Attachment #2805 for bug #2561

Lines 200-206 sshkey_load_private_type(int type, const char filename, const char passphrase, Link Here

(-)a/authfile.c (-1 / +2 lines)
200	{	200	{
201	int fd, r;	201	int fd, r;
202		202
203	*keyp = NULL;	203	if (keyp != NULL)
		204	*keyp = NULL;
204	if (commentp != NULL)	205	if (commentp != NULL)
205	*commentp = NULL;	206	*commentp = NULL;
206		207

Lines 124-129 Link Here

(-)a/ssh-keygen.1 (+5 lines)
124	.Op Fl f Ar input_keyfile	124	.Op Fl f Ar input_keyfile
125	.Nm ssh-keygen	125	.Nm ssh-keygen
126	.Fl A	126	.Fl A
		127	.Op Fl f Ar prefix_path
127	.Nm ssh-keygen	128	.Nm ssh-keygen
128	.Fl k	129	.Fl k
129	.Fl f Ar krl_file	130	.Fl f Ar krl_file
Lines 227-232 For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) Link Here
227	for which host keys	228	for which host keys
228	do not exist, generate the host keys with the default key file path,	229	do not exist, generate the host keys with the default key file path,
229	an empty passphrase, default bits for the key type, and default comment.	230	an empty passphrase, default bits for the key type, and default comment.
		231	If a
		232	.Fl f
		233	option has been specified, then its argument is used as a prefix to the
		234	default path for the resulting host key files.
230	This is used by	235	This is used by
231	.Pa /etc/rc	236	.Pa /etc/rc
232	to generate new host keys.	237	to generate new host keys.




	int first = 0;
	struct stat st;
	struct sshkey *private, *public;
	char comment[1024], *prv_tmp, *pub_tmp, *prv_file, *pub_file;
	int i, type, fd, r;
	FILE *f;

	/*
	 * Ensure that prefix path identity_file ends in '/' if it has been
	 * specified for easier joining to its suffixes later.
	 */
	if (*identity_file && identity_file[strlen(identity_file) - 1] != '/') {
		if (strlcat(identity_file, "/", sizeof(identity_file)) >=
		    sizeof(identity_file))
			fatal("prefix path is too long");
	}

	for (i = 0; key_types[i].key_type; i++) {
		public = private = NULL;
		xasprintf(&prv_tmp, "%s%s.XXXXXXXXXX",
		    identity_file, key_types[i].path);
		xasprintf(&pub_tmp, "%s%s.pub.XXXXXXXXXX",
		    identity_file, key_types[i].path);
		xasprintf(&prv_file, "%s%s",
		    identity_file, key_types[i].path);
		xasprintf(&pub_file, "%s%s.pub",
		    identity_file, key_types[i].path);

		if (stat(prv_file, &st) == 0) {
			if (st.st_size != 0)
				continue;
		} else if (errno != ENOENT) {
			error("Could not stat %s: %s", key_types[i].path,
			    strerror(errno));
			goto failnext;
			continue;
		}

