1 files changed, 114 insertions, 106 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 46b3af5a8..3898b281e 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.322 2018/09/14 04:17:44 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.329 2019/03/25 16:19:44 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -67,79 +67,52 @@
 # define DEFAULT_KEY_TYPE_NAME "ed25519"
 #endif
-/* Number of bits in the RSA/DSA key.  This value can be set on the command line. */
-#define DEFAULT_BITS            2048
-#define DEFAULT_BITS_DSA        1024
-#define DEFAULT_BITS_ECDSA      256
-u_int32_t bits = 0;
 /*
- * Flag indicating that we just want to change the passphrase.  This can be
+ * Default number of bits in the RSA, DSA and ECDSA keys.  These value can be
- * set on the command line.
+ * overridden on the command line.
- */
+ *
-int change_passphrase = 0;
+ * These values, with the exception of DSA, provide security equivalent to at
+ * least 128 bits of security according to NIST Special Publication 800-57:
-/*
+ * Recommendation for Key Management Part 1 rev 4 section 5.6.1.
- * Flag indicating that we just want to change the comment.  This can be set
+ * For DSA it (and FIPS-186-4 section 4.2) specifies that the only size for
- * on the command line.
+ * which a 160bit hash is acceptable is 1kbit, and since ssh-dss specifies only
+ * SHA1 we limit the DSA key size 1k bits.
 */
-int change_comment = 0;
+#define DEFAULT_BITS            3072
+#define DEFAULT_BITS_DSA        1024
-int quiet = 0;
+#define DEFAULT_BITS_ECDSA      256
-int log_level = SYSLOG_LEVEL_INFO;
-/* Flag indicating that we want to hash a known_hosts file */
-int hash_hosts = 0;
-/* Flag indicating that we want lookup a host in known_hosts file */
-int find_host = 0;
-/* Flag indicating that we want to delete a host from a known_hosts file */
-int delete_host = 0;
-/* Flag indicating that we want to show the contents of a certificate */
+static int quiet = 0;
-int show_cert = 0;
 /* Flag indicating that we just want to see the key fingerprint */
-int print_fingerprint = 0;
+static int print_fingerprint = 0;
-int print_bubblebabble = 0;
+static int print_bubblebabble = 0;
 /* Hash algorithm to use for fingerprints. */
-int fingerprint_hash = SSH_FP_HASH_DEFAULT;
+static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
 /* The identity file name, given on the command line or entered by the user. */
-char identity_file[1024];
+static char identity_file[1024];
-int have_identity = 0;
+static int have_identity = 0;
 /* This is set to the passphrase if given on the command line. */
-char *identity_passphrase = NULL;
+static char *identity_passphrase = NULL;
 /* This is set to the new passphrase if given on the command line. */
-char *identity_new_passphrase = NULL;
+static char *identity_new_passphrase = NULL;
-/* This is set to the new comment if given on the command line. */
-char *identity_comment = NULL;
-/* Path to CA key when certifying keys. */
-char *ca_key_path = NULL;
-/* Prefer to use agent keys for CA signing */
-int prefer_agent = 0;
-/* Certificate serial number */
-unsigned long long cert_serial = 0;
 /* Key type when certifying */
-u_int cert_key_type = SSH2_CERT_TYPE_USER;
+static u_int cert_key_type = SSH2_CERT_TYPE_USER;
 /* "key ID" of signed key */
-char *cert_key_id = NULL;
+static char *cert_key_id = NULL;
 /* Comma-separated list of principal names for certifying keys */
-char *cert_principals = NULL;
+static char *cert_principals = NULL;
 /* Validity period for certificates */
-u_int64_t cert_valid_from = 0;
+static u_int64_t cert_valid_from = 0;
-u_int64_t cert_valid_to = ~0ULL;
+static u_int64_t cert_valid_to = ~0ULL;
 /* Certificate options */
 #define CERTOPT_X_FWD   (1)
@@ -149,9 +122,9 @@ u_int64_t cert_valid_to = ~0ULL;
 #define CERTOPT_USER_RC (1<<4)
