summaryrefslogtreecommitdiff
path: root/ssh-keygen.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r--ssh-keygen.c116
1 files changed, 60 insertions, 56 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index d1a205e18..03c444d42 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.225 2013/02/10 23:32:10 djm Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.230 2013/07/20 01:44:37 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -252,7 +252,7 @@ load_identity(char *filename)
252 RP_ALLOW_STDIN); 252 RP_ALLOW_STDIN);
253 prv = key_load_private(filename, pass, NULL); 253 prv = key_load_private(filename, pass, NULL);
254 memset(pass, 0, strlen(pass)); 254 memset(pass, 0, strlen(pass));
255 xfree(pass); 255 free(pass);
256 } 256 }
257 return prv; 257 return prv;
258} 258}
@@ -288,7 +288,7 @@ do_convert_to_ssh2(struct passwd *pw, Key *k)
288 dump_base64(stdout, blob, len); 288 dump_base64(stdout, blob, len);
289 fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); 289 fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END);
290 key_free(k); 290 key_free(k);
291 xfree(blob); 291 free(blob);
292 exit(0); 292 exit(0);
293} 293}
294 294
@@ -415,12 +415,12 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
415 debug("ignore (%d %d %d %d)", i1, i2, i3, i4); 415 debug("ignore (%d %d %d %d)", i1, i2, i3, i4);
416 if (strcmp(cipher, "none") != 0) { 416 if (strcmp(cipher, "none") != 0) {
417 error("unsupported cipher %s", cipher); 417 error("unsupported cipher %s", cipher);
418 xfree(cipher); 418 free(cipher);
419 buffer_free(&b); 419 buffer_free(&b);
420 xfree(type); 420 free(type);
421 return NULL; 421 return NULL;
422 } 422 }
423 xfree(cipher); 423 free(cipher);
424 424
425 if (strstr(type, "dsa")) { 425 if (strstr(type, "dsa")) {
426 ktype = KEY_DSA; 426 ktype = KEY_DSA;
@@ -428,11 +428,11 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
428 ktype = KEY_RSA; 428 ktype = KEY_RSA;
429 } else { 429 } else {
430 buffer_free(&b); 430 buffer_free(&b);
431 xfree(type); 431 free(type);
432 return NULL; 432 return NULL;
433 } 433 }
434 key = key_new_private(ktype); 434 key = key_new_private(ktype);
435 xfree(type); 435 free(type);
436 436
437 switch (key->type) { 437 switch (key->type) {
438 case KEY_DSA: 438 case KEY_DSA:
@@ -475,7 +475,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
475 /* try the key */ 475 /* try the key */
476 key_sign(key, &sig, &slen, data, sizeof(data)); 476 key_sign(key, &sig, &slen, data, sizeof(data));
477 key_verify(key, sig, slen, data, sizeof(data)); 477 key_verify(key, sig, slen, data, sizeof(data));
478 xfree(sig); 478 free(sig);
479 return key; 479 return key;
480} 480}
481 481
@@ -524,7 +524,7 @@ do_convert_from_ssh2(struct passwd *pw, Key **k, int *private)
524 fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); 524 fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
525 encoded[0] = '\0'; 525 encoded[0] = '\0';
526 while ((blen = get_line(fp, line, sizeof(line))) != -1) { 526 while ((blen = get_line(fp, line, sizeof(line))) != -1) {
527 if (line[blen - 1] == '\\') 527 if (blen > 0 && line[blen - 1] == '\\')
528 escaped++; 528 escaped++;