		if (first == 0) {

		printf("%s ", key_types[i].key_type_display);
		fflush(stdout);
		type = sshkey_type_from_name(key_types[i].key_type);
		if ((fd = mkstemp(prv_tmp)) == -1) {
			error("Could not save your public key in %s: %s",
			    prv_tmp, strerror(errno));
			goto failnext;
		}
		close(fd); /* just using mkstemp() to generate/reserve a name */
		bits = 0;
		type_bits_valid(type, NULL, &bits);
		if ((r = sshkey_generate(type, bits, &private)) != 0) {
			error("key_generate failed: %s", ssh_err(r));
			goto failnext;
			continue;
		}
		if ((r = sshkey_from_private(private, &public)) != 0)
			fatal("sshkey_from_private failed: %s", ssh_err(r));
		snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
		    hostname);
		if ((r = sshkey_save_private(private, prv_tmp, "",
		    comment, use_new_format, new_format_cipher, rounds)) != 0) {
			error("Saving key \"%s\" failed: %s",
			    prv_tmp, ssh_err(r));
			goto failnext;
			sshkey_free(public);
			first = 0;
			continue;
		}
		if ((fd = mkstemp(pub_tmp)) == -1) {
			error("Could not save your public key in %s: %s",
			    pub_tmp, strerror(errno));
			goto failnext;
			error("Could not save your public key in %s",
			    identity_file);
			sshkey_free(public);
			first = 0;
			continue;
		}
		(void)fchmod(fd, 0644);
		f = fdopen(fd, "w");
		if (f == NULL) {
			error("fdopen %s failed", pub_tmp);
			close(fd);
			goto failnext;
			first = 0;
			continue;
		}
		if ((r = sshkey_write(public, f)) != 0) {
			error("write key failed: %s", ssh_err(r));
			fclose(f);
			goto failnext;
			first = 0;
			continue;
		}
		fprintf(f, " %s\n", comment);
		fclose(f);
		sshkey_free(public);

		/* Rename temporary files to their permanent locations. */
		if (rename(pub_tmp, pub_file) != 0) {
			error("Unable to move %s into position: %s",
			    pub_file, strerror(errno));
			goto failnext;
		}
		if (rename(prv_tmp, prv_file) != 0) {
			error("Unable to move %s into position: %s",
			    key_types[i].path, strerror(errno));
 failnext:
			first = 0;
			goto next;
		}
 next:
		sshkey_free(private);
		sshkey_free(public);
		free(prv_tmp);
		free(pub_tmp);
		free(prv_file);
		free(pub_file);
	}
	if (first != 0)
		printf("\n");

Lines 3657-3663 sshkey_parse_private_rsa1(struct sshbuf blob, const char passphrase, Link Here

(-)a/sshkey.c (-7 / +14 lines)
3657	const struct sshcipher *cipher;	3657	const struct sshcipher *cipher;
3658	struct sshkey *prv = NULL;	3658	struct sshkey *prv = NULL;
3659		3659
3660	*keyp = NULL;	3660	if (keyp != NULL)
		3661	*keyp = NULL;
3661	if (commentp != NULL)	3662	if (commentp != NULL)
3662	*commentp = NULL;	3663	*commentp = NULL;
3663		3664
Lines 3743-3750 sshkey_parse_private_rsa1(struct sshbuf blob, const char passphrase, Link Here
3743	goto out;	3744	goto out;
3744	}	3745	}
3745	r = 0;	3746	r = 0;
3746	*keyp = prv;	3747	if (keyp != NULL) {
3747	prv = NULL;	3748	*keyp = prv;
		3749	prv = NULL;
		3750	}
3748	if (commentp != NULL) {	3751	if (commentp != NULL) {
3749	*commentp = comment;	3752	*commentp = comment;
3750	comment = NULL;	3753	comment = NULL;
Lines 3769-3775 sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, Link Here
3769	BIO *bio = NULL;	3772	BIO *bio = NULL;
3770	int r;	3773	int r;
3771		3774
3772	*keyp = NULL;	3775	if (keyp != NULL)
		3776	*keyp = NULL;
3773		3777
3774	if ((bio = BIO_new(BIO_s_mem())) == NULL \|\| sshbuf_len(blob) > INT_MAX)	3778	if ((bio = BIO_new(BIO_s_mem())) == NULL \|\| sshbuf_len(blob) > INT_MAX)
3775	return SSH_ERR_ALLOC_FAIL;	3779	return SSH_ERR_ALLOC_FAIL;
Lines 3838-3845 sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, Link Here
3838	goto out;	3842	goto out;
3839	}	3843	}
3840	r = 0;	3844	r = 0;
3841	*keyp = prv;	3845	if (keyp != NULL) {
3842	prv = NULL;	3846	*keyp = prv;
		3847	prv = NULL;
		3848	}
3843	out:	3849	out:
3844	BIO_free(bio);	3850	BIO_free(bio);
3845	if (pk != NULL)	3851	if (pk != NULL)
Lines 3853-3859 int Link Here
3853	sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,	3859	sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
3854	const char passphrase, struct sshkey keyp, char *commentp)	3860	const char passphrase, struct sshkey keyp, char *commentp)
3855	{	3861	{
3856	*keyp = NULL;	3862	if (keyp != NULL)
		3863	*keyp = NULL;
3857	if (commentp != NULL)	3864	if (commentp != NULL)
3858	*commentp = NULL;	3865	*commentp = NULL;
3859		3866

