OpenCoverage

ssh-keygen.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssh/src/ssh-keygen.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: ssh-keygen.c,v 1.322 2018/09/14 04:17:44 djm Exp $ */-
2/*-
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>-
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland-
5 * All rights reserved-
6 * Identity and host key generation and maintenance.-
7 *-
8 * As far as I am concerned, the code I have written for this software-
9 * can be used freely for any purpose. Any derived versions of this-
10 * software must be clearly marked as such, and if the derived work is-
11 * incompatible with the protocol description in the RFC file, it must be-
12 * called by a name other than "ssh" or "Secure Shell".-
13 */-
14-
15#include "includes.h"-
16-
17#include <sys/types.h>-
18#include <sys/socket.h>-
19#include <sys/stat.h>-
20-
21#ifdef WITH_OPENSSL-
22#include <openssl/evp.h>-
23#include <openssl/pem.h>-
24#include "openbsd-compat/openssl-compat.h"-
25#endif-
26-
27#include <errno.h>-
28#include <fcntl.h>-
29#include <netdb.h>-
30#ifdef HAVE_PATHS_H-
31# include <paths.h>-
32#endif-
33#include <pwd.h>-
34#include <stdarg.h>-
35#include <stdio.h>-
36#include <stdlib.h>-
37#include <string.h>-
38#include <unistd.h>-
39#include <limits.h>-
40#include <locale.h>-
41#include <time.h>-
42-
43#include "xmalloc.h"-
44#include "sshkey.h"-
45#include "authfile.h"-
46#include "uuencode.h"-
47#include "sshbuf.h"-
48#include "pathnames.h"-
49#include "log.h"-
50#include "misc.h"-
51#include "match.h"-
52#include "hostfile.h"-
53#include "dns.h"-
54#include "ssh.h"-
55#include "ssh2.h"-
56#include "ssherr.h"-
57#include "ssh-pkcs11.h"-
58#include "atomicio.h"-
59#include "krl.h"-
60#include "digest.h"-
61#include "utf8.h"-
62#include "authfd.h"-
63-
64#ifdef WITH_OPENSSL-
65# define DEFAULT_KEY_TYPE_NAME "rsa"-
66#else-
67# define DEFAULT_KEY_TYPE_NAME "ed25519"-
68#endif-
69-
70/* Number of bits in the RSA/DSA key. This value can be set on the command line. */-
71#define DEFAULT_BITS 2048-
72#define DEFAULT_BITS_DSA 1024-
73#define DEFAULT_BITS_ECDSA 256-
74u_int32_t bits = 0;-
75-
76/*-
77 * Flag indicating that we just want to change the passphrase. This can be-
78 * set on the command line.-
79 */-
80int change_passphrase = 0;-
81-
82/*-
83 * Flag indicating that we just want to change the comment. This can be set-
84 * on the command line.-
85 */-
86int change_comment = 0;-
87-
88int quiet = 0;-
89-
90int log_level = SYSLOG_LEVEL_INFO;-
91-
92/* Flag indicating that we want to hash a known_hosts file */-
93int hash_hosts = 0;-
94/* Flag indicating that we want lookup a host in known_hosts file */-
95int find_host = 0;-
96/* Flag indicating that we want to delete a host from a known_hosts file */-
97int delete_host = 0;-
98-
99/* Flag indicating that we want to show the contents of a certificate */-
100int show_cert = 0;-
101-
102/* Flag indicating that we just want to see the key fingerprint */-
103int print_fingerprint = 0;-
104int print_bubblebabble = 0;-
105-
106/* Hash algorithm to use for fingerprints. */-
107int fingerprint_hash = SSH_FP_HASH_DEFAULT;-
108-
109/* The identity file name, given on the command line or entered by the user. */-
110char identity_file[1024];-
111int have_identity = 0;-
112-
113/* This is set to the passphrase if given on the command line. */-
114char *identity_passphrase = NULL;-
115-
116/* This is set to the new passphrase if given on the command line. */-
117char *identity_new_passphrase = NULL;-
118-
119/* This is set to the new comment if given on the command line. */-
120char *identity_comment = NULL;-
121-
122/* Path to CA key when certifying keys. */-
123char *ca_key_path = NULL;-
124-
125/* Prefer to use agent keys for CA signing */-
126int prefer_agent = 0;-
127-
128/* Certificate serial number */-
129unsigned long long cert_serial = 0;-
130-
131/* Key type when certifying */-
132u_int cert_key_type = SSH2_CERT_TYPE_USER;-
133-
134/* "key ID" of signed key */-
135char *cert_key_id = NULL;-
136-
137/* Comma-separated list of principal names for certifying keys */-
138char *cert_principals = NULL;-
139-
140/* Validity period for certificates */-
141u_int64_t cert_valid_from = 0;-
142u_int64_t cert_valid_to = ~0ULL;-
143-
144/* Certificate options */-
145#define CERTOPT_X_FWD (1)-
146#define CERTOPT_AGENT_FWD (1<<1)-
147#define CERTOPT_PORT_FWD (1<<2)-
148#define CERTOPT_PTY (1<<3)-
149#define CERTOPT_USER_RC (1<<4)-
150#define CERTOPT_DEFAULT (CERTOPT_X_FWD|CERTOPT_AGENT_FWD| \-
151 CERTOPT_PORT_FWD|CERTOPT_PTY|CERTOPT_USER_RC)-
152u_int32_t certflags_flags = CERTOPT_DEFAULT;-
153char *certflags_command = NULL;-
154char *certflags_src_addr = NULL;-
155-
156/* Arbitrary extensions specified by user */-
157struct cert_userext {-
158 char *key;-
159 char *val;-
160 int crit;-
161};-
162struct cert_userext *cert_userext;-
163size_t ncert_userext;-
164-
165/* Conversion to/from various formats */-
166int convert_to = 0;-
167int convert_from = 0;-
168enum {-
169 FMT_RFC4716,-
170 FMT_PKCS8,-
171 FMT_PEM-
172} convert_format = FMT_RFC4716;-
173int print_public = 0;-
174int print_generic = 0;-
175-
176char *key_type_name = NULL;-
177-
178/* Load key from this PKCS#11 provider */-
179char *pkcs11provider = NULL;-
180-
181/* Use new OpenSSH private key format when writing SSH2 keys instead of PEM */-
182int use_new_format = 1;-
183-
184/* Cipher for new-format private keys */-
185char *new_format_cipher = NULL;-
186-
187/*-
188 * Number of KDF rounds to derive new format keys /-
189 * number of primality trials when screening moduli.-
190 */-
191int rounds = 0;-
192-
193/* argv0 */-
194extern char *__progname;-
195-
196char hostname[NI_MAXHOST];-
197-
198#ifdef WITH_OPENSSL-
199/* moduli.c */-
200int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);-
201int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,-
202 unsigned long);-
203#endif-
204-
205static void-
206type_bits_valid(int type, const char *name, u_int32_t *bitsp)-
207{-
208#ifdef WITH_OPENSSL-
209 u_int maxbits, nid;-
210#endif-
211-
212 if (type == KEY_UNSPEC)
type == KEY_UNSPECDescription
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
213 fatal("unknown key type %s", key_type_name);
never executed: fatal("unknown key type %s", key_type_name);
0
214 if (*bitsp == 0) {
*bitsp == 0Description
TRUEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
0-7
215#ifdef WITH_OPENSSL-
216 if (type == KEY_DSA)
type == KEY_DSADescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 6 times by 1 test
Evaluated by:
  • ssh-keygen
1-6
217 *bitsp = DEFAULT_BITS_DSA;
executed 1 time by 1 test: *bitsp = 1024;
Executed by:
  • ssh-keygen
1
218 else if (type == KEY_ECDSA) {
type == KEY_ECDSADescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 5 times by 1 test
Evaluated by:
  • ssh-keygen
1-5
219 if (name != NULL &&
name != ((void *)0)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
0-1
220 (nid = sshkey_ecdsa_nid_from_name(name)) > 0)
(nid = sshkey_...ame(name)) > 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
0-1
221 *bitsp = sshkey_curve_nid_to_bits(nid);
executed 1 time by 1 test: *bitsp = sshkey_curve_nid_to_bits(nid);
Executed by:
  • ssh-keygen
1
222 if (*bitsp == 0)
*bitsp == 0Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
0-1
223 *bitsp = DEFAULT_BITS_ECDSA;
executed 1 time by 1 test: *bitsp = 256;
Executed by:
  • ssh-keygen
1
224 } else
executed 1 time by 1 test: end of block
Executed by:
  • ssh-keygen
1
225#endif-
226 *bitsp = DEFAULT_BITS;
executed 5 times by 1 test: *bitsp = 2048;
Executed by:
  • ssh-keygen
5
227 }-
228#ifdef WITH_OPENSSL-
229 maxbits = (type == KEY_DSA) ?
(type == KEY_DSA)Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 6 times by 1 test
Evaluated by:
  • ssh-keygen
1-6
230 OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;-
231 if (*bitsp > maxbits)
*bitsp > maxbitsDescription
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
232 fatal("key bits exceeds maximum %d", maxbits);
never executed: fatal("key bits exceeds maximum %d", maxbits);
0
233 switch (type) {-
234 case KEY_DSA:
executed 1 time by 1 test: case KEY_DSA:
Executed by:
  • ssh-keygen
1
235 if (*bitsp != 1024)
*bitsp != 1024Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
0-1
236 fatal("Invalid DSA key length: must be 1024 bits");
never executed: fatal("Invalid DSA key length: must be 1024 bits");
0
237 break;
executed 1 time by 1 test: break;
Executed by:
  • ssh-keygen
1
238 case KEY_RSA:
executed 2 times by 1 test: case KEY_RSA:
Executed by:
  • ssh-keygen
2
239 if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE)
*bitsp < 1024Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • ssh-keygen
0-2
240 fatal("Invalid RSA key length: minimum is %d bits",
never executed: fatal("Invalid RSA key length: minimum is %d bits", 1024);
0
241 SSH_RSA_MINIMUM_MODULUS_SIZE);
never executed: fatal("Invalid RSA key length: minimum is %d bits", 1024);
0
242 break;
executed 2 times by 1 test: break;
Executed by:
  • ssh-keygen
2
243 case KEY_ECDSA:
executed 1 time by 1 test: case KEY_ECDSA:
Executed by:
  • ssh-keygen
1
244 if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1)
sshkey_ecdsa_b...(*bitsp) == -1Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
0-1
245 fatal("Invalid ECDSA key length: valid lengths are "
never executed: fatal("Invalid ECDSA key length: valid lengths are " "256, 384 or 521 bits");
0
246 "256, 384 or 521 bits");
never executed: fatal("Invalid ECDSA key length: valid lengths are " "256, 384 or 521 bits");
0
247 }
executed 1 time by 1 test: end of block
Executed by:
  • ssh-keygen
1
248#endif-
249}
executed 7 times by 1 test: end of block
Executed by:
  • ssh-keygen
7
250-
251static void-
252ask_filename(struct passwd *pw, const char *prompt)-
253{-
254 char buf[1024];-
255 char *name = NULL;-
256-
257 if (key_type_name == NULL)
key_type_name == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
258 name = _PATH_SSH_CLIENT_ID_RSA;
never executed: name = ".ssh" "/id_rsa";
0
259 else {-
260 switch (sshkey_type_from_name(key_type_name)) {-
261 case KEY_DSA_CERT:
never executed: case KEY_DSA_CERT:
0
262 case KEY_DSA:
never executed: case KEY_DSA:
0
263 name = _PATH_SSH_CLIENT_ID_DSA;-
264 break;
never executed: break;
0
265#ifdef OPENSSL_HAS_ECC-
266 case KEY_ECDSA_CERT:
never executed: case KEY_ECDSA_CERT:
0
267 case KEY_ECDSA:
never executed: case KEY_ECDSA:
0
268 name = _PATH_SSH_CLIENT_ID_ECDSA;-
269 break;
never executed: break;
0
270#endif-
271 case KEY_RSA_CERT:
never executed: case KEY_RSA_CERT:
0
272 case KEY_RSA:
never executed: case KEY_RSA:
0
273 name = _PATH_SSH_CLIENT_ID_RSA;-
274 break;
never executed: break;
0
275 case KEY_ED25519:
never executed: case KEY_ED25519:
0
276 case KEY_ED25519_CERT:
never executed: case KEY_ED25519_CERT:
0
277 name = _PATH_SSH_CLIENT_ID_ED25519;-
278 break;
never executed: break;
0
279 case KEY_XMSS:
never executed: case KEY_XMSS:
0
280 case KEY_XMSS_CERT:
never executed: case KEY_XMSS_CERT:
0
281 name = _PATH_SSH_CLIENT_ID_XMSS;-
282 break;
never executed: break;
0
283 default:
never executed: default:
0
284 fatal("bad key type");-
285 }
never executed: end of block
0
286 }-
287 snprintf(identity_file, sizeof(identity_file),-
288 "%s/%s", pw->pw_dir, name);-
289 printf("%s (%s): ", prompt, identity_file);-
290 fflush(stdout);-
291 if (fgets(buf, sizeof(buf), stdin) == NULL)
fgets(buf, siz...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
292 exit(1);
never executed: exit(1);
0
293 buf[strcspn(buf, "\n")] = '\0';-
294 if (strcmp(buf, "") != 0)
never executed: __result = (((const unsigned char *) (const char *) ( buf ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
295 strlcpy(identity_file, buf, sizeof(identity_file));
never executed: strlcpy(identity_file, buf, sizeof(identity_file));
0
296 have_identity = 1;-
297}
never executed: end of block
0
298-
299static struct sshkey *-
300load_identity(char *filename)-
301{-
302 char *pass;-
303 struct sshkey *prv;-
304 int r;-
305-
306 if ((r = sshkey_load_private(filename, "", &prv, NULL)) == 0)
(r = sshkey_lo...d *)0) )) == 0Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
0-2
307 return prv;
executed 2 times by 1 test: return prv;
Executed by:
  • ssh-keygen
2
308 if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
r != -43Description
TRUEnever evaluated
FALSEnever evaluated
0
309 fatal("Load key \"%s\": %s", filename, ssh_err(r));
never executed: fatal("Load key \"%s\": %s", filename, ssh_err(r));
0
310 if (identity_passphrase)
identity_passphraseDescription
TRUEnever evaluated
FALSEnever evaluated
0
311 pass = xstrdup(identity_passphrase);
never executed: pass = xstrdup(identity_passphrase);
0
312 else-
313 pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN);
never executed: pass = read_passphrase("Enter passphrase: ", 0x0002);
0
314 r = sshkey_load_private(filename, pass, &prv, NULL);-
315 explicit_bzero(pass, strlen(pass));-
316 free(pass);-
317 if (r != 0)
r != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
318 fatal("Load key \"%s\": %s", filename, ssh_err(r));
never executed: fatal("Load key \"%s\": %s", filename, ssh_err(r));
0
319 return prv;
never executed: return prv;
0
320}-
321-
322#define SSH_COM_PUBLIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----"-
323#define SSH_COM_PUBLIC_END "---- END SSH2 PUBLIC KEY ----"-
324#define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----"-
325#define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb-
326-
327#ifdef WITH_OPENSSL-
328static void-
329do_convert_to_ssh2(struct passwd *pw, struct sshkey *k)-
330{-
331 size_t len;-
332 u_char *blob;-
333 char comment[61];-
334 int r;-
335-
336 if ((r = sshkey_to_blob(k, &blob, &len)) != 0)
(r = sshkey_to...b, &len)) != 0Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
0-1
337 fatal("key_to_blob failed: %s", ssh_err(r));
never executed: fatal("key_to_blob failed: %s", ssh_err(r));
0
338 /* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */-
339 snprintf(comment, sizeof(comment),-
340 "%u-bit %s, converted by %s@%s from OpenSSH",-
341 sshkey_size(k), sshkey_type(k),-
342 pw->pw_name, hostname);-
343-
344 fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);-
345 fprintf(stdout, "Comment: \"%s\"\n", comment);-
346 dump_base64(stdout, blob, len);-
347 fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END);-
348 sshkey_free(k);-
349 free(blob);-
350 exit(0);
executed 1 time by 1 test: exit(0);
Executed by:
  • ssh-keygen
1
351}-
352-
353static void-
354do_convert_to_pkcs8(struct sshkey *k)-
355{-
356 switch (sshkey_type_plain(k->type)) {-
357 case KEY_RSA:
never executed: case KEY_RSA:
0
358 if (!PEM_write_RSA_PUBKEY(stdout, k->rsa))
!PEM_write_RSA...dout , k->rsa)Description
TRUEnever evaluated
FALSEnever evaluated
0
359 fatal("PEM_write_RSA_PUBKEY failed");
never executed: fatal("PEM_write_RSA_PUBKEY failed");
0
360 break;
never executed: break;
0
361 case KEY_DSA:
never executed: case KEY_DSA:
0
362 if (!PEM_write_DSA_PUBKEY(stdout, k->dsa))
!PEM_write_DSA...dout , k->dsa)Description
TRUEnever evaluated
FALSEnever evaluated
0
363 fatal("PEM_write_DSA_PUBKEY failed");
never executed: fatal("PEM_write_DSA_PUBKEY failed");
0
364 break;
never executed: break;
0
365#ifdef OPENSSL_HAS_ECC-
366 case KEY_ECDSA:
never executed: case KEY_ECDSA:
0
367 if (!PEM_write_EC_PUBKEY(stdout, k->ecdsa))
!PEM_write_EC_...ut , k->ecdsa)Description
TRUEnever evaluated
FALSEnever evaluated
0
368 fatal("PEM_write_EC_PUBKEY failed");
never executed: fatal("PEM_write_EC_PUBKEY failed");
0
369 break;
never executed: break;
0
370#endif-
371 default:
never executed: default:
0
372 fatal("%s: unsupported key type %s", __func__, sshkey_type(k));-
373 }
never executed: end of block
0
374 exit(0);
never executed: exit(0);
0
375}-
376-
377static void-
378do_convert_to_pem(struct sshkey *k)-
379{-
380 switch (sshkey_type_plain(k->type)) {-
381 case KEY_RSA:
never executed: case KEY_RSA:
0
382 if (!PEM_write_RSAPublicKey(stdout, k->rsa))
!PEM_write_RSA...dout , k->rsa)Description
TRUEnever evaluated
FALSEnever evaluated
0
383 fatal("PEM_write_RSAPublicKey failed");
never executed: fatal("PEM_write_RSAPublicKey failed");
0
384 break;
never executed: break;
0
385 default:
never executed: default:
0
386 fatal("%s: unsupported key type %s", __func__, sshkey_type(k));-
387 }
never executed: end of block
0
388 exit(0);
never executed: exit(0);
0
389}-
390-
391static void-
392do_convert_to(struct passwd *pw)-
393{-
394 struct sshkey *k;-
395 struct stat st;-
396 int r;-
397-
398 if (!have_identity)
!have_identityDescription
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
0-1
399 ask_filename(pw, "Enter file in which the key is");
never executed: ask_filename(pw, "Enter file in which the key is");
0
400 if (stat(identity_file, &st) < 0)
stat(identity_file, &st) < 0Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
0-1
401 fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
never executed: fatal("%s: %s: %s", __progname, identity_file, strerror( (*__errno_location ()) ));
0
402 if ((r = sshkey_load_public(identity_file, &k, NULL)) != 0)
(r = sshkey_lo...d *)0) )) != 0Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
0-1
403 k = load_identity(identity_file);
never executed: k = load_identity(identity_file);
