else { + tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); + if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0) + fatal("Cannot load CA public key %s: %s", + tmp, ssh_err(r)); + free(tmp); + } } if (updating) @@ -2187,7 +2090,7 @@ ssh_krl_set_comment(krl, identity_comment); for (i = 0; i < argc; i++) - update_krl_from_file(pw, argv[i], ca, krl); + update_krl_from_file(pw, argv[i], wild_ca, ca, krl); if ((kbuf = sshbuf_new()) == NULL) fatal("sshbuf_new failed"); @@ -2245,7 +2148,7 @@ " ssh-keygen -e [-m key_format] [-f input_keyfile]\n" " ssh-keygen -y [-f input_keyfile]\n" " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" - " ssh-keygen -l [-E fingerprint_hash] [-f input_keyfile]\n" + " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n" " ssh-keygen -B [-f input_keyfile]\n"); #ifdef ENABLE_PKCS11 fprintf(stderr, @@ -2277,7 +2180,7 @@ { char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2; char *checkpoint = NULL; - char out_file[PATH_MAX], *rr_hostname = NULL, *ep; + char out_file[PATH_MAX], *rr_hostname = NULL, *ep, *fp, *ra; struct sshkey *private, *public; struct passwd *pw; struct stat st; @@ -2301,14 +2204,10 @@ /* we need this for the home * directory. */ pw = getpwuid(getuid()); - if (!pw) { - printf("No user exists for uid %lu\n", (u_long)getuid()); - exit(1); - } - if (gethostname(hostname, sizeof(hostname)) < 0) { - perror("gethostname"); - exit(1); - } + if (!pw) + fatal("No user exists for uid %lu", (u_long)getuid()); + if (gethostname(hostname, sizeof(hostname)) < 0) + fatal("gethostname: %s", strerror(errno)); /* Remaining characters: UYdw */ while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy" @@ -2523,19 +2422,19 @@ if (ca_key_path != NULL) { if (argc < 1 && !gen_krl) { - printf("Too few arguments.\n"); + error("Too few arguments."); usage(); } } else if (argc > 0 && !gen_krl && !check_krl) { - printf("Too many arguments.\n"); + error("Too many arguments."); usage(); } if (change_passphrase && change_comment) { - printf("Can only have one of -p and -c.\n"); + error("Can only have one of -p and -c."); usage(); } if (print_fingerprint && (delete_host || hash_hosts)) { - printf("Cannot use -l with -H or -R.\n"); + error("Cannot use -l with -H or -R."); usage(); } #ifdef WITH_OPENSSL @@ -2579,10 +2478,8 @@ if (have_identity) { n = do_print_resource_record(pw, identity_file, rr_hostname); - if (n == 0) { - perror(identity_file); - exit(1); - } + if (n == 0) + fatal("%s: %s", identity_file, strerror(errno)); exit(0); } else { @@ -2649,19 +2546,15 @@ key_type_name = "rsa"; type = sshkey_type_from_name(key_type_name); - type_bits_valid(type, &bits); + type_bits_valid(type, key_type_name, &bits); if (!quiet) printf("Generating public/private %s key pair.\n", key_type_name); - if ((r = sshkey_generate(type, bits, &private)) != 0) { - fprintf(stderr, "key_generate failed\n"); - exit(1); - } - if ((r = sshkey_from_private(private, &public)) != 0) { - fprintf(stderr, "key_from_private failed: %s\n", ssh_err(r)); - exit(1); - } + if ((r = sshkey_generate(type, bits, &private)) != 0) + fatal("key_generate failed"); + if ((r = sshkey_from_private(private, &public)) != 0) + fatal("key_from_private failed: %s\n", ssh_err(r)); if (!have_identity) ask_filename(pw, "Enter file in which to save the key"); @@ -2731,7 +2624,7 @@ /* Save the key with the given passphrase and comment. */ if ((r = sshkey_save_private(private, identity_file, passphrase1, comment, use_new_format, new_format_cipher, rounds)) != 0) { - printf("Saving key \"%s\" failed: %s\n", + error("Saving key \"%s\" failed: %s", identity_file, ssh_err(r)); explicit_bzero(passphrase1, strlen(passphrase1)); free(passphrase1); @@ -2748,26 +2641,23 @@ printf("Your identification has been saved in %s.\n", identity_file); strlcat(identity_file, ".pub", sizeof(identity_file)); - fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); - if (fd == -1) { - printf("Could not save your public key in %s\n", identity_file); - exit(1); - } - f = fdopen(fd, "w"); - if (f == NULL) { - printf("fdopen %s failed\n", identity_file); - exit(1); - } + if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) + fatal("Unable to save public key to %s: %s", + identity_file, strerror(errno)); + if ((f = fdopen(fd, "w")) == NULL) + fatal("fdopen %s failed: %s", identity_file, strerror(errno)); if ((r = sshkey_write(public, f)) != 0) - fprintf(stderr, "write key failed: %s\n", ssh_err(r)); + error("write key failed: %s", ssh_err(r)); fprintf(f, " %s\n", comment); fclose(f); if (!quiet) { - char *fp = sshkey_fingerprint(public, fingerprint_hash, + fp = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_DEFAULT); - char *ra = sshkey_fingerprint(public, fingerprint_hash, + ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART); + if (fp == NULL || ra == NULL) + fatal("sshkey_fingerprint failed"); printf("Your public key has been saved in %s.\n", identity_file); printf("The key fingerprint is:\n");