Return to bug 2561

Lines 992-1009 do_gen_all_hostkeys(struct passwd *pw) Link Here

(-)a/ssh-keygen.c (-32 / +64 lines)
992	int first = 0;	992	int first = 0;
993	struct stat st;	993	struct stat st;
994	struct sshkey private, public;	994	struct sshkey private, public;
995	char comment[1024];	995	char comment[1024], prv_tmp, pub_tmp, prv_file, pub_file;
996	int i, type, fd, r;	996	int i, type, fd, r;
997	FILE *f;	997	FILE *f;
998		998
		999	/*
		1000	* Ensure that prefix path identity_file ends in '/' if it has been
		1001	* specified for easier joining to its suffixes later.
		1002	*/
		1003	if (*identity_file && identity_file[strlen(identity_file) - 1] != '/') {
		1004	if (strlcat(identity_file, "/", sizeof(identity_file)) >=
		1005	sizeof(identity_file))
		1006	fatal("prefix path is too long");
		1007	}
		1008
999	for (i = 0; key_types[i].key_type; i++) {	1009	for (i = 0; key_types[i].key_type; i++) {
1000	if (stat(key_types[i].path, &st) == 0)	1010	public = private = NULL;
1001	continue;	1011	xasprintf(&prv_tmp, "%s%s.XXXXXXXXXX",
1002	if (errno != ENOENT) {	1012	identity_file, key_types[i].path);
		1013	xasprintf(&pub_tmp, "%s%s.pub.XXXXXXXXXX",
		1014	identity_file, key_types[i].path);
		1015	xasprintf(&prv_file, "%s%s",
		1016	identity_file, key_types[i].path);
		1017	xasprintf(&pub_file, "%s%s.pub",
		1018	identity_file, key_types[i].path);
		1019
		1020	if (stat(prv_file, &st) == 0) {
		1021	if (st.st_size != 0)
		1022	continue;
		1023	} else if (errno != ENOENT) {
1003	error("Could not stat %s: %s", key_types[i].path,	1024	error("Could not stat %s: %s", key_types[i].path,
1004	strerror(errno));	1025	strerror(errno));
1005	first = 0;	1026	goto failnext;
1006	continue;
1007	}	1027	}
1008		1028
1009	if (first == 0) {	1029	if (first == 0) {
Lines 1013-1068 do_gen_all_hostkeys(struct passwd *pw) Link Here
1013	printf("%s ", key_types[i].key_type_display);	1033	printf("%s ", key_types[i].key_type_display);
1014	fflush(stdout);	1034	fflush(stdout);
1015	type = sshkey_type_from_name(key_types[i].key_type);	1035	type = sshkey_type_from_name(key_types[i].key_type);
1016	strlcpy(identity_file, key_types[i].path, sizeof(identity_file));	1036	if ((fd = mkstemp(prv_tmp)) == -1) {
		1037	error("Could not save your public key in %s: %s",
		1038	prv_tmp, strerror(errno));
		1039	goto failnext;
		1040	}
		1041	close(fd); /* just using mkstemp() to generate/reserve a name */
1017	bits = 0;	1042	bits = 0;
1018	type_bits_valid(type, NULL, &bits);	1043	type_bits_valid(type, NULL, &bits);
1019	if ((r = sshkey_generate(type, bits, &private)) != 0) {	1044	if ((r = sshkey_generate(type, bits, &private)) != 0) {
1020	error("key_generate failed: %s", ssh_err(r));	1045	error("key_generate failed: %s", ssh_err(r));
1021	first = 0;	1046	goto failnext;
1022	continue;
1023	}	1047	}