0
404 switch (convert_format) {-
405 case FMT_RFC4716:
executed 1 time by 1 test: case FMT_RFC4716:
Executed by:
  • ssh-keygen
1
406 do_convert_to_ssh2(pw, k);-
407 break;
never executed: break;
0
408 case FMT_PKCS8:
never executed: case FMT_PKCS8:
0
409 do_convert_to_pkcs8(k);-
410 break;
never executed: break;
0
411 case FMT_PEM:
never executed: case FMT_PEM:
0
412 do_convert_to_pem(k);-
413 break;
never executed: break;
0
414 default:
never executed: default:
0
415 fatal("%s: unknown key format %d", __func__, convert_format);-
416 }
never executed: end of block
0
417 exit(0);
never executed: exit(0);
0
418}-
419-
420/*-
421 * This is almost exactly the bignum1 encoding, but with 32 bit for length-
422 * instead of 16.-
423 */-
424static void-
425buffer_get_bignum_bits(struct sshbuf *b, BIGNUM *value)-
426{-
427 u_int bytes, bignum_bits;-
428 int r;-
429-
430 if ((r = sshbuf_get_u32(b, &bignum_bits)) != 0)
(r = sshbuf_ge...um_bits)) != 0Description
TRUEnever evaluated
FALSEevaluated 20 times by 1 test
Evaluated by:
  • ssh-keygen
0-20
431 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
432 bytes = (bignum_bits + 7) / 8;-
433 if (sshbuf_len(b) < bytes)
sshbuf_len(b) < bytesDescription
TRUEnever evaluated
FALSEevaluated 20 times by 1 test
Evaluated by:
  • ssh-keygen
0-20
434 fatal("%s: input buffer too small: need %d have %zu",
never executed: fatal("%s: input buffer too small: need %d have %zu", __func__, bytes, sshbuf_len(b));
0
435 __func__, bytes, sshbuf_len(b));
never executed: fatal("%s: input buffer too small: need %d have %zu", __func__, bytes, sshbuf_len(b));
0
436 if (BN_bin2bn(sshbuf_ptr(b), bytes, value) == NULL)
BN_bin2bn(sshb...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 20 times by 1 test
Evaluated by:
  • ssh-keygen
0-20
437 fatal("%s: BN_bin2bn failed", __func__);
never executed: fatal("%s: BN_bin2bn failed", __func__);
0
438 if ((r = sshbuf_consume(b, bytes)) != 0)
(r = sshbuf_co..., bytes)) != 0Description
TRUEnever evaluated
FALSEevaluated 20 times by 1 test
Evaluated by:
  • ssh-keygen
0-20
439 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
440}
executed 20 times by 1 test: end of block
Executed by:
  • ssh-keygen
20
441-
442static struct sshkey *-
443do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)-
444{-
445 struct sshbuf *b;-
446 struct sshkey *key = NULL;-
447 char *type, *cipher;-
448 u_char e1, e2, e3, *sig = NULL, data[] = "abcde12345";-
449 int r, rlen, ktype;-
450 u_int magic, i1, i2, i3, i4;-
451 size_t slen;-
452 u_long e;-
453 BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL;-
454 BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL;-
455 BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL;-
456 BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL;-
457 if ((b = sshbuf_from(blob, blen)) == NULL)
(b = sshbuf_fr...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
0-4
458 fatal("%s: sshbuf_from failed", __func__);
never executed: fatal("%s: sshbuf_from failed", __func__);
0
459 if ((r = sshbuf_get_u32(b, &magic)) != 0)
(r = sshbuf_ge... &magic)) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
0-4
460 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
461-
462 if (magic != SSH_COM_PRIVATE_KEY_MAGIC) {
magic != 0x3f6ff9ebDescription
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
0-4
463 error("bad magic 0x%x != 0x%x", magic,-
464 SSH_COM_PRIVATE_KEY_MAGIC);-
465 sshbuf_free(b);-
466 return NULL;
never executed: return ((void *)0) ;
0
467 }-
468 if ((r = sshbuf_get_u32(b, &i1)) != 0 ||
(r = sshbuf_ge...(b, &i1)) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
0-4
469 (r = sshbuf_get_cstring(b, &type, NULL)) != 0 ||
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
0-4
470 (r = sshbuf_get_cstring(b, &cipher, NULL)) != 0 ||
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
0-4
471 (r = sshbuf_get_u32(b, &i2)) != 0 ||
(r = sshbuf_ge...(b, &i2)) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
0-4
472 (r = sshbuf_get_u32(b, &i3)) != 0 ||
(r = sshbuf_ge...(b, &i3)) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
0-4
473 (r = sshbuf_get_u32(b, &i4)) != 0)
(r = sshbuf_ge...(b, &i4)) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
0-4
474 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
475 debug("ignore (%d %d %d %d)", i1, i2, i3, i4);-
476 if (strcmp(cipher, "none") != 0) {
never executed: __result = (((const unsigned char *) (const char *) ( cipher ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "none" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0-4
477 error("unsupported cipher %s", cipher);-
478 free(cipher);-
479 sshbuf_free(b);-
480 free(type);-
481 return NULL;
never executed: return ((void *)0) ;
0
482 }-
483 free(cipher);-
484-
485 if (strstr(type, "dsa")) {
strstr(type, "dsa")Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
1-3
486 ktype = KEY_DSA;-
487 } else if (strstr(type, "rsa")) {
executed 1 time by 1 test: end of block
Executed by:
  • ssh-keygen
strstr(type, "rsa")Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
0-3
488 ktype = KEY_RSA;-
489 } else {
executed 3 times by 1 test: end of block
Executed by:
  • ssh-keygen
3
490 sshbuf_free(b);-
491 free(type);-
492 return NULL;
never executed: return ((void *)0) ;
0
493 }-
494 if ((key = sshkey_new(ktype)) == NULL)
(key = sshkey_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
0-4
495 fatal("sshkey_new failed");
never executed: fatal("sshkey_new failed");
0
496 free(type);-
497-
498 switch (key->type) {-
499 case KEY_DSA:
executed 1 time by 1 test: case KEY_DSA:
Executed by:
  • ssh-keygen
1
500 if ((dsa_p = BN_new()) == NULL ||
(dsa_p = BN_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
0-1
501 (dsa_q = BN_new()) == NULL ||
(dsa_q = BN_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
0-1
502 (dsa_g = BN_new()) == NULL ||
(dsa_g = BN_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
0-1
503 (dsa_pub_key = BN_new()) == NULL ||
(dsa_pub_key =...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
0-1
504 (dsa_priv_key = BN_new()) == NULL)
(dsa_priv_key ...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
0-1
505 fatal("%s: BN_new", __func__);
never executed: fatal("%s: BN_new", __func__);
0
506 buffer_get_bignum_bits(b, dsa_p);-
507 buffer_get_bignum_bits(b, dsa_g);-
508 buffer_get_bignum_bits(b, dsa_q);-
509 buffer_get_bignum_bits(b, dsa_pub_key);-
510 buffer_get_bignum_bits(b, dsa_priv_key);-
511 if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g))
!DSA_set0_pqg(... dsa_q, dsa_g)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
0-1
512 fatal("%s: DSA_set0_pqg failed", __func__);
never executed: fatal("%s: DSA_set0_pqg failed", __func__);
0
513 dsa_p = dsa_q = dsa_g = NULL; /* transferred */-
514 if (!DSA_set0_key(key->dsa, dsa_pub_key, dsa_priv_key))
!DSA_set0_key(... dsa_priv_key)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
0-1
515 fatal("%s: DSA_set0_key failed", __func__);
never executed: fatal("%s: DSA_set0_key failed", __func__);
0
516 dsa_pub_key = dsa_priv_key = NULL; /* transferred */-
517 break;
executed 1 time by 1 test: break;
Executed by:
  • ssh-keygen
1
518 case KEY_RSA:
executed 3 times by 1 test: case KEY_RSA:
Executed by:
  • ssh-keygen
3
519 if ((r = sshbuf_get_u8(b, &e1)) != 0 ||
(r = sshbuf_ge...(b, &e1)) != 0Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
0-3
520 (e1 < 30 && (r = sshbuf_get_u8(b, &e2)) != 0) ||
e1 < 30Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
(r = sshbuf_ge...(b, &e2)) != 0Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
0-3
521 (e1 < 30 && (r = sshbuf_get_u8(b, &e3)) != 0))
e1 < 30Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
(r = sshbuf_ge...(b, &e3)) != 0Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
0-3
522 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
523 e = e1;-
524 debug("e %lx", e);-
525 if (e < 30) {
e < 30Description
TRUEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
0-3
526 e <<= 8;-
527 e += e2;-
528 debug("e %lx", e);-
529 e <<= 8;-
530 e += e3;-
531 debug("e %lx", e);-
532 }
executed 3 times by 1 test: end of block
Executed by:
  • ssh-keygen
3
533 if ((rsa_e = BN_new()) == NULL)
(rsa_e = BN_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
0-3
534 fatal("%s: BN_new", __func__);
never executed: fatal("%s: BN_new", __func__);
0
535 if (!BN_set_word(rsa_e, e)) {
!BN_set_word(rsa_e, e)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
0-3
536 BN_clear_free(rsa_e);-
537 sshbuf_free(b);-
538 sshkey_free(key);-
539 return NULL;
never executed: return ((void *)0) ;
0
540 }-
541 if ((rsa_n = BN_new()) == NULL ||
(rsa_n = BN_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
0-3
542 (rsa_d = BN_new()) == NULL ||
(rsa_d = BN_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
0-3
543 (rsa_p = BN_new()) == NULL ||
(rsa_p = BN_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
0-3
544 (rsa_q = BN_new()) == NULL ||
(rsa_q = BN_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
0-3
545 (rsa_iqmp = BN_new()) == NULL)
(rsa_iqmp = BN...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
0-3
546 fatal("%s: BN_new", __func__);
never executed: fatal("%s: BN_new", __func__);
0
547 buffer_get_bignum_bits(b, rsa_d);-
548 buffer_get_bignum_bits(b, rsa_n);-
549 buffer_get_bignum_bits(b, rsa_iqmp);-
550 buffer_get_bignum_bits(b, rsa_q);-
551 buffer_get_bignum_bits(b, rsa_p);-
552 if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, rsa_d))
!RSA_set0_key(... rsa_e, rsa_d)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
0-3
553 fatal("%s: RSA_set0_key failed", __func__);
never executed: fatal("%s: RSA_set0_key failed", __func__);
0
554 rsa_n = rsa_e = rsa_d = NULL; /* transferred */-
555 if (!RSA_set0_factors(key->rsa, rsa_p, rsa_q))
!RSA_set0_fact... rsa_p, rsa_q)Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
0-3
556 fatal("%s: RSA_set0_factors failed", __func__);
never executed: fatal("%s: RSA_set0_factors failed", __func__);
0
557 rsa_p = rsa_q = NULL; /* transferred */-
558 if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0)
(r = ssh_rsa_c...sa_iqmp)) != 0Description
TRUEnever evaluated
FALSEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
0-3
559 fatal("generate RSA parameters failed: %s", ssh_err(r));
never executed: fatal("generate RSA parameters failed: %s", ssh_err(r));
0
560 BN_clear_free(rsa_iqmp);-
561 break;
executed 3 times by 1 test: break;
Executed by:
  • ssh-keygen
3
562 }-
563 rlen = sshbuf_len(b);-
564 if (rlen != 0)
rlen != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
0-4
565 error("do_convert_private_ssh2_from_blob: "
never executed: error("do_convert_private_ssh2_from_blob: " "remaining bytes in key blob %d", rlen);
0
566 "remaining bytes in key blob %d", rlen);
never executed: error("do_convert_private_ssh2_from_blob: " "remaining bytes in key blob %d", rlen);
0
567 sshbuf_free(b);-
568-
569 /* try the key */-
570 if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 ||
sshkey_sign(ke...*)0) , 0) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
0-4
571 sshkey_verify(key, sig, slen, data, sizeof(data), NULL, 0) != 0) {
sshkey_verify(...*)0) , 0) != 0Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
0-4
572 sshkey_free(key);-
573 free(sig);-
574 return NULL;
never executed: return ((void *)0) ;
0
575 }-
576 free(sig);-
577 return key;
executed 4 times by 1 test: return key;
Executed by:
  • ssh-keygen
4
578}-
579-
580static int-
581get_line(FILE *fp, char *line, size_t len)-
582{-
583 int c;-
584 size_t pos = 0;-
585-
586 line[0] = '\0';-
587 while ((c = fgetc(fp)) != EOF) {
(c = fgetc(fp)) != (-1)Description
TRUEevaluated 4696 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
0-4696
588 if (pos >= len - 1)
pos >= len - 1Description
TRUEnever evaluated
FALSEevaluated 4696 times by 1 test
Evaluated by:
  • ssh-keygen
0-4696
589 fatal("input line too long.");
never executed: fatal("input line too long.");
0
590 switch (c) {-
591 case '\r':
executed 30 times by 1 test: case '\r':
Executed by:
  • ssh-keygen
30
592 c = fgetc(fp);-
593 if (c != EOF && c != '\n' && ungetc(c, fp) == EOF)
c != (-1)Description
TRUEevaluated 30 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
c != '\n'Description
TRUEevaluated 15 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 15 times by 1 test
Evaluated by:
  • ssh-keygen
ungetc(c, fp) == (-1)Description
TRUEnever evaluated
FALSEevaluated 15 times by 1 test
Evaluated by:
  • ssh-keygen
0-30
594 fatal("unget: %s", strerror(errno));
never executed: fatal("unget: %s", strerror( (*__errno_location ()) ));
0
595 return pos;
executed 30 times by 1 test: return pos;
Executed by:
  • ssh-keygen
30
596 case '\n':
executed 48 times by 1 test: case '\n':
Executed by:
  • ssh-keygen
48
597 return pos;
executed 48 times by 1 test: return pos;
Executed by:
  • ssh-keygen
48
598 }-
599 line[pos++] = c;-
600 line[pos] = '\0';-
601 }
executed 4618 times by 1 test: end of block
Executed by:
  • ssh-keygen
4618
602 /* We reached EOF */-
603 return -1;
never executed: return -1;
0
604}-
605-
606static void-
607do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private)-
608{-
609 int r, blen, escaped = 0;-
610 u_int len;-
611 char line[1024];-
612 u_char blob[8096];-
613 char encoded[8096];-
614 FILE *fp;-
615-
616 if ((fp = fopen(identity_file, "r")) == NULL)
(fp = fopen(id...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • ssh-keygen
0-6
617 fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
never executed: fatal("%s: %s: %s", __progname, identity_file, strerror( (*__errno_location ()) ));
0
618 encoded[0] = '\0';-
619 while ((blen = get_line(fp, line, sizeof(line))) != -1) {
(blen = get_li...(line))) != -1Description
TRUEevaluated 78 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
0-78
620 if (blen > 0 && line[blen - 1] == '\\')
blen > 0Description
TRUEevaluated 78 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
line[blen - 1] == '\\'Description
TRUEnever evaluated
FALSEevaluated 78 times by 1 test
Evaluated by:
  • ssh-keygen
0-78
621 escaped++;
never executed: escaped++;
0
622 if (strncmp(line, "----", 4) == 0 ||
never executed: __result = (((const unsigned char *) (const char *) ( line ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "----" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
(__extension__..." , 4 ))) == 0Description
TRUEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 66 times by 1 test
Evaluated by:
  • ssh-keygen
__builtin_constant_p ( 4 )Description
TRUEevaluated 78 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
__builtin_constant_p ( line )Description
TRUEnever evaluated
FALSEevaluated 78 times by 1 test
Evaluated by:
  • ssh-keygen
strlen ( line ...size_t) ( 4 ))Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons...t_p ( "----" )Description
TRUEevaluated 78 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
strlen ( "----...size_t) ( 4 ))Description
TRUEnever evaluated
FALSEevaluated 78 times by 1 test
Evaluated by:
  • ssh-keygen
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0-78
623 strstr(line, ": ") != NULL) {
strstr(line, "...!= ((void *)0)Description
TRUEevaluated 11 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 55 times by 1 test
Evaluated by:
  • ssh-keygen
11-55
624 if (strstr(line, SSH_COM_PRIVATE_BEGIN) != NULL)
strstr(line, "...!= ((void *)0)Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 19 times by 1 test
Evaluated by:
  • ssh-keygen
4-19
625 *private = 1;
executed 4 times by 1 test: *private = 1;
Executed by:
  • ssh-keygen
4
626 if (strstr(line, " END ") != NULL) {
strstr(line, "...!= ((void *)0)Description
TRUEevaluated 6 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 17 times by 1 test
Evaluated by:
  • ssh-keygen
6-17
627 break;
executed 6 times by 1 test: break;
Executed by:
  • ssh-keygen
6
628 }-
629 /* fprintf(stderr, "ignore: %s", line); */-
630 continue;
executed 17 times by 1 test: continue;
Executed by:
  • ssh-keygen
17
631 }-
632 if (escaped) {
escapedDescription
TRUEnever evaluated
FALSEevaluated 55 times by 1 test
Evaluated by:
  • ssh-keygen
0-55
633 escaped--;-
634 /* fprintf(stderr, "escaped: %s", line); */-
635 continue;
never executed: continue;
0
636 }-
637 strlcat(encoded, line, sizeof(encoded));-
638 }
executed 55 times by 1 test: end of block
Executed by:
  • ssh-keygen
55
639 len = strlen(encoded);-
640 if (((len % 4) == 3) &&
((len % 4) == 3)Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • ssh-keygen
0-6
641 (encoded[len-1] == '=') &&
(encoded[len-1] == '=')Description
TRUEnever evaluated
FALSEnever evaluated
0
642 (encoded[len-2] == '=') &&
(encoded[len-2] == '=')Description
TRUEnever evaluated
FALSEnever evaluated
0
643 (encoded[len-3] == '='))
(encoded[len-3] == '=')Description
TRUEnever evaluated
FALSEnever evaluated
0
644 encoded[len-3] = '\0';
never executed: encoded[len-3] = '\0';
0
645 blen = uudecode(encoded, blob, sizeof(blob));-
646 if (blen < 0)
blen < 0Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • ssh-keygen
0-6
647 fatal("uudecode failed.");
never executed: fatal("uudecode failed.");
0
648 if (*private)
*privateDescription
TRUEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 2 times by 1 test
Evaluated by:
  • ssh-keygen
2-4
649 *k = do_convert_private_ssh2_from_blob(blob, blen);