529 if (strncmp(line, "----", 4) == 0 || 529 if (strncmp(line, "----", 4) == 0 ||
530 strstr(line, ": ") != NULL) { 530 strstr(line, ": ") != NULL) {
@@ -746,15 +746,15 @@ do_download(struct passwd *pw)
746 fp, key_type(keys[i])); 746 fp, key_type(keys[i]));
747 if (log_level >= SYSLOG_LEVEL_VERBOSE) 747 if (log_level >= SYSLOG_LEVEL_VERBOSE)
748 printf("%s\n", ra); 748 printf("%s\n", ra);
749 xfree(ra); 749 free(ra);
750 xfree(fp); 750 free(fp);
751 } else { 751 } else {
752 key_write(keys[i], stdout); 752 key_write(keys[i], stdout);
753 fprintf(stdout, "\n"); 753 fprintf(stdout, "\n");
754 } 754 }
755 key_free(keys[i]); 755 key_free(keys[i]);
756 } 756 }
757 xfree(keys); 757 free(keys);
758 pkcs11_terminate(); 758 pkcs11_terminate();
759 exit(0); 759 exit(0);
760#else 760#else
@@ -791,13 +791,13 @@ do_fingerprint(struct passwd *pw)
791 if (log_level >= SYSLOG_LEVEL_VERBOSE) 791 if (log_level >= SYSLOG_LEVEL_VERBOSE)
792 printf("%s\n", ra); 792 printf("%s\n", ra);
793 key_free(public); 793 key_free(public);
794 xfree(comment); 794 free(comment);
795 xfree(ra); 795 free(ra);
796 xfree(fp); 796 free(fp);
797 exit(0); 797 exit(0);
798 } 798 }
799 if (comment) { 799 if (comment) {
800 xfree(comment); 800 free(comment);
801 comment = NULL; 801 comment = NULL;
802 } 802 }
803 803
@@ -856,8 +856,8 @@ do_fingerprint(struct passwd *pw)
856 comment ? comment : "no comment", key_type(public)); 856 comment ? comment : "no comment", key_type(public));
857 if (log_level >= SYSLOG_LEVEL_VERBOSE) 857 if (log_level >= SYSLOG_LEVEL_VERBOSE)
858 printf("%s\n", ra); 858 printf("%s\n", ra);
859 xfree(ra); 859 free(ra);
860 xfree(fp); 860 free(fp);
861 key_free(public); 861 key_free(public);
862 invalid = 0; 862 invalid = 0;
863 } 863 }
@@ -980,8 +980,8 @@ printhost(FILE *f, const char *name, Key *public, int ca, int hash)
980 key_type(public)); 980 key_type(public));
981 if (log_level >= SYSLOG_LEVEL_VERBOSE) 981 if (log_level >= SYSLOG_LEVEL_VERBOSE)
982 printf("%s\n", ra); 982 printf("%s\n", ra);
983 xfree(ra); 983 free(ra);
984 xfree(fp); 984 free(fp);
985 } else { 985 } else {
986 if (hash && (name = host_hash(name, NULL, 0)) == NULL) 986 if (hash && (name = host_hash(name, NULL, 0)) == NULL)
987 fatal("hash_host failed"); 987 fatal("hash_host failed");
@@ -1007,7 +1007,7 @@ do_known_hosts(struct passwd *pw, const char *name)
1007 if (strlcpy(identity_file, cp, sizeof(identity_file)) >= 1007 if (strlcpy(identity_file, cp, sizeof(identity_file)) >=
1008 sizeof(identity_file)) 1008 sizeof(identity_file))
1009 fatal("Specified known hosts path too long"); 1009 fatal("Specified known hosts path too long");
1010 xfree(cp); 1010 free(cp);
1011 have_identity = 1; 1011 have_identity = 1;
1012 } 1012 }
1013 if ((in = fopen(identity_file, "r")) == NULL) 1013 if ((in = fopen(identity_file, "r")) == NULL)
@@ -1238,7 +1238,7 @@ do_change_passphrase(struct passwd *pw)
1238 private = key_load_private(identity_file, old_passphrase, 1238 private = key_load_private(identity_file, old_passphrase,
1239 &comment); 1239 &comment);
1240 memset(old_passphrase, 0, strlen(old_passphrase)); 1240 memset(old_passphrase, 0, strlen(old_passphrase));
