- djm@cvs.openbsd.org 2014/04/01 02:05:27

[ssh-keysign.c]
     include fingerprint of key not found
     use arc4random_buf() instead of loop+arc4random()
This commit is contained in:
Damien Miller 2014-04-20 13:23:21 +10:00
parent 43b156cf72
commit fcd62c0b66
2 changed files with 12 additions and 6 deletions

View File

@ -69,6 +69,10 @@
[ssh-keygen.1] [ssh-keygen.1]
the text for the -K option was inserted in the wrong place in -r1.108; the text for the -K option was inserted in the wrong place in -r1.108;
fix From: Matthew Clarke fix From: Matthew Clarke
- djm@cvs.openbsd.org 2014/04/01 02:05:27
[ssh-keysign.c]
include fingerprint of key not found
use arc4random_buf() instead of loop+arc4random()
20140401 20140401
- (djm) On platforms that support it, use prctl() to prevent sftp-server - (djm) On platforms that support it, use prctl() to prevent sftp-server

View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keysign.c,v 1.39 2013/12/06 13:39:49 markus Exp $ */ /* $OpenBSD: ssh-keysign.c,v 1.40 2014/04/01 02:05:27 djm Exp $ */
/* /*
* Copyright (c) 2002 Markus Friedl. All rights reserved. * Copyright (c) 2002 Markus Friedl. All rights reserved.
* *
@ -155,7 +155,7 @@ main(int argc, char **argv)
struct passwd *pw; struct passwd *pw;
int key_fd[NUM_KEYTYPES], i, found, version = 2, fd; int key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
u_char *signature, *data; u_char *signature, *data;
char *host; char *host, *fp;
u_int slen, dlen; u_int slen, dlen;
u_int32_t rnd[256]; u_int32_t rnd[256];
@ -201,8 +201,7 @@ main(int argc, char **argv)
fatal("could not open any host key"); fatal("could not open any host key");
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
for (i = 0; i < 256; i++) arc4random_buf(rnd, sizeof(rnd));
rnd[i] = arc4random();
RAND_seed(rnd, sizeof(rnd)); RAND_seed(rnd, sizeof(rnd));
found = 0; found = 0;
@ -243,8 +242,11 @@ main(int argc, char **argv)
break; break;
} }
} }
if (!found) if (!found) {
fatal("no matching hostkey found"); fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
fatal("no matching hostkey found for key %s %s",
key_type(key), fp);
}
if (key_sign(keys[i], &signature, &slen, data, dlen) != 0) if (key_sign(keys[i], &signature, &slen, data, dlen) != 0)
fatal("key_sign failed"); fatal("key_sign failed");