 #define CERTOPT_DEFAULT (CERTOPT_X_FWD|CERTOPT_AGENT_FWD| \
                         CERTOPT_PORT_FWD|CERTOPT_PTY|CERTOPT_USER_RC)
-u_int32_t certflags_flags = CERTOPT_DEFAULT;
+static u_int32_t certflags_flags = CERTOPT_DEFAULT;
-char *certflags_command = NULL;
+static char *certflags_command = NULL;
-char *certflags_src_addr = NULL;
+static char *certflags_src_addr = NULL;
 /* Arbitrary extensions specified by user */
 struct cert_userext {
@@ -159,41 +132,37 @@ struct cert_userext {
        char *val;
        int crit;
 };
-struct cert_userext *cert_userext;
+static struct cert_userext *cert_userext;
-size_t ncert_userext;
+static size_t ncert_userext;
 /* Conversion to/from various formats */
-int convert_to = 0;
-int convert_from = 0;
 enum {
        FMT_RFC4716,
        FMT_PKCS8,
        FMT_PEM
 } convert_format = FMT_RFC4716;
-int print_public = 0;
-int print_generic = 0;
-char *key_type_name = NULL;
+static char *key_type_name = NULL;
 /* Load key from this PKCS#11 provider */
-char *pkcs11provider = NULL;
+static char *pkcs11provider = NULL;
 /* Use new OpenSSH private key format when writing SSH2 keys instead of PEM */
-int use_new_format = 1;
+static int use_new_format = 1;
 /* Cipher for new-format private keys */
-char *new_format_cipher = NULL;
+static char *new_format_cipher = NULL;
 /*
 * Number of KDF rounds to derive new format keys /
 * number of primality trials when screening moduli.
 */
-int rounds = 0;
+static int rounds = 0;
 /* argv0 */
 extern char *__progname;
-char hostname[NI_MAXHOST];
+static char hostname[NI_MAXHOST];
 #ifdef WITH_OPENSSL
 /* moduli.c */
@@ -243,7 +212,11 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp)
        case KEY_ECDSA:
                if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1)
                        fatal("Invalid ECDSA key length: valid lengths are "
+#ifdef OPENSSL_HAS_NISTP521
                            "256, 384 or 521 bits");
+#else
+                            "256 or 384 bits");
+#endif
        }
 #endif
 }
@@ -806,7 +779,7 @@ do_download(struct passwd *pw)
        fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;
        rep =    print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
-        pkcs11_init(0);
+        pkcs11_init(1);
        nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys);
        if (nkeys <= 0)
                fatal("cannot read public key from pkcs11");
@@ -819,7 +792,7 @@ do_download(struct passwd *pw)
                                fatal("%s: sshkey_fingerprint fail", __func__);
                        printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]),
                            fp, sshkey_type(keys[i]));
-                        if (log_level >= SYSLOG_LEVEL_VERBOSE)
+                        if (log_level_get() >= SYSLOG_LEVEL_VERBOSE)
                                printf("%s\n", ra);
                        free(ra);
                        free(fp);
@@ -867,7 +840,7 @@ fingerprint_one_key(const struct sshkey *public, const char *comment)
                fatal("%s: sshkey_fingerprint failed", __func__);
        mprintf("%u %s %s (%s)\n", sshkey_size(public), fp,
            comment ? comment : "no comment", sshkey_type(public));
-        if (log_level >= SYSLOG_LEVEL_VERBOSE)
+        if (log_level_get() >= SYSLOG_LEVEL_VERBOSE)
                printf("%s\n", ra);
        free(ra);
        free(fp);
@@ -1015,6 +988,7 @@ do_gen_all_hostkeys(struct passwd *pw)
                { NULL, NULL, NULL }
        };
+        u_int bits = 0;
        int first = 0;
        struct stat st;
        struct sshkey *private, *public;
@@ -1138,6 +1112,9 @@ struct known_hosts_ctx {
        int has_unhashed;       /* When hashing, original had unhashed hosts */
        int found_key;          /* For find/delete, host was found */
