- djm@cvs.openbsd.org 2014/04/01 02:05:27

     [ssh-keysign.c]
     include fingerprint of key not found
     use arc4random_buf() instead of loop+arc4random()

1 files changed, 8 insertions, 6 deletions

diff --git a/ssh-keysign.c b/ssh-keysign.c
index 6bde8ad17..dfa89e1e2 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.39 2013/12/06 13:39:49 markus Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.40 2014/04/01 02:05:27 djm Exp $ */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -155,7 +155,7 @@ main(int argc, char **argv)
         struct passwd *pw;
         int key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
         u_char *signature, *data;
-        char *host;
+        char *host, *fp;
         u_int slen, dlen;
         u_int32_t rnd[256];
 
@@ -201,8 +201,7 @@ main(int argc, char **argv)
                 fatal("could not open any host key");
 
         OpenSSL_add_all_algorithms();
-        for (i = 0; i < 256; i++)
-                rnd[i] = arc4random();
+        arc4random_buf(rnd, sizeof(rnd));
         RAND_seed(rnd, sizeof(rnd));
 
         found = 0;
@@ -243,8 +242,11 @@ main(int argc, char **argv)
                         break;
                 }
         }
-        if (!found)
-                fatal("no matching hostkey found");
+        if (!found) {
+                fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+                fatal("no matching hostkey found for key %s %s",
+                    key_type(key), fp);
+        }
 
         if (key_sign(keys[i], &signature, &slen, data, dlen) != 0)
                 fatal("key_sign failed");