diff options
Diffstat (limited to 'ssh-keysign.c')
| -rw-r--r-- | ssh-keysign.c | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/ssh-keysign.c b/ssh-keysign.c index d05156005..1deb7e141 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keysign.c,v 1.35 2010/08/31 12:33:38 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keysign.c,v 1.36 2011/02/16 00:31:14 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -150,9 +150,10 @@ main(int argc, char **argv) | |||
| 150 | { | 150 | { |
| 151 | Buffer b; | 151 | Buffer b; |
| 152 | Options options; | 152 | Options options; |
| 153 | Key *keys[2], *key = NULL; | 153 | #define NUM_KEYTYPES 3 |
| 154 | Key *keys[NUM_KEYTYPES], *key = NULL; | ||
| 154 | struct passwd *pw; | 155 | struct passwd *pw; |
| 155 | int key_fd[2], i, found, version = 2, fd; | 156 | int key_fd[NUM_KEYTYPES], i, found, version = 2, fd; |
| 156 | u_char *signature, *data; | 157 | u_char *signature, *data; |
| 157 | char *host; | 158 | char *host; |
| 158 | u_int slen, dlen; | 159 | u_int slen, dlen; |
| @@ -165,8 +166,10 @@ main(int argc, char **argv) | |||
| 165 | if (fd > 2) | 166 | if (fd > 2) |
| 166 | close(fd); | 167 | close(fd); |
| 167 | 168 | ||
| 168 | key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); | 169 | i = 0; |
| 169 | key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); | 170 | key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); |
| 171 | key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); | ||
| 172 | key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); | ||
| 170 | 173 | ||
| 171 | original_real_uid = getuid(); /* XXX readconf.c needs this */ | 174 | original_real_uid = getuid(); /* XXX readconf.c needs this */ |
| 172 | if ((pw = getpwuid(original_real_uid)) == NULL) | 175 | if ((pw = getpwuid(original_real_uid)) == NULL) |
| @@ -175,7 +178,6 @@ main(int argc, char **argv) | |||
| 175 | 178 | ||
| 176 | permanently_set_uid(pw); | 179 | permanently_set_uid(pw); |
| 177 | 180 | ||
| 178 | init_rng(); | ||
| 179 | seed_rng(); | 181 | seed_rng(); |
| 180 | arc4random_stir(); | 182 | arc4random_stir(); |
| 181 | 183 | ||
| @@ -191,7 +193,11 @@ main(int argc, char **argv) | |||
| 191 | fatal("ssh-keysign not enabled in %s", | 193 | fatal("ssh-keysign not enabled in %s", |
| 192 | _PATH_HOST_CONFIG_FILE); | 194 | _PATH_HOST_CONFIG_FILE); |
| 193 | 195 | ||
| 194 | if (key_fd[0] == -1 && key_fd[1] == -1) | 196 | for (i = found = 0; i < NUM_KEYTYPES; i++) { |
| 197 | if (key_fd[i] != -1) | ||
| 198 | found = 1; | ||
| 199 | } | ||
| 200 | if (found == 0) | ||
| 195 | fatal("could not open any host key"); | 201 | fatal("could not open any host key"); |
| 196 | 202 | ||
| 197 | OpenSSL_add_all_algorithms(); | 203 | OpenSSL_add_all_algorithms(); |
| @@ -200,7 +206,7 @@ main(int argc, char **argv) | |||
| 200 | RAND_seed(rnd, sizeof(rnd)); | 206 | RAND_seed(rnd, sizeof(rnd)); |
| 201 | 207 | ||
| 202 | found = 0; | 208 | found = 0; |
| 203 | for (i = 0; i < 2; i++) { | 209 | for (i = 0; i < NUM_KEYTYPES; i++) { |
| 204 | keys[i] = NULL; | 210 | keys[i] = NULL; |
| 205 | if (key_fd[i] == -1) | 211 | if (key_fd[i] == -1) |
| 206 | continue; | 212 | continue; |
| @@ -230,7 +236,7 @@ main(int argc, char **argv) | |||
| 230 | xfree(host); | 236 | xfree(host); |
| 231 | 237 | ||
| 232 | found = 0; | 238 | found = 0; |
| 233 | for (i = 0; i < 2; i++) { | 239 | for (i = 0; i < NUM_KEYTYPES; i++) { |
| 234 | if (keys[i] != NULL && | 240 | if (keys[i] != NULL && |
| 235 | key_equal_public(key, keys[i])) { | 241 | key_equal_public(key, keys[i])) { |
| 236 | found = 1; | 242 | found = 1; |