executed 4 times by 1 test: *k = do_convert_private_ssh2_from_blob(blob, blen);
Executed by:
  • ssh-keygen
4
650 else if ((r = sshkey_from_blob(blob, blen, k)) != 0)
(r = sshkey_fr...blen, k)) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • ssh-keygen
0-2
651 fatal("decode blob failed: %s", ssh_err(r));
never executed: fatal("decode blob failed: %s", ssh_err(r));
0
652 fclose(fp);-
653}
executed 6 times by 1 test: end of block
Executed by:
  • ssh-keygen
6
654-
655static void-
656do_convert_from_pkcs8(struct sshkey **k, int *private)-
657{-
658 EVP_PKEY *pubkey;-
659 FILE *fp;-
660-
661 if ((fp = fopen(identity_file, "r")) == NULL)
(fp = fopen(id...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
662 fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
never executed: fatal("%s: %s: %s", __progname, identity_file, strerror( (*__errno_location ()) ));
0
663 if ((pubkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL)) == NULL) {
(pubkey = PEM_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
664 fatal("%s: %s is not a recognised public key format", __func__,-
665 identity_file);-
666 }
never executed: end of block
0
667 fclose(fp);-
668 switch (EVP_PKEY_base_id(pubkey)) {-
669 case EVP_PKEY_RSA:
never executed: case 6 :
0
670 if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
(*k = sshkey_n...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
671 fatal("sshkey_new failed");
never executed: fatal("sshkey_new failed");
0
672 (*k)->type = KEY_RSA;-
673 (*k)->rsa = EVP_PKEY_get1_RSA(pubkey);-
674 break;
never executed: break;
0
675 case EVP_PKEY_DSA:
never executed: case 116 :
0
676 if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
(*k = sshkey_n...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
677 fatal("sshkey_new failed");
never executed: fatal("sshkey_new failed");
0
678 (*k)->type = KEY_DSA;-
679 (*k)->dsa = EVP_PKEY_get1_DSA(pubkey);-
680 break;
never executed: break;
0
681#ifdef OPENSSL_HAS_ECC-
682 case EVP_PKEY_EC:
never executed: case 408 :
0
683 if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
(*k = sshkey_n...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
684 fatal("sshkey_new failed");
never executed: fatal("sshkey_new failed");
0
685 (*k)->type = KEY_ECDSA;-
686 (*k)->ecdsa = EVP_PKEY_get1_EC_KEY(pubkey);-
687 (*k)->ecdsa_nid = sshkey_ecdsa_key_to_nid((*k)->ecdsa);-
688 break;
never executed: break;
0
689#endif-
690 default:
never executed: default:
0
691 fatal("%s: unsupported pubkey type %d", __func__,-
692 EVP_PKEY_base_id(pubkey));-
693 }
never executed: end of block
0
694 EVP_PKEY_free(pubkey);-
695 return;
never executed: return;
0
696}-
697-
698static void-
699do_convert_from_pem(struct sshkey **k, int *private)-
700{-
701 FILE *fp;-
702 RSA *rsa;-
703-
704 if ((fp = fopen(identity_file, "r")) == NULL)
(fp = fopen(id...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
705 fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
never executed: fatal("%s: %s: %s", __progname, identity_file, strerror( (*__errno_location ()) ));
0
706 if ((rsa = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL)) != NULL) {
(rsa = PEM_rea...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
707 if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
(*k = sshkey_n...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
708 fatal("sshkey_new failed");
never executed: fatal("sshkey_new failed");
0
709 (*k)->type = KEY_RSA;-
710 (*k)->rsa = rsa;-
711 fclose(fp);-
712 return;
never executed: return;
0
713 }-
714 fatal("%s: unrecognised raw private key format", __func__);-
715}
never executed: end of block
0
716-
717static void-
718do_convert_from(struct passwd *pw)-
719{-
720 struct sshkey *k = NULL;-
721 int r, private = 0, ok = 0;-
722 struct stat st;-
723-
724 if (!have_identity)
!have_identityDescription
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • ssh-keygen
0-6
725 ask_filename(pw, "Enter file in which the key is");
never executed: ask_filename(pw, "Enter file in which the key is");
0
726 if (stat(identity_file, &st) < 0)
stat(identity_file, &st) < 0Description
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • ssh-keygen
0-6
727 fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
never executed: fatal("%s: %s: %s", __progname, identity_file, strerror( (*__errno_location ()) ));
0
728-
729 switch (convert_format) {-
730 case FMT_RFC4716:
executed 6 times by 1 test: case FMT_RFC4716:
Executed by:
  • ssh-keygen
6
731 do_convert_from_ssh2(pw, &k, &private);-
732 break;
executed 6 times by 1 test: break;
Executed by:
  • ssh-keygen
6
733 case FMT_PKCS8:
never executed: case FMT_PKCS8:
0
734 do_convert_from_pkcs8(&k, &private);-
735 break;
never executed: break;
0
736 case FMT_PEM:
never executed: case FMT_PEM:
0
737 do_convert_from_pem(&k, &private);-
738 break;
never executed: break;
0
739 default:
never executed: default:
0
740 fatal("%s: unknown key format %d", __func__, convert_format);-
741 }
never executed: end of block
0
742-
743 if (!private) {
!privateDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
2-4
744 if ((r = sshkey_write(k, stdout)) == 0)
(r = sshkey_wr...stdout )) == 0Description
TRUEevaluated 2 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
0-2
745 ok = 1;
executed 2 times by 1 test: ok = 1;
Executed by:
  • ssh-keygen
2
746 if (ok)
okDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
0-2
747 fprintf(stdout, "\n");
executed 2 times by 1 test: fprintf( stdout , "\n");
Executed by:
  • ssh-keygen
2
748 } else {
executed 2 times by 1 test: end of block
Executed by:
  • ssh-keygen
2
749 switch (k->type) {-
750 case KEY_DSA:
executed 1 time by 1 test: case KEY_DSA:
Executed by:
  • ssh-keygen
1
751 ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL,-
752 NULL, 0, NULL, NULL);-
753 break;
executed 1 time by 1 test: break;
Executed by:
  • ssh-keygen
1
754#ifdef OPENSSL_HAS_ECC-
755 case KEY_ECDSA:
never executed: case KEY_ECDSA:
0
756 ok = PEM_write_ECPrivateKey(stdout, k->ecdsa, NULL,-
757 NULL, 0, NULL, NULL);-
758 break;
never executed: break;
0
759#endif-
760 case KEY_RSA:
executed 3 times by 1 test: case KEY_RSA:
Executed by:
  • ssh-keygen
3
761 ok = PEM_write_RSAPrivateKey(stdout, k->rsa, NULL,-
762 NULL, 0, NULL, NULL);-
763 break;
executed 3 times by 1 test: break;
Executed by:
  • ssh-keygen
3
764 default:
never executed: default:
0
765 fatal("%s: unsupported key type %s", __func__,-
766 sshkey_type(k));-
767 }
never executed: end of block
0
768 }-
769-
770 if (!ok)
!okDescription
TRUEnever evaluated
FALSEevaluated 6 times by 1 test
Evaluated by:
  • ssh-keygen
0-6
771 fatal("key write failed");
never executed: fatal("key write failed");
0
772 sshkey_free(k);-
773 exit(0);
executed 6 times by 1 test: exit(0);
Executed by:
  • ssh-keygen
6
774}-
775#endif-
776-
777static void-
778do_print_public(struct passwd *pw)-
779{-
780 struct sshkey *prv;-
781 struct stat st;-
782 int r;-
783-
784 if (!have_identity)
!have_identityDescription
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • ssh-keygen
0-2
785 ask_filename(pw, "Enter file in which the key is");
never executed: ask_filename(pw, "Enter file in which the key is");
0
786 if (stat(identity_file, &st) < 0)
stat(identity_file, &st) < 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • ssh-keygen
0-2
787 fatal("%s: %s", identity_file, strerror(errno));
never executed: fatal("%s: %s", identity_file, strerror( (*__errno_location ()) ));
0
788 prv = load_identity(identity_file);-
789 if ((r = sshkey_write(prv, stdout)) != 0)
(r = sshkey_wr...stdout )) != 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • ssh-keygen
0-2
790 error("sshkey_write failed: %s", ssh_err(r));
never executed: error("sshkey_write failed: %s", ssh_err(r));
0
791 sshkey_free(prv);-
792 fprintf(stdout, "\n");-
793 exit(0);
executed 2 times by 1 test: exit(0);
Executed by:
  • ssh-keygen
2
794}-
795-
796static void-
797do_download(struct passwd *pw)-
798{-
799#ifdef ENABLE_PKCS11-
800 struct sshkey **keys = NULL;-
801 int i, nkeys;-
802 enum sshkey_fp_rep rep;-
803 int fptype;-
804 char *fp, *ra;-
805-
806 fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;
print_bubblebabbleDescription
TRUEnever evaluated
FALSEnever evaluated
0
807 rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
print_bubblebabbleDescription
TRUEnever evaluated
FALSEnever evaluated
0
808-
809 pkcs11_init(0);-
810 nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys);-
811 if (nkeys <= 0)
nkeys <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
812 fatal("cannot read public key from pkcs11");
never executed: fatal("cannot read public key from pkcs11");
0
813 for (i = 0; i < nkeys; i++) {
i < nkeysDescription
TRUEnever evaluated
FALSEnever evaluated
0
814 if (print_fingerprint) {
print_fingerprintDescription
TRUEnever evaluated
FALSEnever evaluated
0
815 fp = sshkey_fingerprint(keys[i], fptype, rep);-
816 ra = sshkey_fingerprint(keys[i], fingerprint_hash,-
817 SSH_FP_RANDOMART);-
818 if (fp == NULL || ra == NULL)
fp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
ra == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
819 fatal("%s: sshkey_fingerprint fail", __func__);
never executed: fatal("%s: sshkey_fingerprint fail", __func__);
0
820 printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]),-
821 fp, sshkey_type(keys[i]));-
822 if (log_level >= SYSLOG_LEVEL_VERBOSE)
log_level >= S..._LEVEL_VERBOSEDescription
TRUEnever evaluated
FALSEnever evaluated
0
823 printf("%s\n", ra);
never executed: printf("%s\n", ra);
0
824 free(ra);-
825 free(fp);-
826 } else {
never executed: end of block
0
827 (void) sshkey_write(keys[i], stdout); /* XXX check */-
828 fprintf(stdout, "\n");-
829 }
never executed: end of block
0
830 sshkey_free(keys[i]);-
831 }
never executed: end of block
0
832 free(keys);-
833 pkcs11_terminate();-
834 exit(0);
never executed: exit(0);
0
835#else-
836 fatal("no pkcs11 support");-
837#endif /* ENABLE_PKCS11 */-
838}-
839-
840static struct sshkey *-
841try_read_key(char **cpp)-
842{-
843 struct sshkey *ret;-
844 int r;-
845-
846 if ((ret = sshkey_new(KEY_UNSPEC)) == NULL)
(ret = sshkey_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
0-4
847 fatal("sshkey_new failed");
never executed: fatal("sshkey_new failed");
0
848 if ((r = sshkey_read(ret, cpp)) == 0)
(r = sshkey_re...et, cpp)) == 0Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
0-4
849 return ret;
executed 4 times by 1 test: return ret;
Executed by:
  • ssh-keygen
4
850 /* Not a key */-
851 sshkey_free(ret);-
852 return NULL;
never executed: return ((void *)0) ;
0
853}-
854-
855static void-
856fingerprint_one_key(const struct sshkey *public, const char *comment)-
857{-
858 char *fp = NULL, *ra = NULL;-
859 enum sshkey_fp_rep rep;-
860 int fptype;-
861-
862 fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;
print_bubblebabbleDescription
TRUEevaluated 5 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
5-7
863 rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
print_bubblebabbleDescription
TRUEevaluated 5 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
5-7
864 fp = sshkey_fingerprint(public, fptype, rep);-
865 ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART);-
866 if (fp == NULL || ra == NULL)
fp == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
ra == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
0-12
867 fatal("%s: sshkey_fingerprint failed", __func__);
never executed: fatal("%s: sshkey_fingerprint failed", __func__);
0
868 mprintf("%u %s %s (%s)\n", sshkey_size(public), fp,-
869 comment ? comment : "no comment", sshkey_type(public));-
870 if (log_level >= SYSLOG_LEVEL_VERBOSE)
log_level >= S..._LEVEL_VERBOSEDescription
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
0-12
871 printf("%s\n", ra);
never executed: printf("%s\n", ra);
0
872 free(ra);-
873 free(fp);-
874}
executed 12 times by 1 test: end of block
Executed by:
  • ssh-keygen
12
875-
876static void-
877fingerprint_private(const char *path)-
878{-
879 struct stat st;-
880 char *comment = NULL;-
881 struct sshkey *public = NULL;-
882 int r;-
883-
884 if (stat(identity_file, &st) < 0)
stat(identity_file, &st) < 0Description
TRUEnever evaluated
FALSEevaluated 8 times by 1 test
Evaluated by:
  • ssh-keygen
0-8
885 fatal("%s: %s", path, strerror(errno));
never executed: fatal("%s: %s", path, strerror( (*__errno_location ()) ));
0
886 if ((r = sshkey_load_public(path, &public, &comment)) != 0) {
(r = sshkey_lo...comment)) != 0Description
TRUEnever evaluated
FALSEevaluated 8 times by 1 test
Evaluated by:
  • ssh-keygen
0-8
887 debug("load public \"%s\": %s", path, ssh_err(r));-
888 if ((r = sshkey_load_private(path, NULL,
(r = sshkey_lo...comment)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
889 &public, &comment)) != 0) {
(r = sshkey_lo...comment)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
890 debug("load private \"%s\": %s", path, ssh_err(r));-
891 fatal("%s is not a key file.", path);-
892 }
never executed: end of block
0
893 }
never executed: end of block
0
894-
895 fingerprint_one_key(public, comment);-
896 sshkey_free(public);-
897 free(comment);-
898}
executed 8 times by 1 test: end of block
Executed by:
  • ssh-keygen
8
899-
900static void-
901do_fingerprint(struct passwd *pw)-
902{-
903 FILE *f;-
904 struct sshkey *public = NULL;-
905 char *comment = NULL, *cp, *ep, *line = NULL;-
906 size_t linesize = 0;-
907 int i, invalid = 1;-
908 const char *path;-
909 u_long lnum = 0;-
910-
911 if (!have_identity)
!have_identityDescription
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
0-12
912 ask_filename(pw, "Enter file in which the key is");
never executed: ask_filename(pw, "Enter file in which the key is");
0
913 path = identity_file;-
914-
915 if (strcmp(identity_file, "-") == 0) {
never executed: __result = (((const unsigned char *) (const char *) ( identity_file ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "-" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0-12
916 f = stdin;-
917 path = "(stdin)";-
918 } else if ((f = fopen(path, "r")) == NULL)
never executed: end of block
(f = fopen(pat...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
0-12
919 fatal("%s: %s: %s", __progname, path, strerror(errno));
never executed: fatal("%s: %s: %s", __progname, path, strerror( (*__errno_location ()) ));
0
920-
921 while (getline(&line, &linesize, f) != -1) {
getline(&line,...size, f) != -1Description
TRUEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
4-12
922 lnum++;-
923 cp = line;-
924 cp[strcspn(cp, "\n")] = '\0';-
925 /* Trim leading space and comments */-
926 cp = line + strspn(line, " \t");-
927 if (*cp == '#' || *cp == '\0')
*cp == '#'Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
*cp == '\0'Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
0-12
928 continue;
never executed: continue;
0
929-
930 /*-
931 * Input may be plain keys, private keys, authorized_keys-
932 * or known_hosts.-
933 */-
934-
935 /*-
936 * Try private keys first. Assume a key is private if-
937 * "SSH PRIVATE KEY" appears on the first line and we're-
938 * not reading from stdin (XXX support private keys on stdin).-
939 */-
940 if (lnum == 1 && strcmp(identity_file, "-") != 0 &&
never executed: __result = (((const unsigned char *) (const char *) ( identity_file ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "-" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
lnum == 1Description
TRUEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
__extension__ ... )))); }) != 0Description
TRUEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEevaluated 12 times by 1 test
Evaluated by:
  • ssh-keygen
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0-12
941 strstr(cp, "PRIVATE KEY") != NULL) {
strstr(cp, "PR...!= ((void *)0)Description
TRUEevaluated 8 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
4-8
942 free(line);-
943 fclose(f);-
944 fingerprint_private(path);-
945 exit(0);
executed 8 times by 1 test: exit(0);
Executed by:
  • ssh-keygen
8
946 }-
947-
948 /*-
949 * If it's not a private key, then this must be prepared to-
950 * accept a public key prefixed with a hostname or options.-
951 * Try a bare key first, otherwise skip the leading stuff.-
952 */-
953 if ((public = try_read_key(&cp)) == NULL) {
(public = try_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
0-4
954 i = strtol(cp, &ep, 10);-
955 if (i == 0 || ep == NULL ||
i == 0Description
TRUEnever evaluated
FALSEnever evaluated
ep == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
956 (*ep != ' ' && *ep != '\t')) {
*ep != ' 'Description
TRUEnever evaluated
FALSEnever evaluated
*ep != '\t'Description
TRUEnever evaluated
FALSEnever evaluated
0
957 int quoted = 0;-
958-
959 comment = cp;-
960 for (; *cp && (quoted || (*cp != ' ' &&
*cpDescription
TRUEnever evaluated
FALSEnever evaluated
quotedDescription
TRUEnever evaluated
FALSEnever evaluated
*cp != ' 'Description
TRUEnever evaluated
FALSEnever evaluated
0
961 *cp != '\t')); cp++) {
*cp != '\t'Description
TRUEnever evaluated
FALSEnever evaluated
0
962 if (*cp == '\\' && cp[1] == '"')
*cp == '\\'Description
TRUEnever evaluated
FALSEnever evaluated
cp[1] == '"'Description
TRUEnever evaluated
FALSEnever evaluated
0
963 cp++; /* Skip both */
never executed: cp++;
0
964 else if (*cp == '"')