1024	if ((r = sshkey_from_private(private, &public)) != 0)	1048	if ((r = sshkey_from_private(private, &public)) != 0)
1025	fatal("sshkey_from_private failed: %s", ssh_err(r));	1049	fatal("sshkey_from_private failed: %s", ssh_err(r));
1026	snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,	1050	snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
1027	hostname);	1051	hostname);
1028	if ((r = sshkey_save_private(private, identity_file, "",	1052	if ((r = sshkey_save_private(private, prv_tmp, "",
1029	comment, use_new_format, new_format_cipher, rounds)) != 0) {	1053	comment, use_new_format, new_format_cipher, rounds)) != 0) {
1030	error("Saving key \"%s\" failed: %s",	1054	error("Saving key \"%s\" failed: %s",
1031	identity_file, ssh_err(r));	1055	prv_tmp, ssh_err(r));
1032	sshkey_free(private);	1056	goto failnext;
1033	sshkey_free(public);
1034	first = 0;
1035	continue;
1036	}	1057	}
1037	sshkey_free(private);	1058	if ((fd = mkstemp(pub_tmp)) == -1) {
1038	strlcat(identity_file, ".pub", sizeof(identity_file));	1059	error("Could not save your public key in %s: %s",
1039	fd = open(identity_file, O_WRONLY \| O_CREAT \| O_TRUNC, 0644);	1060	pub_tmp, strerror(errno));
1040	if (fd == -1) {	1061	goto failnext;
1041	error("Could not save your public key in %s",
1042	identity_file);
1043	sshkey_free(public);
1044	first = 0;
1045	continue;
1046	}	1062	}
		1063	(void)fchmod(fd, 0644);
1047	f = fdopen(fd, "w");	1064	f = fdopen(fd, "w");
1048	if (f == NULL) {	1065	if (f == NULL) {
1049	error("fdopen %s failed", identity_file);	1066	error("fdopen %s failed", pub_tmp);
1050	close(fd);	1067	close(fd);
1051	sshkey_free(public);	1068	goto failnext;
1052	first = 0;
1053	continue;
1054	}	1069	}
1055	if ((r = sshkey_write(public, f)) != 0) {	1070	if ((r = sshkey_write(public, f)) != 0) {
1056	error("write key failed: %s", ssh_err(r));	1071	error("write key failed: %s", ssh_err(r));
1057	fclose(f);	1072	fclose(f);
1058	sshkey_free(public);	1073	goto failnext;
1059	first = 0;
1060	continue;
1061	}	1074	}
1062	fprintf(f, " %s\n", comment);	1075	fprintf(f, " %s\n", comment);
1063	fclose(f);	1076	fclose(f);
1064	sshkey_free(public);
1065		1077
		1078	/* Rename temporary files to their permanent locations. */
		1079	if (rename(pub_tmp, pub_file) != 0) {
		1080	error("Unable to move %s into position: %s",
		1081	pub_file, strerror(errno));
		1082	goto failnext;
		1083	}
		1084	if (rename(prv_tmp, prv_file) != 0) {
		1085	error("Unable to move %s into position: %s",
		1086	key_types[i].path, strerror(errno));
		1087	failnext:
		1088	first = 0;
		1089	goto next;
		1090	}
		1091	next:
		1092	sshkey_free(private);
		1093	sshkey_free(public);
		1094	free(prv_tmp);
		1095	free(pub_tmp);
		1096	free(prv_file);
		1097	free(pub_file);
1066	}	1098	}
1067	if (first != 0)	1099	if (first != 0)
1068	printf("\n");	1100	printf("\n");