1241 xfree(old_passphrase); 1241 free(old_passphrase);
1242 if (private == NULL) { 1242 if (private == NULL) {
1243 printf("Bad passphrase.\n"); 1243 printf("Bad passphrase.\n");
1244 exit(1); 1244 exit(1);
@@ -1261,30 +1261,30 @@ do_change_passphrase(struct passwd *pw)
1261 if (strcmp(passphrase1, passphrase2) != 0) { 1261 if (strcmp(passphrase1, passphrase2) != 0) {
1262 memset(passphrase1, 0, strlen(passphrase1)); 1262 memset(passphrase1, 0, strlen(passphrase1));
1263 memset(passphrase2, 0, strlen(passphrase2)); 1263 memset(passphrase2, 0, strlen(passphrase2));
1264 xfree(passphrase1); 1264 free(passphrase1);
1265 xfree(passphrase2); 1265 free(passphrase2);
1266 printf("Pass phrases do not match. Try again.\n"); 1266 printf("Pass phrases do not match. Try again.\n");
1267 exit(1); 1267 exit(1);
1268 } 1268 }
1269 /* Destroy the other copy. */ 1269 /* Destroy the other copy. */
1270 memset(passphrase2, 0, strlen(passphrase2)); 1270 memset(passphrase2, 0, strlen(passphrase2));
1271 xfree(passphrase2); 1271 free(passphrase2);
1272 } 1272 }
1273 1273
1274 /* Save the file using the new passphrase. */ 1274 /* Save the file using the new passphrase. */
1275 if (!key_save_private(private, identity_file, passphrase1, comment)) { 1275 if (!key_save_private(private, identity_file, passphrase1, comment)) {
1276 printf("Saving the key failed: %s.\n", identity_file); 1276 printf("Saving the key failed: %s.\n", identity_file);
1277 memset(passphrase1, 0, strlen(passphrase1)); 1277 memset(passphrase1, 0, strlen(passphrase1));
1278 xfree(passphrase1); 1278 free(passphrase1);
1279 key_free(private); 1279 key_free(private);
1280 xfree(comment); 1280 free(comment);
1281 exit(1); 1281 exit(1);
1282 } 1282 }
1283 /* Destroy the passphrase and the copy of the key in memory. */ 1283 /* Destroy the passphrase and the copy of the key in memory. */
1284 memset(passphrase1, 0, strlen(passphrase1)); 1284 memset(passphrase1, 0, strlen(passphrase1));
1285 xfree(passphrase1); 1285 free(passphrase1);
1286 key_free(private); /* Destroys contents */ 1286 key_free(private); /* Destroys contents */
1287 xfree(comment); 1287 free(comment);
1288 1288
1289 printf("Your identification has been saved with the new passphrase.\n"); 1289 printf("Your identification has been saved with the new passphrase.\n");
1290 exit(0); 1290 exit(0);
@@ -1301,7 +1301,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname)
1301 struct stat st; 1301 struct stat st;
1302 1302
1303 if (fname == NULL) 1303 if (fname == NULL)
1304 ask_filename(pw, "Enter file in which the key is"); 1304 fatal("%s: no filename", __func__);
1305 if (stat(fname, &st) < 0) { 1305 if (stat(fname, &st) < 0) {
1306 if (errno == ENOENT) 1306 if (errno == ENOENT)
1307 return 0; 1307 return 0;
@@ -1312,11 +1312,11 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname)
1312 if (public != NULL) { 1312 if (public != NULL) {
1313 export_dns_rr(hname, public, stdout, print_generic); 1313 export_dns_rr(hname, public, stdout, print_generic);
1314 key_free(public); 1314 key_free(public);
1315 xfree(comment); 1315 free(comment);
1316 return 1; 1316 return 1;
1317 } 1317 }