*cp == '"'Description
TRUEnever evaluated
FALSEnever evaluated
0
965 quoted = !quoted;
never executed: quoted = !quoted;
0
966 }
never executed: end of block
0
967 if (!*cp)
!*cpDescription
TRUEnever evaluated
FALSEnever evaluated
0
968 continue;
never executed: continue;
0
969 *cp++ = '\0';-
970 }
never executed: end of block
0
971 }
never executed: end of block
0
972 /* Retry after parsing leading hostname/key options */-
973 if (public == NULL && (public = try_read_key(&cp)) == NULL) {
public == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
(public = try_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0-4
974 debug("%s:%lu: not a public key", path, lnum);-
975 continue;
never executed: continue;
0
976 }-
977-
978 /* Find trailing comment, if any */-
979 for (; *cp == ' ' || *cp == '\t'; cp++)
*cp == ' 'Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
*cp == '\t'Description
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
0-4
980 ;
never executed: ;
0
981 if (*cp != '\0' && *cp != '#')
*cp != '\0'Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 3 times by 1 test
Evaluated by:
  • ssh-keygen
*cp != '#'Description
TRUEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
0-3
982 comment = cp;
executed 1 time by 1 test: comment = cp;
Executed by:
  • ssh-keygen
1
983-
984 fingerprint_one_key(public, comment);-
985 sshkey_free(public);-
986 invalid = 0; /* One good key in the file is sufficient */-
987 }
executed 4 times by 1 test: end of block
Executed by:
  • ssh-keygen
4
988 fclose(f);-
989 free(line);-
990-
991 if (invalid)
invalidDescription
TRUEnever evaluated
FALSEevaluated 4 times by 1 test
Evaluated by:
  • ssh-keygen
0-4
992 fatal("%s is not a public key file.", path);
never executed: fatal("%s is not a public key file.", path);
0
993 exit(0);
executed 4 times by 1 test: exit(0);
Executed by:
  • ssh-keygen
4
994}-
995-
996static void-
997do_gen_all_hostkeys(struct passwd *pw)-
998{-
999 struct {-
1000 char *key_type;-
1001 char *key_type_display;-
1002 char *path;-
1003 } key_types[] = {-
1004#ifdef WITH_OPENSSL-
1005 { "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE },-
1006 { "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE },-
1007#ifdef OPENSSL_HAS_ECC-
1008 { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },-
1009#endif /* OPENSSL_HAS_ECC */-
1010#endif /* WITH_OPENSSL */-
1011 { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },-
1012#ifdef WITH_XMSS-
1013 { "xmss", "XMSS",_PATH_HOST_XMSS_KEY_FILE },-
1014#endif /* WITH_XMSS */-
1015 { NULL, NULL, NULL }-
1016 };-
1017-
1018 int first = 0;-
1019 struct stat st;-
1020 struct sshkey *private, *public;-
1021 char comment[1024], *prv_tmp, *pub_tmp, *prv_file, *pub_file;-
1022 int i, type, fd, r;-
1023 FILE *f;-
1024-
1025 for (i = 0; key_types[i].key_type; i++) {
key_types[i].key_typeDescription
TRUEnever evaluated
FALSEnever evaluated
0
1026 public = private = NULL;-
1027 prv_tmp = pub_tmp = prv_file = pub_file = NULL;-
1028-
1029 xasprintf(&prv_file, "%s%s",-
1030 identity_file, key_types[i].path);-
1031-
1032 /* Check whether private key exists and is not zero-length */-
1033 if (stat(prv_file, &st) == 0) {
stat(prv_file, &st) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1034 if (st.st_size != 0)
st.st_size != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1035 goto next;
never executed: goto next;
0
1036 } else if (errno != ENOENT) {
never executed: end of block
(*__errno_location ()) != 2Description
TRUEnever evaluated
FALSEnever evaluated
0
1037 error("Could not stat %s: %s", key_types[i].path,-
1038 strerror(errno));-
1039 goto failnext;
never executed: goto failnext;
0
1040 }-
1041-
1042 /*-
1043 * Private key doesn't exist or is invalid; proceed with-
1044 * key generation.-
1045 */-
1046 xasprintf(&prv_tmp, "%s%s.XXXXXXXXXX",-
1047 identity_file, key_types[i].path);-
1048 xasprintf(&pub_tmp, "%s%s.pub.XXXXXXXXXX",-
1049 identity_file, key_types[i].path);-
1050 xasprintf(&pub_file, "%s%s.pub",-
1051 identity_file, key_types[i].path);-
1052-
1053 if (first == 0) {
first == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1054 first = 1;-
1055 printf("%s: generating new host keys: ", __progname);-
1056 }
never executed: end of block
0
1057 printf("%s ", key_types[i].key_type_display);-
1058 fflush(stdout);-
1059 type = sshkey_type_from_name(key_types[i].key_type);-
1060 if ((fd = mkstemp(prv_tmp)) == -1) {
(fd = mkstemp(prv_tmp)) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1061 error("Could not save your public key in %s: %s",-
1062 prv_tmp, strerror(errno));-
1063 goto failnext;
never executed: goto failnext;
0
1064 }-
1065 close(fd); /* just using mkstemp() to generate/reserve a name */-
1066 bits = 0;-
1067 type_bits_valid(type, NULL, &bits);-
1068 if ((r = sshkey_generate(type, bits, &private)) != 0) {
(r = sshkey_ge...private)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1069 error("sshkey_generate failed: %s", ssh_err(r));-
1070 goto failnext;
never executed: goto failnext;
0
1071 }-
1072 if ((r = sshkey_from_private(private, &public)) != 0)
(r = sshkey_fr...&public)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1073 fatal("sshkey_from_private failed: %s", ssh_err(r));
never executed: fatal("sshkey_from_private failed: %s", ssh_err(r));
0
1074 snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,-
1075 hostname);-
1076 if ((r = sshkey_save_private(private, prv_tmp, "",
(r = sshkey_sa... rounds)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1077 comment, use_new_format, new_format_cipher, rounds)) != 0) {
(r = sshkey_sa... rounds)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1078 error("Saving key \"%s\" failed: %s",-
1079 prv_tmp, ssh_err(r));-
1080 goto failnext;
never executed: goto failnext;
0
1081 }-
1082 if ((fd = mkstemp(pub_tmp)) == -1) {
(fd = mkstemp(pub_tmp)) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1083 error("Could not save your public key in %s: %s",-
1084 pub_tmp, strerror(errno));-
1085 goto failnext;
never executed: goto failnext;
0
1086 }-
1087 (void)fchmod(fd, 0644);-
1088 f = fdopen(fd, "w");-
1089 if (f == NULL) {
f == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1090 error("fdopen %s failed: %s", pub_tmp, strerror(errno));-
1091 close(fd);-
1092 goto failnext;
never executed: goto failnext;
0
1093 }-
1094 if ((r = sshkey_write(public, f)) != 0) {
(r = sshkey_wr...blic, f)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1095 error("write key failed: %s", ssh_err(r));-
1096 fclose(f);-
1097 goto failnext;
never executed: goto failnext;
0
1098 }-
1099 fprintf(f, " %s\n", comment);-
1100 if (ferror(f) != 0) {
ferror(f) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1101 error("write key failed: %s", strerror(errno));-
1102 fclose(f);-
1103 goto failnext;
never executed: goto failnext;
0
1104 }-
1105 if (fclose(f) != 0) {
fclose(f) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1106 error("key close failed: %s", strerror(errno));-
1107 goto failnext;
never executed: goto failnext;
0
1108 }-
1109-
1110 /* Rename temporary files to their permanent locations. */-
1111 if (rename(pub_tmp, pub_file) != 0) {
rename(pub_tmp, pub_file) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1112 error("Unable to move %s into position: %s",-
1113 pub_file, strerror(errno));-
1114 goto failnext;
never executed: goto failnext;
0
1115 }-
1116 if (rename(prv_tmp, prv_file) != 0) {
rename(prv_tmp, prv_file) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1117 error("Unable to move %s into position: %s",-
1118 key_types[i].path, strerror(errno));-
1119 failnext:
code before this statement never executed: failnext:
0
1120 first = 0;-
1121 goto next;
never executed: goto next;
0
1122 }-
1123 next:
code before this statement never executed: next:
0
1124 sshkey_free(private);-
1125 sshkey_free(public);-
1126 free(prv_tmp);-
1127 free(pub_tmp);-
1128 free(prv_file);-
1129 free(pub_file);-
1130 }
never executed: end of block
0
1131 if (first != 0)
first != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1132 printf("\n");
never executed: printf("\n");
0
1133}
never executed: end of block
0
1134-
1135struct known_hosts_ctx {-
1136 const char *host; /* Hostname searched for in find/delete case */-
1137 FILE *out; /* Output file, stdout for find_hosts case */-
1138 int has_unhashed; /* When hashing, original had unhashed hosts */-
1139 int found_key; /* For find/delete, host was found */-
1140 int invalid; /* File contained invalid items; don't delete */-
1141};-
1142-
1143static int-
1144known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)-
1145{-
1146 struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;-
1147 char *hashed, *cp, *hosts, *ohosts;-
1148 int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
l->hostsDescription
TRUEnever evaluated
FALSEnever evaluated
__builtin_strc...rlen(l->hosts)Description
TRUEnever evaluated
FALSEnever evaluated
0
1149 int was_hashed = l->hosts && l->hosts[0] == HASH_DELIM;
l->hostsDescription
TRUEnever evaluated
FALSEnever evaluated
l->hosts[0] == '|'Description
TRUEnever evaluated
FALSEnever evaluated
0
1150-
1151 switch (l->status) {-
1152 case HKF_STATUS_OK:
never executed: case 0:
0
1153 case HKF_STATUS_MATCHED:
never executed: case 3:
0
1154 /*-
1155 * Don't hash hosts already already hashed, with wildcard-
1156 * characters or a CA/revocation marker.-
1157 */-
1158 if (was_hashed || has_wild || l->marker != MRK_NONE) {
was_hashedDescription
TRUEnever evaluated
FALSEnever evaluated
has_wildDescription
TRUEnever evaluated
FALSEnever evaluated
l->marker != MRK_NONEDescription
TRUEnever evaluated
FALSEnever evaluated
0
1159 fprintf(ctx->out, "%s\n", l->line);-
1160 if (has_wild && !find_host) {
has_wildDescription
TRUEnever evaluated
FALSEnever evaluated
!find_hostDescription
TRUEnever evaluated
FALSEnever evaluated
0
1161 logit("%s:%lu: ignoring host name "-
1162 "with wildcard: %.64s", l->path,-
1163 l->linenum, l->hosts);-
1164 }
never executed: end of block
0
1165 return 0;
never executed: return 0;
0
1166 }-
1167 /*-
1168 * Split any comma-separated hostnames from the host list,-
1169 * hash and store separately.-
1170 */-
1171 ohosts = hosts = xstrdup(l->hosts);-
1172 while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') {
(cp = __extens...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
*cp != '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1173 lowercase(cp);-
1174 if ((hashed = host_hash(cp, NULL, 0)) == NULL)
(hashed = host...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1175 fatal("hash_host failed");
never executed: fatal("hash_host failed");
0
1176 fprintf(ctx->out, "%s %s\n", hashed, l->rawkey);-
1177 ctx->has_unhashed = 1;-
1178 }
never executed: end of block
0
1179 free(ohosts);-
1180 return 0;
never executed: return 0;
0
1181 case HKF_STATUS_INVALID:
never executed: case 1:
0
1182 /* Retain invalid lines, but mark file as invalid. */-
1183 ctx->invalid = 1;-
1184 logit("%s:%lu: invalid line", l->path, l->linenum);-
1185 /* FALLTHROUGH */-
1186 default:
code before this statement never executed: default:
never executed: default:
0
1187 fprintf(ctx->out, "%s\n", l->line);-
1188 return 0;
never executed: return 0;
0
1189 }-
1190 /* NOTREACHED */-
1191 return -1;
never executed: return -1;
0
1192}-
1193-
1194static int-
1195known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)-
1196{-
1197 struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;-
1198 enum sshkey_fp_rep rep;-
1199 int fptype;-
1200 char *fp;-
1201-
1202 fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;
print_bubblebabbleDescription
TRUEnever evaluated
FALSEnever evaluated
0
1203 rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
print_bubblebabbleDescription
TRUEnever evaluated
FALSEnever evaluated
0
1204-
1205 if (l->status == HKF_STATUS_MATCHED) {
l->status == 3Description
TRUEnever evaluated
FALSEnever evaluated
0
1206 if (delete_host) {
delete_hostDescription
TRUEnever evaluated
FALSEnever evaluated
0
1207 if (l->marker != MRK_NONE) {
l->marker != MRK_NONEDescription
TRUEnever evaluated
FALSEnever evaluated
0
1208 /* Don't remove CA and revocation lines */-
1209 fprintf(ctx->out, "%s\n", l->line);-
1210 } else {
never executed: end of block
0
1211 /*-
1212 * Hostname matches and has no CA/revoke-
1213 * marker, delete it by *not* writing the-
1214 * line to ctx->out.-
1215 */-
1216 ctx->found_key = 1;-
1217 if (!quiet)
!quietDescription
TRUEnever evaluated
FALSEnever evaluated
0
1218 printf("# Host %s found: line %lu\n",
never executed: printf("# Host %s found: line %lu\n", ctx->host, l->linenum);
0
1219 ctx->host, l->linenum);
never executed: printf("# Host %s found: line %lu\n", ctx->host, l->linenum);
0
1220 }
never executed: end of block
0
1221 return 0;
never executed: return 0;
0
1222 } else if (find_host) {
find_hostDescription
TRUEnever evaluated
FALSEnever evaluated
0
1223 ctx->found_key = 1;-
1224 if (!quiet) {
!quietDescription
TRUEnever evaluated
FALSEnever evaluated
0
1225 printf("# Host %s found: line %lu %s\n",-
1226 ctx->host,-
1227 l->linenum, l->marker == MRK_CA ? "CA" :-
1228 (l->marker == MRK_REVOKE ? "REVOKED" : ""));-
1229 }
never executed: end of block
0
1230 if (hash_hosts)
hash_hostsDescription
TRUEnever evaluated
FALSEnever evaluated
0
1231 known_hosts_hash(l, ctx);
never executed: known_hosts_hash(l, ctx);
0
1232 else if (print_fingerprint) {
print_fingerprintDescription
TRUEnever evaluated
FALSEnever evaluated
0
1233 fp = sshkey_fingerprint(l->key, fptype, rep);-
1234 mprintf("%s %s %s %s\n", ctx->host,-
1235 sshkey_type(l->key), fp, l->comment);-
1236 free(fp);-
1237 } else
never executed: end of block
0
1238 fprintf(ctx->out, "%s\n", l->line);
never executed: fprintf(ctx->out, "%s\n", l->line);
0
1239 return 0;
never executed: return 0;
0
1240 }-
1241 } else if (delete_host) {
never executed: end of block
delete_hostDescription
TRUEnever evaluated
FALSEnever evaluated
0
1242 /* Retain non-matching hosts when deleting */-
1243 if (l->status == HKF_STATUS_INVALID) {
l->status == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1244 ctx->invalid = 1;-
1245 logit("%s:%lu: invalid line", l->path, l->linenum);-
1246 }
never executed: end of block
0
1247 fprintf(ctx->out, "%s\n", l->line);-
1248 }
never executed: end of block
0
1249 return 0;
never executed: return 0;
0
1250}-
1251-
1252static void-
1253do_known_hosts(struct passwd *pw, const char *name)-
1254{-
1255 char *cp, tmp[PATH_MAX], old[PATH_MAX];-
1256 int r, fd, oerrno, inplace = 0;-
1257 struct known_hosts_ctx ctx;-
1258 u_int foreach_options;-
1259-
1260 if (!have_identity) {
!have_identityDescription
TRUEnever evaluated
FALSEnever evaluated
0
1261 cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);-
1262 if (strlcpy(identity_file, cp, sizeof(identity_file)) >=
strlcpy(identi...identity_file)Description
TRUEnever evaluated
FALSEnever evaluated
0
1263 sizeof(identity_file))
strlcpy(identi...identity_file)Description
TRUEnever evaluated
FALSEnever evaluated
0
1264 fatal("Specified known hosts path too long");
never executed: fatal("Specified known hosts path too long");
0
1265 free(cp);-
1266 have_identity = 1;-
1267 }
never executed: end of block
0
1268-
1269 memset(&ctx, 0, sizeof(ctx));-
1270 ctx.out = stdout;-
1271 ctx.host = name;-
1272-
1273 /*-
1274 * Find hosts goes to stdout, hash and deletions happen in-place-
1275 * A corner case is ssh-keygen -HF foo, which should go to stdout-
1276 */-
1277 if (!find_host && (hash_hosts || delete_host)) {
!find_hostDescription
TRUEnever evaluated
FALSEnever evaluated
hash_hostsDescription
TRUEnever evaluated
FALSEnever evaluated
delete_hostDescription
TRUEnever evaluated
FALSEnever evaluated
0
1278 if (strlcpy(tmp, identity_file, sizeof(tmp)) >= sizeof(tmp) ||
strlcpy(tmp, i...>= sizeof(tmp)Description
TRUEnever evaluated
FALSEnever evaluated
0
1279 strlcat(tmp, ".XXXXXXXXXX", sizeof(tmp)) >= sizeof(tmp) ||
strlcat(tmp, "...>= sizeof(tmp)Description
TRUEnever evaluated
FALSEnever evaluated
0
1280 strlcpy(old, identity_file, sizeof(old)) >= sizeof(old) ||
strlcpy(old, i...>= sizeof(old)Description
TRUEnever evaluated
FALSEnever evaluated
0
1281 strlcat(old, ".old", sizeof(old)) >= sizeof(old))
strlcat(old, "...>= sizeof(old)Description
TRUEnever evaluated
FALSEnever evaluated
0
1282 fatal("known_hosts path too long");
never executed: fatal("known_hosts path too long");
0
1283 umask(077);-
1284 if ((fd = mkstemp(tmp)) == -1)
(fd = mkstemp(tmp)) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1285 fatal("mkstemp: %s", strerror(errno));
never executed: fatal("mkstemp: %s", strerror( (*__errno_location ()) ));
0
1286 if ((ctx.out = fdopen(fd, "w")) == NULL) {
(ctx.out = fdo...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1287 oerrno = errno;-
1288 unlink(tmp);-
1289 fatal("fdopen: %s", strerror(oerrno));-
1290 }
never executed: end of block
0
1291 inplace = 1;-
1292 }
never executed: end of block
0
1293 /* XXX support identity_file == "-" for stdin */-
1294 foreach_options = find_host ? HKF_WANT_MATCH : 0;
find_hostDescription
TRUEnever evaluated
FALSEnever evaluated
0
1295 foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0;
print_fingerprintDescription
TRUEnever evaluated
FALSEnever evaluated
0
1296 if ((r = hostkeys_foreach(identity_file, (find_host || !hash_hosts) ?