        int invalid;            /* File contained invalid items; don't delete */
+        int hash_hosts;         /* Hash hostnames as we go */
+        int find_host;          /* Search for specific hostname */
+        int delete_host;        /* Delete host from known_hosts */
 };
 static int
@@ -1157,7 +1134,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
                 */
                if (was_hashed || has_wild || l->marker != MRK_NONE) {
                        fprintf(ctx->out, "%s\n", l->line);
-                        if (has_wild && !find_host) {
+                        if (has_wild && !ctx->find_host) {
                                logit("%s:%lu: ignoring host name "
                                    "with wildcard: %.64s", l->path,
                                    l->linenum, l->hosts);
@@ -1203,7 +1180,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
        rep =    print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
        if (l->status == HKF_STATUS_MATCHED) {
-                if (delete_host) {
+                if (ctx->delete_host) {
                        if (l->marker != MRK_NONE) {
                                /* Don't remove CA and revocation lines */
                                fprintf(ctx->out, "%s\n", l->line);
@@ -1219,7 +1196,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
                                            ctx->host, l->linenum);
                        }
                        return 0;
-                } else if (find_host) {
+                } else if (ctx->find_host) {
                        ctx->found_key = 1;
                        if (!quiet) {
                                printf("# Host %s found: line %lu %s\n",
@@ -1227,7 +1204,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
                                    l->linenum, l->marker == MRK_CA ? "CA" :
                                    (l->marker == MRK_REVOKE ? "REVOKED" : ""));
                        }
-                        if (hash_hosts)
+                        if (ctx->hash_hosts)
                                known_hosts_hash(l, ctx);
                        else if (print_fingerprint) {
                                fp = sshkey_fingerprint(l->key, fptype, rep);
@@ -1238,7 +1215,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
                                fprintf(ctx->out, "%s\n", l->line);
                        return 0;
                }
-        } else if (delete_host) {
+        } else if (ctx->delete_host) {
                /* Retain non-matching hosts when deleting */
                if (l->status == HKF_STATUS_INVALID) {
                        ctx->invalid = 1;
@@ -1250,7 +1227,8 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
 }
 static void
-do_known_hosts(struct passwd *pw, const char *name)
+do_known_hosts(struct passwd *pw, const char *name, int find_host,
+    int delete_host, int hash_hosts)
 {
        char *cp, tmp[PATH_MAX], old[PATH_MAX];
        int r, fd, oerrno, inplace = 0;
@@ -1269,6 +1247,9 @@ do_known_hosts(struct passwd *pw, const char *name)
        memset(&ctx, 0, sizeof(ctx));
        ctx.out = stdout;
        ctx.host = name;
+        ctx.hash_hosts = hash_hosts;
+        ctx.find_host = find_host;
+        ctx.delete_host = delete_host;
        /*
         * Find hosts goes to stdout, hash and deletions happen in-place
@@ -1433,7 +1414,8 @@ do_change_passphrase(struct passwd *pw)
 * Print the SSHFP RR.
 */
 static int
-do_print_resource_record(struct passwd *pw, char *fname, char *hname)
+do_print_resource_record(struct passwd *pw, char *fname, char *hname,
+    int print_generic)
 {
        struct sshkey *public;
        char *comment = NULL;
@@ -1460,7 +1442,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname)
 * Change the comment of a private key file.