1318 if (comment) 1318 if (comment)
1319 xfree(comment); 1319 free(comment);
1320 1320
1321 printf("failed to read v2 public key from %s.\n", fname); 1321 printf("failed to read v2 public key from %s.\n", fname);
1322 exit(1); 1322 exit(1);
@@ -1354,7 +1354,7 @@ do_change_comment(struct passwd *pw)
1354 private = key_load_private(identity_file, passphrase, &comment); 1354 private = key_load_private(identity_file, passphrase, &comment);
1355 if (private == NULL) { 1355 if (private == NULL) {
1356 memset(passphrase, 0, strlen(passphrase)); 1356 memset(passphrase, 0, strlen(passphrase));
1357 xfree(passphrase); 1357 free(passphrase);
1358 printf("Bad passphrase.\n"); 1358 printf("Bad passphrase.\n");
1359 exit(1); 1359 exit(1);
1360 } 1360 }
@@ -1385,13 +1385,13 @@ do_change_comment(struct passwd *pw)
1385 if (!key_save_private(private, identity_file, passphrase, new_comment)) { 1385 if (!key_save_private(private, identity_file, passphrase, new_comment)) {
1386 printf("Saving the key failed: %s.\n", identity_file); 1386 printf("Saving the key failed: %s.\n", identity_file);
1387 memset(passphrase, 0, strlen(passphrase)); 1387 memset(passphrase, 0, strlen(passphrase));
1388 xfree(passphrase); 1388 free(passphrase);
1389 key_free(private); 1389 key_free(private);
1390 xfree(comment); 1390 free(comment);
1391 exit(1); 1391 exit(1);
1392 } 1392 }
1393 memset(passphrase, 0, strlen(passphrase)); 1393 memset(passphrase, 0, strlen(passphrase));
1394 xfree(passphrase); 1394 free(passphrase);
1395 public = key_from_private(private); 1395 public = key_from_private(private);
1396 key_free(private); 1396 key_free(private);
1397 1397
@@ -1412,7 +1412,7 @@ do_change_comment(struct passwd *pw)
1412 fprintf(f, " %s\n", new_comment); 1412 fprintf(f, " %s\n", new_comment);
1413 fclose(f); 1413 fclose(f);
1414 1414
1415 xfree(comment); 1415 free(comment);
1416 1416
1417 printf("The comment in your key file has been changed.\n"); 1417 printf("The comment in your key file has been changed.\n");
1418 exit(0); 1418 exit(0);
@@ -1529,7 +1529,7 @@ load_pkcs11_key(char *path)
1529 } 1529 }
1530 key_free(keys[i]); 1530 key_free(keys[i]);
1531 } 1531 }
1532 xfree(keys); 1532 free(keys);
1533 key_free(public); 1533 key_free(public);
1534 return private; 1534 return private;
1535#else 1535#else
@@ -1573,7 +1573,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
1573 fatal("No PKCS#11 key matching %s found", ca_key_path); 1573 fatal("No PKCS#11 key matching %s found", ca_key_path);
1574 } else if ((ca = load_identity(tmp)) == NULL) 1574 } else if ((ca = load_identity(tmp)) == NULL)
1575 fatal("Couldn't load CA key \"%s\"", tmp); 1575 fatal("Couldn't load CA key \"%s\"", tmp);
1576 xfree(tmp); 1576 free(tmp);
1577 1577
1578 for (i = 0; i < argc; i++) { 1578 for (i = 0; i < argc; i++) {
1579 /* Split list of principals */ 1579 /* Split list of principals */
@@ -1586,7 +1586,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
1586 if (*(plist[n] = xstrdup(cp)) == '\0') 1586 if (*(plist[n] = xstrdup(cp)) == '\0')
1587 fatal("Empty principal name"); 1587 fatal("Empty principal name");
1588 } 1588 }
1589 xfree(otmp); 1589 free(otmp);
1590 } 1590 }