(r = hostkeys_...options)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1297 known_hosts_find_delete : known_hosts_hash, &ctx, name, NULL,
(r = hostkeys_...options)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1298 foreach_options)) != 0) {
(r = hostkeys_...options)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1299 if (inplace)
inplaceDescription
TRUEnever evaluated
FALSEnever evaluated
0
1300 unlink(tmp);
never executed: unlink(tmp);
0
1301 fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));-
1302 }
never executed: end of block
0
1303-
1304 if (inplace)
inplaceDescription
TRUEnever evaluated
FALSEnever evaluated
0
1305 fclose(ctx.out);
never executed: fclose(ctx.out);
0
1306-
1307 if (ctx.invalid) {
ctx.invalidDescription
TRUEnever evaluated
FALSEnever evaluated
0
1308 error("%s is not a valid known_hosts file.", identity_file);-
1309 if (inplace) {
inplaceDescription
TRUEnever evaluated
FALSEnever evaluated
0
1310 error("Not replacing existing known_hosts "-
1311 "file because of errors");-
1312 unlink(tmp);-
1313 }
never executed: end of block
0
1314 exit(1);
never executed: exit(1);
0
1315 } else if (delete_host && !ctx.found_key) {
delete_hostDescription
TRUEnever evaluated
FALSEnever evaluated
!ctx.found_keyDescription
TRUEnever evaluated
FALSEnever evaluated
0
1316 logit("Host %s not found in %s", name, identity_file);-
1317 if (inplace)
inplaceDescription
TRUEnever evaluated
FALSEnever evaluated
0
1318 unlink(tmp);
never executed: unlink(tmp);
0
1319 } else if (inplace) {
never executed: end of block
inplaceDescription
TRUEnever evaluated
FALSEnever evaluated
0
1320 /* Backup existing file */-
1321 if (unlink(old) == -1 && errno != ENOENT)
unlink(old) == -1Description
TRUEnever evaluated
FALSEnever evaluated
(*__errno_location ()) != 2Description
TRUEnever evaluated
FALSEnever evaluated
0
1322 fatal("unlink %.100s: %s", old, strerror(errno));
never executed: fatal("unlink %.100s: %s", old, strerror( (*__errno_location ()) ));
0
1323 if (link(identity_file, old) == -1)
link(identity_file, old) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1324 fatal("link %.100s to %.100s: %s", identity_file, old,
never executed: fatal("link %.100s to %.100s: %s", identity_file, old, strerror( (*__errno_location ()) ));
0
1325 strerror(errno));
never executed: fatal("link %.100s to %.100s: %s", identity_file, old, strerror( (*__errno_location ()) ));
0
1326 /* Move new one into place */-
1327 if (rename(tmp, identity_file) == -1) {
rename(tmp, id...ty_file) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1328 error("rename\"%s\" to \"%s\": %s", tmp, identity_file,-
1329 strerror(errno));-
1330 unlink(tmp);-
1331 unlink(old);-
1332 exit(1);
never executed: exit(1);
0
1333 }-
1334-
1335 printf("%s updated.\n", identity_file);-
1336 printf("Original contents retained as %s\n", old);-
1337 if (ctx.has_unhashed) {
ctx.has_unhashedDescription
TRUEnever evaluated
FALSEnever evaluated
0
1338 logit("WARNING: %s contains unhashed entries", old);-
1339 logit("Delete this file to ensure privacy "-
1340 "of hostnames");-
1341 }
never executed: end of block
0
1342 }
never executed: end of block
0
1343-
1344 exit (find_host && !ctx.found_key);
never executed: exit (find_host && !ctx.found_key);
0
1345}-
1346-
1347/*-
1348 * Perform changing a passphrase. The argument is the passwd structure-
1349 * for the current user.-
1350 */-
1351static void-
1352do_change_passphrase(struct passwd *pw)-
1353{-
1354 char *comment;-
1355 char *old_passphrase, *passphrase1, *passphrase2;-
1356 struct stat st;-
1357 struct sshkey *private;-
1358 int r;-
1359-
1360 if (!have_identity)
!have_identityDescription
TRUEnever evaluated
FALSEnever evaluated
0
1361 ask_filename(pw, "Enter file in which the key is");
never executed: ask_filename(pw, "Enter file in which the key is");
0
1362 if (stat(identity_file, &st) < 0)
stat(identity_file, &st) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1363 fatal("%s: %s", identity_file, strerror(errno));
never executed: fatal("%s: %s", identity_file, strerror( (*__errno_location ()) ));
0
1364 /* Try to load the file with empty passphrase. */-
1365 r = sshkey_load_private(identity_file, "", &private, &comment);-
1366 if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) {
r == -43Description
TRUEnever evaluated
FALSEnever evaluated
0
1367 if (identity_passphrase)
identity_passphraseDescription
TRUEnever evaluated
FALSEnever evaluated
0
1368 old_passphrase = xstrdup(identity_passphrase);
never executed: old_passphrase = xstrdup(identity_passphrase);
0
1369 else-
1370 old_passphrase =
never executed: old_passphrase = read_passphrase("Enter old passphrase: ", 0x0002);
0
1371 read_passphrase("Enter old passphrase: ",
never executed: old_passphrase = read_passphrase("Enter old passphrase: ", 0x0002);
0
1372 RP_ALLOW_STDIN);
never executed: old_passphrase = read_passphrase("Enter old passphrase: ", 0x0002);
0
1373 r = sshkey_load_private(identity_file, old_passphrase,-
1374 &private, &comment);-
1375 explicit_bzero(old_passphrase, strlen(old_passphrase));-
1376 free(old_passphrase);-
1377 if (r != 0)
r != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1378 goto badkey;
never executed: goto badkey;
0
1379 } else if (r != 0) {
never executed: end of block
r != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1380 badkey:-
1381 fatal("Failed to load key %s: %s", identity_file, ssh_err(r));-
1382 }
never executed: end of block
0
1383 if (comment)
commentDescription
TRUEnever evaluated
FALSEnever evaluated
0
1384 mprintf("Key has comment '%s'\n", comment);
never executed: mprintf("Key has comment '%s'\n", comment);
0
1385-
1386 /* Ask the new passphrase (twice). */-
1387 if (identity_new_passphrase) {
identity_new_passphraseDescription
TRUEnever evaluated
FALSEnever evaluated
0
1388 passphrase1 = xstrdup(identity_new_passphrase);-
1389 passphrase2 = NULL;-
1390 } else {
never executed: end of block
0
1391 passphrase1 =-
1392 read_passphrase("Enter new passphrase (empty for no "-
1393 "passphrase): ", RP_ALLOW_STDIN);-
1394 passphrase2 = read_passphrase("Enter same passphrase again: ",-
1395 RP_ALLOW_STDIN);-
1396-
1397 /* Verify that they are the same. */-
1398 if (strcmp(passphrase1, passphrase2) != 0) {
never executed: __result = (((const unsigned char *) (const char *) ( passphrase1 ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( passphrase2 ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1399 explicit_bzero(passphrase1, strlen(passphrase1));-
1400 explicit_bzero(passphrase2, strlen(passphrase2));-
1401 free(passphrase1);-
1402 free(passphrase2);-
1403 printf("Pass phrases do not match. Try again.\n");-
1404 exit(1);
never executed: exit(1);
0
1405 }-
1406 /* Destroy the other copy. */-
1407 explicit_bzero(passphrase2, strlen(passphrase2));-
1408 free(passphrase2);-
1409 }
never executed: end of block
0
1410-
1411 /* Save the file using the new passphrase. */-
1412 if ((r = sshkey_save_private(private, identity_file, passphrase1,
(r = sshkey_sa... rounds)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1413 comment, use_new_format, new_format_cipher, rounds)) != 0) {
(r = sshkey_sa... rounds)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1414 error("Saving key \"%s\" failed: %s.",-
1415 identity_file, ssh_err(r));-
1416 explicit_bzero(passphrase1, strlen(passphrase1));-
1417 free(passphrase1);-
1418 sshkey_free(private);-
1419 free(comment);-
1420 exit(1);
never executed: exit(1);
0
1421 }-
1422 /* Destroy the passphrase and the copy of the key in memory. */-
1423 explicit_bzero(passphrase1, strlen(passphrase1));-
1424 free(passphrase1);-
1425 sshkey_free(private); /* Destroys contents */-
1426 free(comment);-
1427-
1428 printf("Your identification has been saved with the new passphrase.\n");-
1429 exit(0);
never executed: exit(0);
0
1430}-
1431-
1432/*-
1433 * Print the SSHFP RR.-
1434 */-
1435static int-
1436do_print_resource_record(struct passwd *pw, char *fname, char *hname)-
1437{-
1438 struct sshkey *public;-
1439 char *comment = NULL;-
1440 struct stat st;-
1441 int r;-
1442-
1443 if (fname == NULL)
fname == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1444 fatal("%s: no filename", __func__);
never executed: fatal("%s: no filename", __func__);
0
1445 if (stat(fname, &st) < 0) {
stat(fname, &st) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1446 if (errno == ENOENT)
(*__errno_location ()) == 2Description
TRUEnever evaluated
FALSEnever evaluated
0
1447 return 0;
never executed: return 0;
0
1448 fatal("%s: %s", fname, strerror(errno));-
1449 }
never executed: end of block
0
1450 if ((r = sshkey_load_public(fname, &public, &comment)) != 0)
(r = sshkey_lo...comment)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1451 fatal("Failed to read v2 public key from \"%s\": %s.",
never executed: fatal("Failed to read v2 public key from \"%s\": %s.", fname, ssh_err(r));
0
1452 fname, ssh_err(r));
never executed: fatal("Failed to read v2 public key from \"%s\": %s.", fname, ssh_err(r));
0
1453 export_dns_rr(hname, public, stdout, print_generic);-
1454 sshkey_free(public);-
1455 free(comment);-
1456 return 1;
never executed: return 1;
0
1457}-
1458-
1459/*-
1460 * Change the comment of a private key file.-
1461 */-
1462static void-
1463do_change_comment(struct passwd *pw)-
1464{-
1465 char new_comment[1024], *comment, *passphrase;-
1466 struct sshkey *private;-
1467 struct sshkey *public;-
1468 struct stat st;-
1469 FILE *f;-
1470 int r, fd;-
1471-
1472 if (!have_identity)
!have_identityDescription
TRUEnever evaluated
FALSEnever evaluated
0
1473 ask_filename(pw, "Enter file in which the key is");
never executed: ask_filename(pw, "Enter file in which the key is");
0
1474 if (stat(identity_file, &st) < 0)
stat(identity_file, &st) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1475 fatal("%s: %s", identity_file, strerror(errno));
never executed: fatal("%s: %s", identity_file, strerror( (*__errno_location ()) ));
0
1476 if ((r = sshkey_load_private(identity_file, "",
(r = sshkey_lo...comment)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1477 &private, &comment)) == 0)
(r = sshkey_lo...comment)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1478 passphrase = xstrdup("");
never executed: passphrase = xstrdup("");
0
1479 else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
r != -43Description
TRUEnever evaluated
FALSEnever evaluated
0
1480 fatal("Cannot load private key \"%s\": %s.",
never executed: fatal("Cannot load private key \"%s\": %s.", identity_file, ssh_err(r));
0
1481 identity_file, ssh_err(r));
never executed: fatal("Cannot load private key \"%s\": %s.", identity_file, ssh_err(r));
0
1482 else {-
1483 if (identity_passphrase)
identity_passphraseDescription
TRUEnever evaluated
FALSEnever evaluated
0
1484 passphrase = xstrdup(identity_passphrase);
never executed: passphrase = xstrdup(identity_passphrase);
0
1485 else if (identity_new_passphrase)
identity_new_passphraseDescription
TRUEnever evaluated
FALSEnever evaluated
0
1486 passphrase = xstrdup(identity_new_passphrase);
never executed: passphrase = xstrdup(identity_new_passphrase);
0
1487 else-
1488 passphrase = read_passphrase("Enter passphrase: ",
never executed: passphrase = read_passphrase("Enter passphrase: ", 0x0002);
0
1489 RP_ALLOW_STDIN);
never executed: passphrase = read_passphrase("Enter passphrase: ", 0x0002);
0
1490 /* Try to load using the passphrase. */-
1491 if ((r = sshkey_load_private(identity_file, passphrase,
(r = sshkey_lo...comment)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1492 &private, &comment)) != 0) {
(r = sshkey_lo...comment)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1493 explicit_bzero(passphrase, strlen(passphrase));-
1494 free(passphrase);-
1495 fatal("Cannot load private key \"%s\": %s.",-
1496 identity_file, ssh_err(r));-
1497 }
never executed: end of block
0
1498 }
never executed: end of block
0
1499-
1500 if (private->type != KEY_ED25519 && private->type != KEY_XMSS &&
private->type != KEY_ED25519Description
TRUEnever evaluated
FALSEnever evaluated
private->type != KEY_XMSSDescription
TRUEnever evaluated
FALSEnever evaluated
0
1501 !use_new_format) {
!use_new_formatDescription
TRUEnever evaluated
FALSEnever evaluated
0
1502 error("Comments are only supported for keys stored in "-
1503 "the new format (-o).");-
1504 explicit_bzero(passphrase, strlen(passphrase));-
1505 sshkey_free(private);-
1506 exit(1);
never executed: exit(1);
0
1507 }-
1508 if (comment)
commentDescription
TRUEnever evaluated
FALSEnever evaluated
0
1509 printf("Key now has comment '%s'\n", comment);
never executed: printf("Key now has comment '%s'\n", comment);
0
1510 else-
1511 printf("Key now has no comment\n");
never executed: printf("Key now has no comment\n");
0
1512-
1513 if (identity_comment) {
identity_commentDescription
TRUEnever evaluated
FALSEnever evaluated
0
1514 strlcpy(new_comment, identity_comment, sizeof(new_comment));-
1515 } else {
never executed: end of block
0
1516 printf("Enter new comment: ");-
1517 fflush(stdout);-
1518 if (!fgets(new_comment, sizeof(new_comment), stdin)) {
!fgets(new_com...ment), stdin )Description
TRUEnever evaluated
FALSEnever evaluated
0
1519 explicit_bzero(passphrase, strlen(passphrase));-
1520 sshkey_free(private);-
1521 exit(1);
never executed: exit(1);
0
1522 }-
1523 new_comment[strcspn(new_comment, "\n")] = '\0';-
1524 }
never executed: end of block
0
1525-
1526 /* Save the file using the new passphrase. */-
1527 if ((r = sshkey_save_private(private, identity_file, passphrase,
(r = sshkey_sa... rounds)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1528 new_comment, use_new_format, new_format_cipher, rounds)) != 0) {
(r = sshkey_sa... rounds)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1529 error("Saving key \"%s\" failed: %s",-
1530 identity_file, ssh_err(r));-
1531 explicit_bzero(passphrase, strlen(passphrase));-
1532 free(passphrase);-
1533 sshkey_free(private);-
1534 free(comment);-
1535 exit(1);
never executed: exit(1);
0
1536 }-
1537 explicit_bzero(passphrase, strlen(passphrase));-
1538 free(passphrase);-
1539 if ((r = sshkey_from_private(private, &public)) != 0)
(r = sshkey_fr...&public)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1540 fatal("sshkey_from_private failed: %s", ssh_err(r));
never executed: fatal("sshkey_from_private failed: %s", ssh_err(r));
0
1541 sshkey_free(private);-
1542-
1543 strlcat(identity_file, ".pub", sizeof(identity_file));-
1544 fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);-
1545 if (fd == -1)
fd == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1546 fatal("Could not save your public key in %s", identity_file);
never executed: fatal("Could not save your public key in %s", identity_file);
0
1547 f = fdopen(fd, "w");-
1548 if (f == NULL)
f == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1549 fatal("fdopen %s failed: %s", identity_file, strerror(errno));
never executed: fatal("fdopen %s failed: %s", identity_file, strerror( (*__errno_location ()) ));
0
1550 if ((r = sshkey_write(public, f)) != 0)
(r = sshkey_wr...blic, f)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1551 fatal("write key failed: %s", ssh_err(r));
never executed: fatal("write key failed: %s", ssh_err(r));
0
1552 sshkey_free(public);-
1553 fprintf(f, " %s\n", new_comment);-
1554 fclose(f);-
1555-
1556 free(comment);-
1557-
1558 printf("The comment in your key file has been changed.\n");-
1559 exit(0);
never executed: exit(0);
0
1560}-
1561-
1562static void-
1563add_flag_option(struct sshbuf *c, const char *name)-
1564{-
1565 int r;-
1566-
1567 debug3("%s: %s", __func__, name);-
1568 if ((r = sshbuf_put_cstring(c, name)) != 0 ||
(r = sshbuf_pu...c, name)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1569 (r = sshbuf_put_string(c, NULL, 0)) != 0)
(r = sshbuf_pu...)0) , 0)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1570 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1571}
never executed: end of block
0
1572-
1573static void-
1574add_string_option(struct sshbuf *c, const char *name, const char *value)-
1575{-
1576 struct sshbuf *b;-
1577 int r;-
1578-
1579 debug3("%s: %s=%s", __func__, name, value);-
1580 if ((b = sshbuf_new()) == NULL)
(b = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1581 fatal("%s: sshbuf_new failed", __func__);
never executed: fatal("%s: sshbuf_new failed", __func__);
0
1582 if ((r = sshbuf_put_cstring(b, value)) != 0 ||
(r = sshbuf_pu..., value)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1583 (r = sshbuf_put_cstring(c, name)) != 0 ||
(r = sshbuf_pu...c, name)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1584 (r = sshbuf_put_stringb(c, b)) != 0)
(r = sshbuf_pu...gb(c, b)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1585 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1586-
1587 sshbuf_free(b);-
1588}
never executed: end of block
0
1589-
1590#define OPTIONS_CRITICAL 1-
1591#define OPTIONS_EXTENSIONS 2-
1592static void-
1593prepare_options_buf(struct sshbuf *c, int which)-
1594{-
1595 size_t i;-
1596-
1597 sshbuf_reset(c);-
1598 if ((which & OPTIONS_CRITICAL) != 0 &&
(which & 1) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1599 certflags_command != NULL)
certflags_comm...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1600 add_string_option(c, "force-command", certflags_command);
never executed: add_string_option(c, "force-command", certflags_command);
0
1601 if ((which & OPTIONS_EXTENSIONS) != 0 &&
(which & 2) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1602 (certflags_flags & CERTOPT_X_FWD) != 0)
(certflags_flags & (1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1603 add_flag_option(c, "permit-X11-forwarding");
never executed: add_flag_option(c, "permit-X11-forwarding");
0
1604 if ((which & OPTIONS_EXTENSIONS) != 0 &&
(which & 2) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1605 (certflags_flags & CERTOPT_AGENT_FWD) != 0)
(certflags_fla...& (1<<1)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1606 add_flag_option(c, "permit-agent-forwarding");
never executed: add_flag_option(c, "permit-agent-forwarding");
0
1607 if ((which & OPTIONS_EXTENSIONS) != 0 &&
(which & 2) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1608 (certflags_flags & CERTOPT_PORT_FWD) != 0)
(certflags_fla...& (1<<2)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1609 add_flag_option(c, "permit-port-forwarding");
never executed: add_flag_option(c, "permit-port-forwarding");
0
1610 if ((which & OPTIONS_EXTENSIONS) != 0 &&
(which & 2) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1611 (certflags_flags & CERTOPT_PTY) != 0)
(certflags_fla...& (1<<3)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1612 add_flag_option(c, "permit-pty");
never executed: add_flag_option(c, "permit-pty");
0
1613 if ((which & OPTIONS_EXTENSIONS) != 0 &&
(which & 2) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1614 (certflags_flags & CERTOPT_USER_RC) != 0)
(certflags_fla...& (1<<4)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1615 add_flag_option(c, "permit-user-rc");
never executed: add_flag_option(c, "permit-user-rc");
0
1616 if ((which & OPTIONS_CRITICAL) != 0 &&
(which & 1) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1617 certflags_src_addr != NULL)
certflags_src_...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1618 add_string_option(c, "source-address", certflags_src_addr);
never executed: add_string_option(c, "source-address", certflags_src_addr);
0
1619 for (i = 0; i < ncert_userext; i++) {
i < ncert_userextDescription
TRUEnever evaluated
FALSEnever evaluated
0
1620 if ((cert_userext[i].crit && (which & OPTIONS_EXTENSIONS)) ||
cert_userext[i].critDescription
TRUEnever evaluated
FALSEnever evaluated
(which & 2)Description
TRUEnever evaluated
FALSEnever evaluated
0
1621 (!cert_userext[i].crit && (which & OPTIONS_CRITICAL)))
!cert_userext[i].critDescription
TRUEnever evaluated
FALSEnever evaluated
(which & 1)Description
TRUEnever evaluated
FALSEnever evaluated
0
1622 continue;
never executed: continue;
0
1623 if (cert_userext[i].val == NULL)
cert_userext[i...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1624 add_flag_option(c, cert_userext[i].key);
never executed: add_flag_option(c, cert_userext[i].key);
0
1625 else {-
1626 add_string_option(c, cert_userext[i].key,-
1627 cert_userext[i].val);-
1628 }
never executed: end of block
0
1629 }-
1630}
never executed: end of block
0
1631-
1632static struct sshkey *-
1633load_pkcs11_key(char *path)-
1634{-
1635#ifdef ENABLE_PKCS11-
1636 struct sshkey **keys = NULL, *public, *private = NULL;-
1637 int r, i, nkeys;-
1638-
1639 if ((r = sshkey_load_public(path, &public, NULL)) != 0)
(r = sshkey_lo...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1640 fatal("Couldn't load CA public key \"%s\": %s",
never executed: fatal("Couldn't load CA public key \"%s\": %s", path, ssh_err(r));
0
1641 path, ssh_err(r));
never executed: fatal("Couldn't load CA public key \"%s\": %s", path, ssh_err(r));
0
1642-
1643 nkeys = pkcs11_add_provider(pkcs11provider, identity_passphrase, &keys);-
1644 debug3("%s: %d keys", __func__, nkeys);-
1645 if (nkeys <= 0)
nkeys <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1646 fatal("cannot read public key from pkcs11");