 */
 static void
-do_change_comment(struct passwd *pw)
+do_change_comment(struct passwd *pw, const char *identity_comment)
 {
        char new_comment[1024], *comment, *passphrase;
        struct sshkey *private;
@@ -1672,7 +1654,9 @@ agent_signer(const struct sshkey *key, u_char **sigp, size_t *lenp,
 }
 static void
-do_ca_sign(struct passwd *pw, int argc, char **argv)
+do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
+    unsigned long long cert_serial, int cert_serial_autoinc,
+    int argc, char **argv)
 {
        int r, i, fd, found, agent_fd = -1;
        u_int n;
@@ -1812,6 +1796,8 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
                sshkey_free(public);
                free(out);
+                if (cert_serial_autoinc)
+                        cert_serial++;
        }
 #ifdef ENABLE_PKCS11
        pkcs11_terminate();
@@ -2003,8 +1989,9 @@ print_cert(struct sshkey *key)
        printf("        Type: %s %s certificate\n", sshkey_ssh_name(key),
            sshkey_cert_type(key));
        printf("        Public key: %s %s\n", sshkey_type(key), key_fp);
-        printf("        Signing CA: %s %s\n",
+        printf("        Signing CA: %s %s (using %s)\n",
-            sshkey_type(key->cert->signature_key), ca_fp);
+            sshkey_type(key->cert->signature_key), ca_fp,
+            key->cert->signature_type);
        printf("        Key ID: \"%s\"\n", key->cert->key_id);
        printf("        Serial: %llu\n", (unsigned long long)key->cert->serial);
        printf("        Valid: %s\n", valid);
@@ -2297,7 +2284,9 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca,
 }
 static void
-do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
+do_gen_krl(struct passwd *pw, int updating, const char *ca_key_path,
+    unsigned long long krl_version, const char *krl_comment,
+    int argc, char **argv)
 {
        struct ssh_krl *krl;
        struct stat sb;
@@ -2332,10 +2321,10 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
        else if ((krl = ssh_krl_init()) == NULL)
                fatal("couldn't create KRL");
-        if (cert_serial != 0)
+        if (krl_version != 0)
-                ssh_krl_set_version(krl, cert_serial);
+                ssh_krl_set_version(krl, krl_version);
-        if (identity_comment != NULL)
+        if (krl_comment != NULL)
-                ssh_krl_set_comment(krl, identity_comment);
+                ssh_krl_set_comment(krl, krl_comment);
        for (i = 0; i < argc; i++)
                update_krl_from_file(pw, argv[i], wild_ca, ca, krl);
@@ -2387,9 +2376,10 @@ static void
 usage(void)
 {
        fprintf(stderr,
-            "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]\n"
+            "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa] [-m format]\n"
            "                  [-N new_passphrase] [-C comment] [-f output_keyfile]\n"
-            "       ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n"
+            "       ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-m format]\n"
+            "                   [-f keyfile]\n"
            "       ssh-keygen -i [-m key_format] [-f input_keyfile]\n"
            "       ssh-keygen -e [-m key_format] [-f input_keyfile]\n"
            "       ssh-keygen -y [-f input_keyfile]\n"
@@ -2433,9 +2423,17 @@ main(int argc, char **argv)
        struct passwd *pw;
        struct stat st;
        int r, opt, type, fd;
+        int change_passphrase = 0, change_comment = 0, show_cert = 0;
+        int find_host = 0, delete_host = 0, hash_hosts = 0;
        int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
+        int prefer_agent = 0, convert_to = 0, convert_from = 0;
+        int print_public = 0, print_generic = 0, cert_serial_autoinc = 0;
+        unsigned long long cert_serial = 0;
+        char *identity_comment = NULL, *ca_key_path = NULL;
+        u_int bits = 0;
        FILE *f;
        const char *errstr;
+        int log_level = SYSLOG_LEVEL_INFO;
 #ifdef WITH_OPENSSL
        /* Moduli generation/screening */
        char out_file[PATH_MAX], *checkpoint = NULL;
@@ -2454,13 +2452,10 @@ main(int argc, char **argv)
        __progname = ssh_get_progname(argv[0]);
-#ifdef WITH_OPENSSL