1591 1591
1592 tmp = tilde_expand_filename(argv[i], pw->pw_uid); 1592 tmp = tilde_expand_filename(argv[i], pw->pw_uid);
@@ -1624,7 +1624,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
1624 if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0) 1624 if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0)
1625 *cp = '\0'; 1625 *cp = '\0';
1626 xasprintf(&out, "%s-cert.pub", tmp); 1626 xasprintf(&out, "%s-cert.pub", tmp);
1627 xfree(tmp); 1627 free(tmp);
1628 1628
1629 if ((fd = open(out, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) 1629 if ((fd = open(out, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
1630 fatal("Could not open \"%s\" for writing: %s", out, 1630 fatal("Could not open \"%s\" for writing: %s", out,
@@ -1647,7 +1647,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
1647 } 1647 }
1648 1648
1649 key_free(public); 1649 key_free(public);
1650 xfree(out); 1650 free(out);
1651 } 1651 }
1652 pkcs11_terminate(); 1652 pkcs11_terminate();
1653 exit(0); 1653 exit(0);
@@ -1744,7 +1744,7 @@ parse_cert_times(char *timespec)
1744 1744
1745 if (cert_valid_to <= cert_valid_from) 1745 if (cert_valid_to <= cert_valid_from)
1746 fatal("Empty certificate validity interval"); 1746 fatal("Empty certificate validity interval");
1747 xfree(from); 1747 free(from);
1748} 1748}
1749 1749
1750static void 1750static void
@@ -1797,7 +1797,8 @@ add_cert_option(char *opt)
1797static void 1797static void
1798show_options(const Buffer *optbuf, int v00, int in_critical) 1798show_options(const Buffer *optbuf, int v00, int in_critical)
1799{ 1799{
1800 u_char *name, *data; 1800 char *name;
1801 u_char *data;
1801 u_int dlen; 1802 u_int dlen;
1802 Buffer options, option; 1803 Buffer options, option;
1803 1804
@@ -1822,13 +1823,13 @@ show_options(const Buffer *optbuf, int v00, int in_critical)
1822 strcmp(name, "source-address") == 0)) { 1823 strcmp(name, "source-address") == 0)) {
1823 data = buffer_get_string(&option, NULL); 1824 data = buffer_get_string(&option, NULL);
1824 printf(" %s\n", data); 1825 printf(" %s\n", data);
1825 xfree(data); 1826 free(data);
1826 } else { 1827 } else {
1827 printf(" UNKNOWN OPTION (len %u)\n", 1828 printf(" UNKNOWN OPTION (len %u)\n",
1828 buffer_len(&option)); 1829 buffer_len(&option));
1829 buffer_clear(&option); 1830 buffer_clear(&option);
1830 } 1831 }
1831 xfree(name); 1832 free(name);
1832 if (buffer_len(&option) != 0) 1833 if (buffer_len(&option) != 0)
1833 fatal("Option corrupt: extra data at end"); 1834 fatal("Option corrupt: extra data at end");
1834 } 1835 }
@@ -2038,6 +2039,7 @@ update_krl_from_file(struct passwd *pw, const char *file, const Key *ca,
2038 } 2039 }
2039 if (strcmp(path, "-") != 0) 2040 if (strcmp(path, "-") != 0)
2040 fclose(krl_spec); 2041 fclose(krl_spec);
2042 free(path);
2041} 2043}
2042 2044
2043static void 2045static void
@@ -2063,7 +2065,7 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
2063 tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); 2065 tmp = tilde_expand_filename(ca_key_path, pw->pw_uid);
2064 if ((ca = key_load_public(tmp, NULL)) == NULL) 2066 if ((ca = key_load_public(tmp, NULL)) == NULL)