never executed: fatal("cannot read public key from pkcs11");
0
1647 for (i = 0; i < nkeys; i++) {
i < nkeysDescription
TRUEnever evaluated
FALSEnever evaluated
0
1648 if (sshkey_equal_public(public, keys[i])) {
sshkey_equal_p...blic, keys[i])Description
TRUEnever evaluated
FALSEnever evaluated
0
1649 private = keys[i];-
1650 continue;
never executed: continue;
0
1651 }-
1652 sshkey_free(keys[i]);-
1653 }
never executed: end of block
0
1654 free(keys);-
1655 sshkey_free(public);-
1656 return private;
never executed: return private;
0
1657#else-
1658 fatal("no pkcs11 support");-
1659#endif /* ENABLE_PKCS11 */-
1660}-
1661-
1662/* Signer for sshkey_certify_custom that uses the agent */-
1663static int-
1664agent_signer(const struct sshkey *key, u_char **sigp, size_t *lenp,-
1665 const u_char *data, size_t datalen,-
1666 const char *alg, u_int compat, void *ctx)-
1667{-
1668 int *agent_fdp = (int *)ctx;-
1669-
1670 return ssh_agent_sign(*agent_fdp, key, sigp, lenp,
never executed: return ssh_agent_sign(*agent_fdp, key, sigp, lenp, data, datalen, alg, compat);
0
1671 data, datalen, alg, compat);
never executed: return ssh_agent_sign(*agent_fdp, key, sigp, lenp, data, datalen, alg, compat);
0
1672}-
1673-
1674static void-
1675do_ca_sign(struct passwd *pw, int argc, char **argv)-
1676{-
1677 int r, i, fd, found, agent_fd = -1;-
1678 u_int n;-
1679 struct sshkey *ca, *public;-
1680 char valid[64], *otmp, *tmp, *cp, *out, *comment, **plist = NULL;-
1681 FILE *f;-
1682 struct ssh_identitylist *agent_ids;-
1683 size_t j;-
1684-
1685#ifdef ENABLE_PKCS11-
1686 pkcs11_init(1);-
1687#endif-
1688 tmp = tilde_expand_filename(ca_key_path, pw->pw_uid);-
1689 if (pkcs11provider != NULL) {
pkcs11provider != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1690 /* If a PKCS#11 token was specified then try to use it */-
1691 if ((ca = load_pkcs11_key(tmp)) == NULL)
(ca = load_pkc...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1692 fatal("No PKCS#11 key matching %s found", ca_key_path);
never executed: fatal("No PKCS#11 key matching %s found", ca_key_path);
0
1693 } else if (prefer_agent) {
never executed: end of block
prefer_agentDescription
TRUEnever evaluated
FALSEnever evaluated
0
1694 /*-
1695 * Agent signature requested. Try to use agent after making-
1696 * sure the public key specified is actually present in the-
1697 * agent.-
1698 */-
1699 if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0)
(r = sshkey_lo...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1700 fatal("Cannot load CA public key %s: %s",
never executed: fatal("Cannot load CA public key %s: %s", tmp, ssh_err(r));
0
1701 tmp, ssh_err(r));
never executed: fatal("Cannot load CA public key %s: %s", tmp, ssh_err(r));
0
1702 if ((r = ssh_get_authentication_socket(&agent_fd)) != 0)
(r = ssh_get_a...gent_fd)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1703 fatal("Cannot use public key for CA signature: %s",
never executed: fatal("Cannot use public key for CA signature: %s", ssh_err(r));
0
1704 ssh_err(r));
never executed: fatal("Cannot use public key for CA signature: %s", ssh_err(r));
0
1705 if ((r = ssh_fetch_identitylist(agent_fd, &agent_ids)) != 0)
(r = ssh_fetch...ent_ids)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1706 fatal("Retrieve agent key list: %s", ssh_err(r));
never executed: fatal("Retrieve agent key list: %s", ssh_err(r));
0
1707 found = 0;-
1708 for (j = 0; j < agent_ids->nkeys; j++) {
j < agent_ids->nkeysDescription
TRUEnever evaluated
FALSEnever evaluated
0
1709 if (sshkey_equal(ca, agent_ids->keys[j])) {
sshkey_equal(c..._ids->keys[j])Description
TRUEnever evaluated
FALSEnever evaluated
0
1710 found = 1;-
1711 break;
never executed: break;
0
1712 }-
1713 }
never executed: end of block
0
1714 if (!found)
!foundDescription
TRUEnever evaluated
FALSEnever evaluated
0
1715 fatal("CA key %s not found in agent", tmp);
never executed: fatal("CA key %s not found in agent", tmp);
0
1716 ssh_free_identitylist(agent_ids);-
1717 ca->flags |= SSHKEY_FLAG_EXT;-
1718 } else {
never executed: end of block
0
1719 /* CA key is assumed to be a private key on the filesystem */-
1720 ca = load_identity(tmp);-
1721 }
never executed: end of block
0
1722 free(tmp);-
1723-
1724 if (key_type_name != NULL &&
key_type_name != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1725 sshkey_type_from_name(key_type_name) != ca->type) {
sshkey_type_fr...e) != ca->typeDescription
TRUEnever evaluated
FALSEnever evaluated
0
1726 fatal("CA key type %s doesn't match specified %s",-
1727 sshkey_ssh_name(ca), key_type_name);-
1728 }
never executed: end of block
0
1729-
1730 for (i = 0; i < argc; i++) {
i < argcDescription
TRUEnever evaluated
FALSEnever evaluated
0
1731 /* Split list of principals */-
1732 n = 0;-
1733 if (cert_principals != NULL) {
cert_principals != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1734 otmp = tmp = xstrdup(cert_principals);-
1735 plist = NULL;-
1736 for (; (cp = strsep(&tmp, ",")) != NULL; n++) {
(cp = __extens...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1737 plist = xreallocarray(plist, n + 1, sizeof(*plist));-
1738 if (*(plist[n] = xstrdup(cp)) == '\0')
*(plist[n] = x...p(cp)) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1739 fatal("Empty principal name");
never executed: fatal("Empty principal name");
0
1740 }
never executed: end of block
0
1741 free(otmp);-
1742 }
never executed: end of block
0
1743 if (n > SSHKEY_CERT_MAX_PRINCIPALS)
n > 256Description
TRUEnever evaluated
FALSEnever evaluated
0
1744 fatal("Too many certificate principals specified");
never executed: fatal("Too many certificate principals specified");
0
1745 -
1746 tmp = tilde_expand_filename(argv[i], pw->pw_uid);-
1747 if ((r = sshkey_load_public(tmp, &public, &comment)) != 0)
(r = sshkey_lo...comment)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1748 fatal("%s: unable to open \"%s\": %s",
never executed: fatal("%s: unable to open \"%s\": %s", __func__, tmp, ssh_err(r));
0
1749 __func__, tmp, ssh_err(r));
never executed: fatal("%s: unable to open \"%s\": %s", __func__, tmp, ssh_err(r));
0
1750 if (public->type != KEY_RSA && public->type != KEY_DSA &&
public->type != KEY_RSADescription
TRUEnever evaluated
FALSEnever evaluated
public->type != KEY_DSADescription
TRUEnever evaluated
FALSEnever evaluated
0
1751 public->type != KEY_ECDSA && public->type != KEY_ED25519 &&
public->type != KEY_ECDSADescription
TRUEnever evaluated
FALSEnever evaluated
public->type != KEY_ED25519Description
TRUEnever evaluated
FALSEnever evaluated
0
1752 public->type != KEY_XMSS)
public->type != KEY_XMSSDescription
TRUEnever evaluated
FALSEnever evaluated
0
1753 fatal("%s: key \"%s\" type %s cannot be certified",
never executed: fatal("%s: key \"%s\" type %s cannot be certified", __func__, tmp, sshkey_type(public));
0
1754 __func__, tmp, sshkey_type(public));
never executed: fatal("%s: key \"%s\" type %s cannot be certified", __func__, tmp, sshkey_type(public));
0
1755-
1756 /* Prepare certificate to sign */-
1757 if ((r = sshkey_to_certified(public)) != 0)
(r = sshkey_to...(public)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1758 fatal("Could not upgrade key %s to certificate: %s",
never executed: fatal("Could not upgrade key %s to certificate: %s", tmp, ssh_err(r));
0
1759 tmp, ssh_err(r));
never executed: fatal("Could not upgrade key %s to certificate: %s", tmp, ssh_err(r));
0
1760 public->cert->type = cert_key_type;-
1761 public->cert->serial = (u_int64_t)cert_serial;-
1762 public->cert->key_id = xstrdup(cert_key_id);-
1763 public->cert->nprincipals = n;-
1764 public->cert->principals = plist;-
1765 public->cert->valid_after = cert_valid_from;-
1766 public->cert->valid_before = cert_valid_to;-
1767 prepare_options_buf(public->cert->critical, OPTIONS_CRITICAL);-
1768 prepare_options_buf(public->cert->extensions,-
1769 OPTIONS_EXTENSIONS);-
1770 if ((r = sshkey_from_private(ca,
(r = sshkey_fr...ure_key)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1771 &public->cert->signature_key)) != 0)
(r = sshkey_fr...ure_key)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1772 fatal("sshkey_from_private (ca key): %s", ssh_err(r));
never executed: fatal("sshkey_from_private (ca key): %s", ssh_err(r));
0
1773-
1774 if (agent_fd != -1 && (ca->flags & SSHKEY_FLAG_EXT) != 0) {
agent_fd != -1Description
TRUEnever evaluated
FALSEnever evaluated
(ca->flags & 0x0001) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1775 if ((r = sshkey_certify_custom(public, ca,
(r = sshkey_ce...gent_fd)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1776 key_type_name, agent_signer, &agent_fd)) != 0)
(r = sshkey_ce...gent_fd)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1777 fatal("Couldn't certify key %s via agent: %s",
never executed: fatal("Couldn't certify key %s via agent: %s", tmp, ssh_err(r));
0
1778 tmp, ssh_err(r));
never executed: fatal("Couldn't certify key %s via agent: %s", tmp, ssh_err(r));
0
1779 } else {
never executed: end of block
0
1780 if ((sshkey_certify(public, ca, key_type_name)) != 0)
(sshkey_certif...pe_name)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1781 fatal("Couldn't certify key %s: %s",
never executed: fatal("Couldn't certify key %s: %s", tmp, ssh_err(r));
0
1782 tmp, ssh_err(r));
never executed: fatal("Couldn't certify key %s: %s", tmp, ssh_err(r));
0
1783 }
never executed: end of block
0
1784-
1785 if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( cp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( ".pub" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
(cp = strrchr(...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1786 *cp = '\0';
never executed: *cp = '\0';
0
1787 xasprintf(&out, "%s-cert.pub", tmp);-
1788 free(tmp);-
1789-
1790 if ((fd = open(out, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
(fd = open(out..., 0644)) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1791 fatal("Could not open \"%s\" for writing: %s", out,
never executed: fatal("Could not open \"%s\" for writing: %s", out, strerror( (*__errno_location ()) ));
0
1792 strerror(errno));
never executed: fatal("Could not open \"%s\" for writing: %s", out, strerror( (*__errno_location ()) ));
0
1793 if ((f = fdopen(fd, "w")) == NULL)
(f = fdopen(fd...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1794 fatal("%s: fdopen: %s", __func__, strerror(errno));
never executed: fatal("%s: fdopen: %s", __func__, strerror( (*__errno_location ()) ));
0
1795 if ((r = sshkey_write(public, f)) != 0)
(r = sshkey_wr...blic, f)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1796 fatal("Could not write certified key to %s: %s",
never executed: fatal("Could not write certified key to %s: %s", out, ssh_err(r));
0
1797 out, ssh_err(r));
never executed: fatal("Could not write certified key to %s: %s", out, ssh_err(r));
0
1798 fprintf(f, " %s\n", comment);-
1799 fclose(f);-
1800-
1801 if (!quiet) {
!quietDescription
TRUEnever evaluated
FALSEnever evaluated
0
1802 sshkey_format_cert_validity(public->cert,-
1803 valid, sizeof(valid));-
1804 logit("Signed %s key %s: id \"%s\" serial %llu%s%s "-
1805 "valid %s", sshkey_cert_type(public),-
1806 out, public->cert->key_id,-
1807 (unsigned long long)public->cert->serial,-
1808 cert_principals != NULL ? " for " : "",-
1809 cert_principals != NULL ? cert_principals : "",-
1810 valid);-
1811 }
never executed: end of block
0
1812-
1813 sshkey_free(public);-
1814 free(out);-
1815 }
never executed: end of block
0
1816#ifdef ENABLE_PKCS11-
1817 pkcs11_terminate();-
1818#endif-
1819 exit(0);
never executed: exit(0);
0
1820}-
1821-
1822static u_int64_t-
1823parse_relative_time(const char *s, time_t now)-
1824{-
1825 int64_t mul, secs;-
1826-
1827 mul = *s == '-' ? -1 : 1;
*s == '-'Description
TRUEnever evaluated
FALSEnever evaluated
0
1828-
1829 if ((secs = convtime(s + 1)) == -1)
(secs = convtime(s + 1)) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1830 fatal("Invalid relative certificate time %s", s);
never executed: fatal("Invalid relative certificate time %s", s);
0
1831 if (mul == -1 && secs > now)
mul == -1Description
TRUEnever evaluated
FALSEnever evaluated
secs > nowDescription
TRUEnever evaluated
FALSEnever evaluated
0
1832 fatal("Certificate time %s cannot be represented", s);
never executed: fatal("Certificate time %s cannot be represented", s);
0
1833 return now + (u_int64_t)(secs * mul);
never executed: return now + (u_int64_t)(secs * mul);
0
1834}-
1835-
1836static void-
1837parse_cert_times(char *timespec)-
1838{-
1839 char *from, *to;-
1840 time_t now = time(NULL);-
1841 int64_t secs;-
1842-
1843 /* +timespec relative to now */-
1844 if (*timespec == '+' && strchr(timespec, ':') == NULL) {
*timespec == '+'Description
TRUEnever evaluated
FALSEnever evaluated
(__extension__...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( ':' )Description
TRUEnever evaluated
FALSEnever evaluated
!__builtin_con...p ( timespec )Description
TRUEnever evaluated
FALSEnever evaluated
( ':' ) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1845 if ((secs = convtime(timespec + 1)) == -1)
(secs = convti...ec + 1)) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
1846 fatal("Invalid relative certificate life %s", timespec);
never executed: fatal("Invalid relative certificate life %s", timespec);
0
1847 cert_valid_to = now + secs;-
1848 /*-
1849 * Backdate certificate one minute to avoid problems on hosts-
1850 * with poorly-synchronised clocks.-
1851 */-
1852 cert_valid_from = ((now - 59)/ 60) * 60;-
1853 return;
never executed: return;
0
1854 }-
1855-
1856 /*-
1857 * from:to, where-
1858 * from := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | "always"-
1859 * to := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS | "forever"-
1860 */-
1861 from = xstrdup(timespec);-
1862 to = strchr(from, ':');
__builtin_constant_p ( ':' )Description
TRUEnever evaluated
FALSEnever evaluated
!__builtin_constant_p ( from )Description
TRUEnever evaluated
FALSEnever evaluated
( ':' ) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1863 if (to == NULL || from == to || *(to + 1) == '\0')
to == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
from == toDescription
TRUEnever evaluated
FALSEnever evaluated
*(to + 1) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1864 fatal("Invalid certificate life specification %s", timespec);
never executed: fatal("Invalid certificate life specification %s", timespec);
0
1865 *to++ = '\0';-
1866-
1867 if (*from == '-' || *from == '+')
*from == '-'Description
TRUEnever evaluated
FALSEnever evaluated
*from == '+'Description
TRUEnever evaluated
FALSEnever evaluated
0
1868 cert_valid_from = parse_relative_time(from, now);
never executed: cert_valid_from = parse_relative_time(from, now);
0
1869 else if (strcmp(from, "always") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( from ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "always" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1870 cert_valid_from = 0;
never executed: cert_valid_from = 0;
0
1871 else if (parse_absolute_time(from, &cert_valid_from) != 0)
parse_absolute...lid_from) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1872 fatal("Invalid from time \"%s\"", from);
never executed: fatal("Invalid from time \"%s\"", from);
0
1873-
1874 if (*to == '-' || *to == '+')
*to == '-'Description
TRUEnever evaluated
FALSEnever evaluated
*to == '+'Description
TRUEnever evaluated
FALSEnever evaluated
0
1875 cert_valid_to = parse_relative_time(to, now);
never executed: cert_valid_to = parse_relative_time(to, now);
0
1876 else if (strcmp(to, "forever") == 0)
never executed: __result = (((const unsigned char *) (const char *) ( to ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "forever" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1877 cert_valid_to = ~(u_int64_t)0;
never executed: cert_valid_to = ~(u_int64_t)0;
0
1878 else if (parse_absolute_time(to, &cert_valid_to) != 0)
parse_absolute...valid_to) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1879 fatal("Invalid to time \"%s\"", to);
never executed: fatal("Invalid to time \"%s\"", to);
0
1880-
1881 if (cert_valid_to <= cert_valid_from)
cert_valid_to ...ert_valid_fromDescription
TRUEnever evaluated
FALSEnever evaluated
0
1882 fatal("Empty certificate validity interval");
never executed: fatal("Empty certificate validity interval");
0
1883 free(from);-
1884}
never executed: end of block
0
1885-
1886static void-
1887add_cert_option(char *opt)-
1888{-
1889 char *val, *cp;-
1890 int iscrit = 0;-
1891-
1892 if (strcasecmp(opt, "clear") == 0)
strcasecmp(opt, "clear") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1893 certflags_flags = 0;
never executed: certflags_flags = 0;
0
1894 else if (strcasecmp(opt, "no-x11-forwarding") == 0)
strcasecmp(opt...warding") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1895 certflags_flags &= ~CERTOPT_X_FWD;
never executed: certflags_flags &= ~(1);
0
1896 else if (strcasecmp(opt, "permit-x11-forwarding") == 0)
strcasecmp(opt...warding") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1897 certflags_flags |= CERTOPT_X_FWD;
never executed: certflags_flags |= (1);
0
1898 else if (strcasecmp(opt, "no-agent-forwarding") == 0)
strcasecmp(opt...warding") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1899 certflags_flags &= ~CERTOPT_AGENT_FWD;
never executed: certflags_flags &= ~(1<<1);
0
1900 else if (strcasecmp(opt, "permit-agent-forwarding") == 0)
strcasecmp(opt...warding") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1901 certflags_flags |= CERTOPT_AGENT_FWD;
never executed: certflags_flags |= (1<<1);
0
1902 else if (strcasecmp(opt, "no-port-forwarding") == 0)
strcasecmp(opt...warding") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1903 certflags_flags &= ~CERTOPT_PORT_FWD;
never executed: certflags_flags &= ~(1<<2);
0
1904 else if (strcasecmp(opt, "permit-port-forwarding") == 0)
strcasecmp(opt...warding") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1905 certflags_flags |= CERTOPT_PORT_FWD;
never executed: certflags_flags |= (1<<2);
0
1906 else if (strcasecmp(opt, "no-pty") == 0)
strcasecmp(opt, "no-pty") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1907 certflags_flags &= ~CERTOPT_PTY;
never executed: certflags_flags &= ~(1<<3);
0
1908 else if (strcasecmp(opt, "permit-pty") == 0)
strcasecmp(opt...mit-pty") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1909 certflags_flags |= CERTOPT_PTY;
never executed: certflags_flags |= (1<<3);
0
1910 else if (strcasecmp(opt, "no-user-rc") == 0)
strcasecmp(opt...user-rc") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1911 certflags_flags &= ~CERTOPT_USER_RC;
never executed: certflags_flags &= ~(1<<4);
0
1912 else if (strcasecmp(opt, "permit-user-rc") == 0)
strcasecmp(opt...user-rc") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1913 certflags_flags |= CERTOPT_USER_RC;
never executed: certflags_flags |= (1<<4);
0
1914 else if (strncasecmp(opt, "force-command=", 14) == 0) {
strncasecmp(op...nd=", 14) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1915 val = opt + 14;-
1916 if (*val == '\0')
*val == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1917 fatal("Empty force-command option");
never executed: fatal("Empty force-command option");
0
1918 if (certflags_command != NULL)
certflags_comm...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1919 fatal("force-command already specified");
never executed: fatal("force-command already specified");
0
1920 certflags_command = xstrdup(val);-
1921 } else if (strncasecmp(opt, "source-address=", 15) == 0) {
never executed: end of block
strncasecmp(op...ss=", 15) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1922 val = opt + 15;-
1923 if (*val == '\0')
*val == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1924 fatal("Empty source-address option");
never executed: fatal("Empty source-address option");
0
1925 if (certflags_src_addr != NULL)
certflags_src_...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1926 fatal("source-address already specified");
never executed: fatal("source-address already specified");
0
1927 if (addr_match_cidr_list(NULL, val) != 0)
addr_match_cid...0) , val) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1928 fatal("Invalid source-address list");
never executed: fatal("Invalid source-address list");
0
1929 certflags_src_addr = xstrdup(val);-
1930 } else if (strncasecmp(opt, "extension:", 10) == 0 ||
never executed: end of block
strncasecmp(op...on:", 10) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1931 (iscrit = (strncasecmp(opt, "critical:", 9) == 0))) {
(iscrit = (str...l:", 9) == 0))Description
TRUEnever evaluated
FALSEnever evaluated
0
1932 val = xstrdup(strchr(opt, ':') + 1);-
1933 if ((cp = strchr(val, '=')) != NULL)
(cp = (__exten...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( '=' )Description
TRUEnever evaluated
FALSEnever evaluated
!__builtin_constant_p ( val )Description
TRUEnever evaluated
FALSEnever evaluated
( '=' ) == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
1934 *cp++ = '\0';
never executed: *cp++ = '\0';
0
1935 cert_userext = xreallocarray(cert_userext, ncert_userext + 1,-
1936 sizeof(*cert_userext));-
1937 cert_userext[ncert_userext].key = val;-
1938 cert_userext[ncert_userext].val = cp == NULL ?