-        OpenSSL_add_all_algorithms();
-#endif
-        log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
        seed_rng();
+        log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
        msetlocale();
        /* we need this for the home * directory.  */
@@ -2628,6 +2623,10 @@ main(int argc, char **argv)
                        break;
                case 'z':
                        errno = 0;
+                        if (*optarg == '+') {
+                                cert_serial_autoinc = 1;
+                                optarg++;
+                        }
                        cert_serial = strtoull(optarg, &ep, 10);
                        if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
                            (errno == ERANGE && cert_serial == ULLONG_MAX))
@@ -2707,7 +2706,8 @@ main(int argc, char **argv)
                usage();
        }
        if (gen_krl) {
-                do_gen_krl(pw, update_krl, argc, argv);
+                do_gen_krl(pw, update_krl, ca_key_path,
+                    cert_serial, identity_comment, argc, argv);
                return (0);
        }
        if (check_krl) {
@@ -2717,12 +2717,15 @@ main(int argc, char **argv)
        if (ca_key_path != NULL) {
                if (cert_key_id == NULL)
                        fatal("Must specify key id (-I) when certifying");
-                do_ca_sign(pw, argc, argv);
+                do_ca_sign(pw, ca_key_path, prefer_agent,
+                    cert_serial, cert_serial_autoinc, argc, argv);
        }
        if (show_cert)
                do_show_cert(pw);
-        if (delete_host || hash_hosts || find_host)
+        if (delete_host || hash_hosts || find_host) {
-                do_known_hosts(pw, rr_hostname);
+                do_known_hosts(pw, rr_hostname, find_host,
+                    delete_host, hash_hosts);
+        }
        if (pkcs11provider != NULL)
                do_download(pw);
        if (print_fingerprint || print_bubblebabble)
@@ -2730,7 +2733,7 @@ main(int argc, char **argv)
        if (change_passphrase)
                do_change_passphrase(pw);
        if (change_comment)
-                do_change_comment(pw);
+                do_change_comment(pw, identity_comment);
 #ifdef WITH_OPENSSL
        if (convert_to)
                do_convert_to(pw);
@@ -2743,23 +2746,28 @@ main(int argc, char **argv)
                unsigned int n = 0;
                if (have_identity) {
-                        n = do_print_resource_record(pw,
+                        n = do_print_resource_record(pw, identity_file,
-                            identity_file, rr_hostname);
+                            rr_hostname, print_generic);
                        if (n == 0)
                                fatal("%s: %s", identity_file, strerror(errno));
                        exit(0);
                } else {
                        n += do_print_resource_record(pw,
-                            _PATH_HOST_RSA_KEY_FILE, rr_hostname);
+                            _PATH_HOST_RSA_KEY_FILE, rr_hostname,
+                            print_generic);
                        n += do_print_resource_record(pw,
-                            _PATH_HOST_DSA_KEY_FILE, rr_hostname);
+                            _PATH_HOST_DSA_KEY_FILE, rr_hostname,
+                            print_generic);
                        n += do_print_resource_record(pw,
-                            _PATH_HOST_ECDSA_KEY_FILE, rr_hostname);
+                            _PATH_HOST_ECDSA_KEY_FILE, rr_hostname,
+                            print_generic);
                        n += do_print_resource_record(pw,
-                            _PATH_HOST_ED25519_KEY_FILE, rr_hostname);
+                            _PATH_HOST_ED25519_KEY_FILE, rr_hostname,
+                            print_generic);
                        n += do_print_resource_record(pw,
-                            _PATH_HOST_XMSS_KEY_FILE, rr_hostname);
+                            _PATH_HOST_XMSS_KEY_FILE, rr_hostname,
+                            print_generic);
                        if (n == 0)
                                fatal("no keys found.");
                        exit(0);