2065 fatal("Cannot load CA public key %s", tmp); 2067 fatal("Cannot load CA public key %s", tmp);
2066 xfree(tmp); 2068 free(tmp);
2067 } 2069 }
2068 2070
2069 if (updating) 2071 if (updating)
@@ -2090,6 +2092,8 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
2090 close(fd); 2092 close(fd);
2091 buffer_free(&kbuf); 2093 buffer_free(&kbuf);
2092 ssh_krl_free(krl); 2094 ssh_krl_free(krl);
2095 if (ca != NULL)
2096 key_free(ca);
2093} 2097}
2094 2098
2095static void 2099static void
@@ -2210,7 +2214,7 @@ main(int argc, char **argv)
2210 /* we need this for the home * directory. */ 2214 /* we need this for the home * directory. */
2211 pw = getpwuid(getuid()); 2215 pw = getpwuid(getuid());
2212 if (!pw) { 2216 if (!pw) {
2213 printf("You don't exist, go away!\n"); 2217 printf("No user exists for uid %lu\n", (u_long)getuid());
2214 exit(1); 2218 exit(1);
2215 } 2219 }
2216 if (gethostname(hostname, sizeof(hostname)) < 0) { 2220 if (gethostname(hostname, sizeof(hostname)) < 0) {
@@ -2599,14 +2603,14 @@ passphrase_again:
2599 */ 2603 */
2600 memset(passphrase1, 0, strlen(passphrase1)); 2604 memset(passphrase1, 0, strlen(passphrase1));
2601 memset(passphrase2, 0, strlen(passphrase2)); 2605 memset(passphrase2, 0, strlen(passphrase2));
2602 xfree(passphrase1); 2606 free(passphrase1);
2603 xfree(passphrase2); 2607 free(passphrase2);
2604 printf("Passphrases do not match. Try again.\n"); 2608 printf("Passphrases do not match. Try again.\n");
2605 goto passphrase_again; 2609 goto passphrase_again;
2606 } 2610 }
2607 /* Clear the other copy of the passphrase. */ 2611 /* Clear the other copy of the passphrase. */
2608 memset(passphrase2, 0, strlen(passphrase2)); 2612 memset(passphrase2, 0, strlen(passphrase2));
2609 xfree(passphrase2); 2613 free(passphrase2);
2610 } 2614 }
2611 2615
2612 if (identity_comment) { 2616 if (identity_comment) {
@@ -2620,12 +2624,12 @@ passphrase_again:
2620 if (!key_save_private(private, identity_file, passphrase1, comment)) { 2624 if (!key_save_private(private, identity_file, passphrase1, comment)) {
2621 printf("Saving the key failed: %s.\n", identity_file); 2625 printf("Saving the key failed: %s.\n", identity_file);
2622 memset(passphrase1, 0, strlen(passphrase1)); 2626 memset(passphrase1, 0, strlen(passphrase1));
2623 xfree(passphrase1); 2627 free(passphrase1);
2624 exit(1); 2628 exit(1);
2625 } 2629 }
2626 /* Clear the passphrase. */ 2630 /* Clear the passphrase. */
2627 memset(passphrase1, 0, strlen(passphrase1)); 2631 memset(passphrase1, 0, strlen(passphrase1));
2628 xfree(passphrase1); 2632 free(passphrase1);
2629 2633
2630 /* Clear the private key and the random number generator. */ 2634 /* Clear the private key and the random number generator. */
2631 key_free(private); 2635 key_free(private);
@@ -2660,8 +2664,8 @@ passphrase_again:
2660 printf("%s %s\n", fp, comment); 2664 printf("%s %s\n", fp, comment);
2661 printf("The key's randomart image is:\n"); 2665 printf("The key's randomart image is:\n");
2662 printf("%s\n", ra); 2666 printf("%s\n", ra);
2663 xfree(ra); 2667 free(ra);
2664 xfree(fp); 2668 free(fp);
2665 } 2669 }
2666 2670
2667 key_free(public); 2671 key_free(public);