cp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1939 NULL : xstrdup(cp);-
1940 cert_userext[ncert_userext].crit = iscrit;-
1941 ncert_userext++;-
1942 } else
never executed: end of block
0
1943 fatal("Unsupported certificate option \"%s\"", opt);
never executed: fatal("Unsupported certificate option \"%s\"", opt);
0
1944}-
1945-
1946static void-
1947show_options(struct sshbuf *optbuf, int in_critical)-
1948{-
1949 char *name, *arg;-
1950 struct sshbuf *options, *option = NULL;-
1951 int r;-
1952-
1953 if ((options = sshbuf_fromb(optbuf)) == NULL)
(options = ssh...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
1954 fatal("%s: sshbuf_fromb failed", __func__);
never executed: fatal("%s: sshbuf_fromb failed", __func__);
0
1955 while (sshbuf_len(options) != 0) {
sshbuf_len(options) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1956 sshbuf_free(option);-
1957 option = NULL;-
1958 if ((r = sshbuf_get_cstring(options, &name, NULL)) != 0 ||
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1959 (r = sshbuf_froms(options, &option)) != 0)
(r = sshbuf_fr...&option)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1960 fatal("%s: buffer error: %s", __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1961 printf(" %s", name);-
1962 if (!in_critical &&
!in_criticalDescription
TRUEnever evaluated
FALSEnever evaluated
0
1963 (strcmp(name, "permit-X11-forwarding") == 0 ||
never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "permit-X11-forwarding" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1964 strcmp(name, "permit-agent-forwarding") == 0 ||
never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "permit-agent-forwarding" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1965 strcmp(name, "permit-port-forwarding") == 0 ||
never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "permit-port-forwarding" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1966 strcmp(name, "permit-pty") == 0 ||
never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "permit-pty" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1967 strcmp(name, "permit-user-rc") == 0))
never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "permit-user-rc" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1968 printf("\n");
never executed: printf("\n");
0
1969 else if (in_critical &&
in_criticalDescription
TRUEnever evaluated
FALSEnever evaluated
0
1970 (strcmp(name, "force-command") == 0 ||
never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "force-command" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1971 strcmp(name, "source-address") == 0)) {
never executed: __result = (((const unsigned char *) (const char *) ( name ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "source-address" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1972 if ((r = sshbuf_get_cstring(option, &arg, NULL)) != 0)
(r = sshbuf_ge...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1973 fatal("%s: buffer error: %s",
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1974 __func__, ssh_err(r));
never executed: fatal("%s: buffer error: %s", __func__, ssh_err(r));
0
1975 printf(" %s\n", arg);-
1976 free(arg);-
1977 } else {
never executed: end of block
0
1978 printf(" UNKNOWN OPTION (len %zu)\n",-
1979 sshbuf_len(option));-
1980 sshbuf_reset(option);-
1981 }
never executed: end of block
0
1982 free(name);-
1983 if (sshbuf_len(option) != 0)
sshbuf_len(option) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1984 fatal("Option corrupt: extra data at end");
never executed: fatal("Option corrupt: extra data at end");
0
1985 }
never executed: end of block
0
1986 sshbuf_free(option);-
1987 sshbuf_free(options);-
1988}
never executed: end of block
0
1989-
1990static void-
1991print_cert(struct sshkey *key)-
1992{-
1993 char valid[64], *key_fp, *ca_fp;-
1994 u_int i;-
1995-
1996 key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT);-
1997 ca_fp = sshkey_fingerprint(key->cert->signature_key,-
1998 fingerprint_hash, SSH_FP_DEFAULT);-
1999 if (key_fp == NULL || ca_fp == NULL)
key_fp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
ca_fp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2000 fatal("%s: sshkey_fingerprint fail", __func__);
never executed: fatal("%s: sshkey_fingerprint fail", __func__);
0
2001 sshkey_format_cert_validity(key->cert, valid, sizeof(valid));-
2002-
2003 printf(" Type: %s %s certificate\n", sshkey_ssh_name(key),-
2004 sshkey_cert_type(key));-
2005 printf(" Public key: %s %s\n", sshkey_type(key), key_fp);-
2006 printf(" Signing CA: %s %s\n",-
2007 sshkey_type(key->cert->signature_key), ca_fp);-
2008 printf(" Key ID: \"%s\"\n", key->cert->key_id);-
2009 printf(" Serial: %llu\n", (unsigned long long)key->cert->serial);-
2010 printf(" Valid: %s\n", valid);-
2011 printf(" Principals: ");-
2012 if (key->cert->nprincipals == 0)
key->cert->nprincipals == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2013 printf("(none)\n");
never executed: printf("(none)\n");
0
2014 else {-
2015 for (i = 0; i < key->cert->nprincipals; i++)
i < key->cert->nprincipalsDescription
TRUEnever evaluated
FALSEnever evaluated
0
2016 printf("\n %s",
never executed: printf("\n %s", key->cert->principals[i]);
0
2017 key->cert->principals[i]);
never executed: printf("\n %s", key->cert->principals[i]);
0
2018 printf("\n");-
2019 }
never executed: end of block
0
2020 printf(" Critical Options: ");-
2021 if (sshbuf_len(key->cert->critical) == 0)
sshbuf_len(key...critical) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2022 printf("(none)\n");
never executed: printf("(none)\n");
0
2023 else {-
2024 printf("\n");-
2025 show_options(key->cert->critical, 1);-
2026 }
never executed: end of block
0
2027 printf(" Extensions: ");-
2028 if (sshbuf_len(key->cert->extensions) == 0)
sshbuf_len(key...tensions) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2029 printf("(none)\n");
never executed: printf("(none)\n");
0
2030 else {-
2031 printf("\n");-
2032 show_options(key->cert->extensions, 0);-
2033 }
never executed: end of block
0
2034}-
2035-
2036static void-
2037do_show_cert(struct passwd *pw)-
2038{-
2039 struct sshkey *key = NULL;-
2040 struct stat st;-
2041 int r, is_stdin = 0, ok = 0;-
2042 FILE *f;-
2043 char *cp, *line = NULL;-
2044 const char *path;-
2045 size_t linesize = 0;-
2046 u_long lnum = 0;-
2047-
2048 if (!have_identity)
!have_identityDescription
TRUEnever evaluated
FALSEnever evaluated
0
2049 ask_filename(pw, "Enter file in which the key is");
never executed: ask_filename(pw, "Enter file in which the key is");
0
2050 if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) < 0)
never executed: __result = (((const unsigned char *) (const char *) ( identity_file ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "-" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
stat(identity_file, &st) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2051 fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
never executed: fatal("%s: %s: %s", __progname, identity_file, strerror( (*__errno_location ()) ));
0
2052-
2053 path = identity_file;-
2054 if (strcmp(path, "-") == 0) {
never executed: __result = (((const unsigned char *) (const char *) ( path ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "-" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2055 f = stdin;-
2056 path = "(stdin)";-
2057 is_stdin = 1;-
2058 } else if ((f = fopen(identity_file, "r")) == NULL)
never executed: end of block
(f = fopen(ide...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2059 fatal("fopen %s: %s", identity_file, strerror(errno));
never executed: fatal("fopen %s: %s", identity_file, strerror( (*__errno_location ()) ));
0
2060-
2061 while (getline(&line, &linesize, f) != -1) {
getline(&line,...size, f) != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2062 lnum++;-
2063 sshkey_free(key);-
2064 key = NULL;-
2065 /* Trim leading space and comments */-
2066 cp = line + strspn(line, " \t");-
2067 if (*cp == '#' || *cp == '\0')
*cp == '#'Description
TRUEnever evaluated
FALSEnever evaluated
*cp == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
2068 continue;
never executed: continue;
0
2069 if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
(key = sshkey_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2070 fatal("sshkey_new");
never executed: fatal("sshkey_new");
0
2071 if ((r = sshkey_read(key, &cp)) != 0) {
(r = sshkey_re...ey, &cp)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2072 error("%s:%lu: invalid key: %s", path,-
2073 lnum, ssh_err(r));-
2074 continue;
never executed: continue;
0
2075 }-
2076 if (!sshkey_is_cert(key)) {
!sshkey_is_cert(key)Description
TRUEnever evaluated
FALSEnever evaluated
0
2077 error("%s:%lu is not a certificate", path, lnum);-
2078 continue;
never executed: continue;
0
2079 }-
2080 ok = 1;-
2081 if (!is_stdin && lnum == 1)
!is_stdinDescription
TRUEnever evaluated
FALSEnever evaluated
lnum == 1Description
TRUEnever evaluated
FALSEnever evaluated
0
2082 printf("%s:\n", path);
never executed: printf("%s:\n", path);
0
2083 else-
2084 printf("%s:%lu:\n", path, lnum);
never executed: printf("%s:%lu:\n", path, lnum);
0
2085 print_cert(key);-
2086 }
never executed: end of block
0
2087 free(line);-
2088 sshkey_free(key);-
2089 fclose(f);-
2090 exit(ok ? 0 : 1);
never executed: exit(ok ? 0 : 1);
0
2091}-
2092-
2093static void-
2094load_krl(const char *path, struct ssh_krl **krlp)-
2095{-
2096 struct sshbuf *krlbuf;-
2097 int r, fd;-
2098-
2099 if ((krlbuf = sshbuf_new()) == NULL)
(krlbuf = sshb...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2100 fatal("sshbuf_new failed");
never executed: fatal("sshbuf_new failed");
0
2101 if ((fd = open(path, O_RDONLY)) == -1)
(fd = open(path, 00 )) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2102 fatal("open %s: %s", path, strerror(errno));
never executed: fatal("open %s: %s", path, strerror( (*__errno_location ()) ));
0
2103 if ((r = sshkey_load_file(fd, krlbuf)) != 0)
(r = sshkey_lo... krlbuf)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2104 fatal("Unable to load KRL: %s", ssh_err(r));
never executed: fatal("Unable to load KRL: %s", ssh_err(r));
0
2105 close(fd);-
2106 /* XXX check sigs */-
2107 if ((r = ssh_krl_from_blob(krlbuf, krlp, NULL, 0)) != 0 ||
(r = ssh_krl_f...)0) , 0)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2108 *krlp == NULL)
*krlp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2109 fatal("Invalid KRL file: %s", ssh_err(r));
never executed: fatal("Invalid KRL file: %s", ssh_err(r));
0
2110 sshbuf_free(krlbuf);-
2111}
never executed: end of block
0
2112-
2113static void-
2114hash_to_blob(const char *cp, u_char **blobp, size_t *lenp,-
2115 const char *file, u_long lnum)-
2116{-
2117 char *tmp;-
2118 size_t tlen;-
2119 struct sshbuf *b;-
2120 int r;-
2121-
2122 if (strncmp(cp, "SHA256:", 7) != 0)
never executed: __result = (((const unsigned char *) (const char *) ( cp ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "SHA256:" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
(__extension__..." , 7 ))) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( 7 )Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_constant_p ( cp )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( cp ) ...size_t) ( 7 ))Description
TRUEnever evaluated
FALSEnever evaluated
__builtin_cons... ( "SHA256:" )Description
TRUEnever evaluated
FALSEnever evaluated
strlen ( "SHA2...size_t) ( 7 ))Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2123 fatal("%s:%lu: unsupported hash algorithm", file, lnum);
never executed: fatal("%s:%lu: unsupported hash algorithm", file, lnum);
0
2124 cp += 7;-
2125-
2126 /*-
2127 * OpenSSH base64 hashes omit trailing '='-
2128 * characters; put them back for decode.-
2129 */-
2130 tlen = strlen(cp);-
2131 tmp = xmalloc(tlen + 4 + 1);-
2132 strlcpy(tmp, cp, tlen + 1);-
2133 while ((tlen % 4) != 0) {
(tlen % 4) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2134 tmp[tlen++] = '=';-
2135 tmp[tlen] = '\0';-
2136 }
never executed: end of block
0
2137 if ((b = sshbuf_new()) == NULL)
(b = sshbuf_ne...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2138 fatal("%s: sshbuf_new failed", __func__);
never executed: fatal("%s: sshbuf_new failed", __func__);
0
2139 if ((r = sshbuf_b64tod(b, tmp)) != 0)
(r = sshbuf_b6...(b, tmp)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2140 fatal("%s:%lu: decode hash failed: %s", file, lnum, ssh_err(r));
never executed: fatal("%s:%lu: decode hash failed: %s", file, lnum, ssh_err(r));
0
2141 free(tmp);-
2142 *lenp = sshbuf_len(b);-
2143 *blobp = xmalloc(*lenp);-
2144 memcpy(*blobp, sshbuf_ptr(b), *lenp);-
2145 sshbuf_free(b);-
2146}
never executed: end of block
0
2147-
2148static void-
2149update_krl_from_file(struct passwd *pw, const char *file, int wild_ca,-
2150 const struct sshkey *ca, struct ssh_krl *krl)-
2151{-
2152 struct sshkey *key = NULL;-
2153 u_long lnum = 0;-
2154 char *path, *cp, *ep, *line = NULL;-
2155 u_char *blob = NULL;-
2156 size_t blen = 0, linesize = 0;-
2157 unsigned long long serial, serial2;-
2158 int i, was_explicit_key, was_sha1, was_sha256, was_hash, r;-
2159 FILE *krl_spec;-
2160-
2161 path = tilde_expand_filename(file, pw->pw_uid);-
2162 if (strcmp(path, "-") == 0) {
never executed: __result = (((const unsigned char *) (const char *) ( path ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "-" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2163 krl_spec = stdin;-
2164 free(path);-
2165 path = xstrdup("(standard input)");-
2166 } else if ((krl_spec = fopen(path, "r")) == NULL)
never executed: end of block
(krl_spec = fo...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2167 fatal("fopen %s: %s", path, strerror(errno));
never executed: fatal("fopen %s: %s", path, strerror( (*__errno_location ()) ));
0
2168-
2169 if (!quiet)
!quietDescription
TRUEnever evaluated
FALSEnever evaluated
0
2170 printf("Revoking from %s\n", path);
never executed: printf("Revoking from %s\n", path);
0
2171 while (getline(&line, &linesize, krl_spec) != -1) {
getline(&line,...rl_spec) != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2172 lnum++;-
2173 was_explicit_key = was_sha1 = was_sha256 = was_hash = 0;-
2174 cp = line + strspn(line, " \t");-
2175 /* Trim trailing space, comments and strip \n */-
2176 for (i = 0, r = -1; cp[i] != '\0'; i++) {
cp[i] != '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
2177 if (cp[i] == '#' || cp[i] == '\n') {
cp[i] == '#'Description
TRUEnever evaluated
FALSEnever evaluated
cp[i] == '\n'Description
TRUEnever evaluated
FALSEnever evaluated
0
2178 cp[i] = '\0';-
2179 break;
never executed: break;
0
2180 }-
2181 if (cp[i] == ' ' || cp[i] == '\t') {
cp[i] == ' 'Description
TRUEnever evaluated
FALSEnever evaluated
cp[i] == '\t'Description
TRUEnever evaluated
FALSEnever evaluated
0
2182 /* Remember the start of a span of whitespace */-
2183 if (r == -1)
r == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2184 r = i;
never executed: r = i;
0
2185 } else
never executed: end of block
0
2186 r = -1;
never executed: r = -1;
0
2187 }-
2188 if (r != -1)
r != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2189 cp[r] = '\0';
never executed: cp[r] = '\0';
0
2190 if (*cp == '\0')
*cp == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
2191 continue;
never executed: continue;
0
2192 if (strncasecmp(cp, "serial:", 7) == 0) {
strncasecmp(cp...ial:", 7) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2193 if (ca == NULL && !wild_ca) {
ca == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
!wild_caDescription
TRUEnever evaluated
FALSEnever evaluated
0
2194 fatal("revoking certificates by serial number "-
2195 "requires specification of a CA key");-
2196 }
never executed: end of block
0
2197 cp += 7;-
2198 cp = cp + strspn(cp, " \t");-
2199 errno = 0;-
2200 serial = strtoull(cp, &ep, 0);-
2201 if (*cp == '\0' || (*ep != '\0' && *ep != '-'))
*cp == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
*ep != '\0'Description
TRUEnever evaluated
FALSEnever evaluated
*ep != '-'Description
TRUEnever evaluated
FALSEnever evaluated
0
2202 fatal("%s:%lu: invalid serial \"%s\"",
never executed: fatal("%s:%lu: invalid serial \"%s\"", path, lnum, cp);
0
2203 path, lnum, cp);
never executed: fatal("%s:%lu: invalid serial \"%s\"", path, lnum, cp);
0
2204 if (errno == ERANGE && serial == ULLONG_MAX)
(*__errno_location ()) == 34Description
TRUEnever evaluated
FALSEnever evaluated
serial == (0x7...* 2ULL + 1ULL)Description
TRUEnever evaluated
FALSEnever evaluated
0
2205 fatal("%s:%lu: serial out of range",
never executed: fatal("%s:%lu: serial out of range", path, lnum);
0
2206 path, lnum);
never executed: fatal("%s:%lu: serial out of range", path, lnum);
0
2207 serial2 = serial;-
2208 if (*ep == '-') {
*ep == '-'Description
TRUEnever evaluated
FALSEnever evaluated
0
2209 cp = ep + 1;-
2210 errno = 0;-
2211 serial2 = strtoull(cp, &ep, 0);-
2212 if (*cp == '\0' || *ep != '\0')
*cp == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
*ep != '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
2213 fatal("%s:%lu: invalid serial \"%s\"",
never executed: fatal("%s:%lu: invalid serial \"%s\"", path, lnum, cp);
0
2214 path, lnum, cp);
never executed: fatal("%s:%lu: invalid serial \"%s\"", path, lnum, cp);
0
2215 if (errno == ERANGE && serial2 == ULLONG_MAX)
(*__errno_location ()) == 34Description
TRUEnever evaluated
FALSEnever evaluated
serial2 == (0x...* 2ULL + 1ULL)Description
TRUEnever evaluated
FALSEnever evaluated
0
2216 fatal("%s:%lu: serial out of range",
never executed: fatal("%s:%lu: serial out of range", path, lnum);
0
2217 path, lnum);
never executed: fatal("%s:%lu: serial out of range", path, lnum);
0
2218 if (serial2 <= serial)
serial2 <= serialDescription
TRUEnever evaluated
FALSEnever evaluated
0
2219 fatal("%s:%lu: invalid serial range "
never executed: fatal("%s:%lu: invalid serial range " "%llu:%llu", path, lnum, (unsigned long long)serial, (unsigned long long)serial2);
0
2220 "%llu:%llu", path, lnum,
never executed: fatal("%s:%lu: invalid serial range " "%llu:%llu", path, lnum, (unsigned long long)serial, (unsigned long long)serial2);
0
2221 (unsigned long long)serial,
never executed: fatal("%s:%lu: invalid serial range " "%llu:%llu", path, lnum, (unsigned long long)serial, (unsigned long long)serial2);
0
2222 (unsigned long long)serial2);
never executed: fatal("%s:%lu: invalid serial range " "%llu:%llu", path, lnum, (unsigned long long)serial, (unsigned long long)serial2);
0
2223 }
never executed: end of block
0
2224 if (ssh_krl_revoke_cert_by_serial_range(krl,
ssh_krl_revoke... serial2) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2225 ca, serial, serial2) != 0) {
ssh_krl_revoke... serial2) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2226 fatal("%s: revoke serial failed",-
2227 __func__);-
2228 }
never executed: end of block
0
2229 } else if (strncasecmp(cp, "id:", 3) == 0) {
never executed: end of block
strncasecmp(cp, "id:", 3) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2230 if (ca == NULL && !wild_ca) {
ca == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
!wild_caDescription
TRUEnever evaluated
FALSEnever evaluated
0
2231 fatal("revoking certificates by key ID "-
2232 "requires specification of a CA key");-
2233 }
never executed: end of block
0
2234 cp += 3;-
2235 cp = cp + strspn(cp, " \t");-
2236 if (ssh_krl_revoke_cert_by_key_id(krl, ca, cp) != 0)
ssh_krl_revoke..., ca, cp) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2237 fatal("%s: revoke key ID failed", __func__);
never executed: fatal("%s: revoke key ID failed", __func__);
0
2238 } else if (strncasecmp(cp, "hash:", 5) == 0) {
never executed: end of block
strncasecmp(cp...ash:", 5) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2239 cp += 5;-
2240 cp = cp + strspn(cp, " \t");-
2241 hash_to_blob(cp, &blob, &blen, file, lnum);-
2242 r = ssh_krl_revoke_key_sha256(krl, blob, blen);-
2243 } else {
never executed: end of block
0
2244 if (strncasecmp(cp, "key:", 4) == 0) {
strncasecmp(cp...key:", 4) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2245 cp += 4;-
2246 cp = cp + strspn(cp, " \t");-
2247 was_explicit_key = 1;-
2248 } else if (strncasecmp(cp, "sha1:", 5) == 0) {
never executed: end of block
strncasecmp(cp...ha1:", 5) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2249 cp += 5;-
2250 cp = cp + strspn(cp, " \t");-
2251 was_sha1 = 1;-
2252 } else if (strncasecmp(cp, "sha256:", 7) == 0) {
never executed: end of block
strncasecmp(cp...256:", 7) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2253 cp += 7;-
2254 cp = cp + strspn(cp, " \t");-
2255 was_sha256 = 1;-
2256 /*-
2257 * Just try to process the line as a key.-
2258 * Parsing will fail if it isn't.-
2259 */-
2260 }
never executed: end of block
0
2261 if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
(key = sshkey_...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2262 fatal("sshkey_new");
never executed: fatal("sshkey_new");
0
2263 if ((r = sshkey_read(key, &cp)) != 0)
(r = sshkey_re...ey, &cp)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2264 fatal("%s:%lu: invalid key: %s",
never executed: fatal("%s:%lu: invalid key: %s", path, lnum, ssh_err(r));
0
2265 path, lnum, ssh_err(r));
never executed: fatal("%s:%lu: invalid key: %s", path, lnum, ssh_err(r));
0
2266 if (was_explicit_key)
was_explicit_keyDescription
TRUEnever evaluated
FALSEnever evaluated
0
2267 r = ssh_krl_revoke_key_explicit(krl, key);
never executed: r = ssh_krl_revoke_key_explicit(krl, key);
0
2268 else if (was_sha1) {
was_sha1Description
TRUEnever evaluated
FALSEnever evaluated
0
2269 if (sshkey_fingerprint_raw(key,
sshkey_fingerp...b, &blen) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2270 SSH_DIGEST_SHA1, &blob, &blen) != 0) {
sshkey_fingerp...b, &blen) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2271 fatal("%s:%lu: fingerprint failed",-
2272 file, lnum);-
2273 }
never executed: end of block
0
2274 r = ssh_krl_revoke_key_sha1(krl, blob, blen);-
2275 } else if (was_sha256) {
never executed: end of block
was_sha256Description
TRUEnever evaluated
FALSEnever evaluated
0
2276 if (sshkey_fingerprint_raw(key,
sshkey_fingerp...b, &blen) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2277 SSH_DIGEST_SHA256, &blob, &blen) != 0) {
sshkey_fingerp...b, &blen) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2278 fatal("%s:%lu: fingerprint failed",-
2279 file, lnum);-
2280 }
never executed: end of block
0
2281 r = ssh_krl_revoke_key_sha256(krl, blob, blen);-
2282 } else
never executed: end of block
0
2283 r = ssh_krl_revoke_key(krl, key);
never executed: r = ssh_krl_revoke_key(krl, key);
0
2284 if (r != 0)
r != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2285 fatal("%s: revoke key failed: %s",
never executed: fatal("%s: revoke key failed: %s", __func__, ssh_err(r));
0
2286 __func__, ssh_err(r));
never executed: fatal("%s: revoke key failed: %s", __func__, ssh_err(r));
0
2287 freezero(blob, blen);-
2288 blob = NULL;-
2289 blen = 0;-
2290 sshkey_free(key);-
2291 }
never executed: end of block
0
2292 }-
2293 if (strcmp(path, "-") != 0)
never executed: __result = (((const unsigned char *) (const char *) ( path ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "-" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2294 fclose(krl_spec);
never executed: fclose(krl_spec);
0
2295 free(line);-
2296 free(path);-
2297}
never executed: end of block
0
2298-
2299static void-
2300do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)-
2301{-
2302 struct ssh_krl *krl;-
2303 struct stat sb;-
2304 struct sshkey *ca = NULL;-
2305 int fd, i, r, wild_ca = 0;-
2306 char *tmp;-
2307 struct sshbuf *kbuf;-
2308-
2309 if (*identity_file == '\0')
*identity_file == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
2310 fatal("KRL generation requires an output file");
never executed: fatal("KRL generation requires an output file");
0
2311 if (stat(identity_file, &sb) == -1) {
stat(identity_file, &sb) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2312 if (errno != ENOENT)
(*__errno_location ()) != 2Description
TRUEnever evaluated
FALSEnever evaluated
0
2313 fatal("Cannot access KRL \"%s\": %s",
never executed: fatal("Cannot access KRL \"%s\": %s", identity_file, strerror( (*__errno_location ()) ));
0
2314 identity_file, strerror(errno));
never executed: fatal("Cannot access KRL \"%s\": %s", identity_file, strerror( (*__errno_location ()) ));
0
2315 if (updating)
updatingDescription
TRUEnever evaluated
FALSEnever evaluated
0
2316 fatal("KRL \"%s\" does not exist", identity_file);
never executed: fatal("KRL \"%s\" does not exist", identity_file);
0
2317 }
never executed: end of block
0
2318 if (ca_key_path != NULL) {
ca_key_path != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2319 if (strcasecmp(ca_key_path, "none") == 0)
strcasecmp(ca_..., "none") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2320 wild_ca = 1;
never executed: wild_ca = 1;
0
2321 else {-
2322 tmp = tilde_expand_filename(ca_key_path, pw->pw_uid);-
2323 if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0)
(r = sshkey_lo...d *)0) )) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2324 fatal("Cannot load CA public key %s: %s",
never executed: fatal("Cannot load CA public key %s: %s", tmp, ssh_err(r));
0
2325 tmp, ssh_err(r));
never executed: fatal("Cannot load CA public key %s: %s", tmp, ssh_err(r));
0
2326 free(tmp);-
2327 }
never executed: end of block
0
2328 }-
2329-
2330 if (updating)
updatingDescription
TRUEnever evaluated
FALSEnever evaluated
0
2331 load_krl(identity_file, &krl);
never executed: load_krl(identity_file, &krl);
0
2332 else if ((krl = ssh_krl_init()) == NULL)
(krl = ssh_krl...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2333 fatal("couldn't create KRL");
never executed: fatal("couldn't create KRL");
0
2334-
2335 if (cert_serial != 0)
cert_serial != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2336 ssh_krl_set_version(krl, cert_serial);
never executed: ssh_krl_set_version(krl, cert_serial);
0
2337 if (identity_comment != NULL)
identity_comme...!= ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2338 ssh_krl_set_comment(krl, identity_comment);
never executed: ssh_krl_set_comment(krl, identity_comment);
0
2339-
2340 for (i = 0; i < argc; i++)
i < argcDescription
TRUEnever evaluated
FALSEnever evaluated
0
2341 update_krl_from_file(pw, argv[i], wild_ca, ca, krl);
never executed: update_krl_from_file(pw, argv[i], wild_ca, ca, krl);
0
2342-
2343 if ((kbuf = sshbuf_new()) == NULL)
(kbuf = sshbuf...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2344 fatal("sshbuf_new failed");
never executed: fatal("sshbuf_new failed");
0
2345 if (ssh_krl_to_blob(krl, kbuf, NULL, 0) != 0)
ssh_krl_to_blo...*)0) , 0) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2346 fatal("Couldn't generate KRL");
never executed: fatal("Couldn't generate KRL");
0
2347 if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
(fd = open(ide..., 0644)) == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
2348 fatal("open %s: %s", identity_file, strerror(errno));
never executed: fatal("open %s: %s", identity_file, strerror( (*__errno_location ()) ));
0
2349 if (atomicio(vwrite, fd, sshbuf_mutable_ptr(kbuf), sshbuf_len(kbuf)) !=
atomicio((ssiz...hbuf_len(kbuf)Description
TRUEnever evaluated
FALSEnever evaluated
0
2350 sshbuf_len(kbuf))
atomicio((ssiz...hbuf_len(kbuf)Description
TRUEnever evaluated
FALSEnever evaluated
0
2351 fatal("write %s: %s", identity_file, strerror(errno));
never executed: fatal("write %s: %s", identity_file, strerror( (*__errno_location ()) ));
0
2352 close(fd);-
2353 sshbuf_free(kbuf);-
2354 ssh_krl_free(krl);-
2355 sshkey_free(ca);-
2356}
never executed: end of block
0
2357-
2358static void-
2359do_check_krl(struct passwd *pw, int argc, char **argv)-
2360{-
2361 int i, r, ret = 0;-
2362 char *comment;-
2363 struct ssh_krl *krl;-
2364 struct sshkey *k;-
2365-
2366 if (*identity_file == '\0')
*identity_file == '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
2367 fatal("KRL checking requires an input file");
never executed: fatal("KRL checking requires an input file");
0
2368 load_krl(identity_file, &krl);-
2369 for (i = 0; i < argc; i++) {
i < argcDescription
TRUEnever evaluated
FALSEnever evaluated
0
2370 if ((r = sshkey_load_public(argv[i], &k, &comment)) != 0)
(r = sshkey_lo...comment)) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2371 fatal("Cannot load public key %s: %s",
never executed: fatal("Cannot load public key %s: %s", argv[i], ssh_err(r));
0
2372 argv[i], ssh_err(r));
never executed: fatal("Cannot load public key %s: %s", argv[i], ssh_err(r));
0
2373 r = ssh_krl_check_key(krl, k);-
2374 printf("%s%s%s%s: %s\n", argv[i],-
2375 *comment ? " (" : "", comment, *comment ? ")" : "",-
2376 r == 0 ? "ok" : "REVOKED");-
2377 if (r != 0)
r != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2378 ret = 1;
never executed: ret = 1;
0
2379 sshkey_free(k);-
2380 free(comment);-
2381 }
never executed: end of block
0
2382 ssh_krl_free(krl);-
2383 exit(ret);
never executed: exit(ret);
0
2384}-
2385-
2386static void-
2387usage(void)-
2388{-
2389 fprintf(stderr,-
2390 "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]\n"-
2391 " [-N new_passphrase] [-C comment] [-f output_keyfile]\n"-
2392 " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n"-
2393 " ssh-keygen -i [-m key_format] [-f input_keyfile]\n"-
2394 " ssh-keygen -e [-m key_format] [-f input_keyfile]\n"-
2395 " ssh-keygen -y [-f input_keyfile]\n"-
2396 " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n"-
2397 " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n"-
2398 " ssh-keygen -B [-f input_keyfile]\n");-
2399#ifdef ENABLE_PKCS11-
2400 fprintf(stderr,-
2401 " ssh-keygen -D pkcs11\n");-
2402#endif-
2403 fprintf(stderr,-
2404 " ssh-keygen -F hostname [-f known_hosts_file] [-l]\n"-
2405 " ssh-keygen -H [-f known_hosts_file]\n"-
2406 " ssh-keygen -R hostname [-f known_hosts_file]\n"-
2407 " ssh-keygen -r hostname [-f input_keyfile] [-g]\n"-
2408#ifdef WITH_OPENSSL-
2409 " ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n"-
2410 " ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n"-
2411 " [-j start_line] [-K checkpt] [-W generator]\n"-
2412#endif-
2413 " ssh-keygen -s ca_key -I certificate_identity [-h] [-U]\n"-
2414 " [-D pkcs11_provider] [-n principals] [-O option]\n"-
2415 " [-V validity_interval] [-z serial_number] file ...\n"-
2416 " ssh-keygen -L [-f input_keyfile]\n"-
2417 " ssh-keygen -A\n"-
2418 " ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n"-
2419 " file ...\n"-
2420 " ssh-keygen -Q -f krl_file file ...\n");-
2421 exit(1);
never executed: exit(1);
0
2422}-
2423-
2424/*-
2425 * Main program for key management.-
2426 */-
2427int-
2428main(int argc, char **argv)-
2429{-
2430 char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2;-
2431 char *rr_hostname = NULL, *ep, *fp, *ra;-
2432 struct sshkey *private, *public;-
2433 struct passwd *pw;-
2434 struct stat st;-
2435 int r, opt, type, fd;-
2436 int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;-
2437 FILE *f;-
2438 const char *errstr;-
2439#ifdef WITH_OPENSSL-
2440 /* Moduli generation/screening */-
2441 char out_file[PATH_MAX], *checkpoint = NULL;-
2442 u_int32_t memory = 0, generator_wanted = 0;-
2443 int do_gen_candidates = 0, do_screen_candidates = 0;-
2444 unsigned long start_lineno = 0, lines_to_process = 0;-
2445 BIGNUM *start = NULL;-
2446#endif-
2447-
2448 extern int optind;-
2449 extern char *optarg;-
2450-
2451 ssh_malloc_init(); /* must be called before any mallocs */-
2452 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */-
2453 sanitise_stdfd();-
2454-
2455 __progname = ssh_get_progname(argv[0]);-
2456-
2457#ifdef WITH_OPENSSL-
2458 OpenSSL_add_all_algorithms();-
2459#endif-
2460 log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);-
2461-
2462 seed_rng();-
2463-
2464 msetlocale();-
2465-
2466 /* we need this for the home * directory. */-
2467 pw = getpwuid(getuid());-
2468 if (!pw)
!pwDescription
TRUEnever evaluated
FALSEevaluated 28 times by 1 test
Evaluated by:
  • ssh-keygen
0-28
2469 fatal("No user exists for uid %lu", (u_long)getuid());
never executed: fatal("No user exists for uid %lu", (u_long)getuid());
0
2470 if (gethostname(hostname, sizeof(hostname)) < 0)
gethostname(ho...hostname)) < 0Description
TRUEnever evaluated
FALSEevaluated 28 times by 1 test
Evaluated by:
  • ssh-keygen
0-28
2471 fatal("gethostname: %s", strerror(errno));
never executed: fatal("gethostname: %s", strerror( (*__errno_location ()) ));
0
2472-
2473 /* Remaining characters: Ydw */-
2474 while ((opt = getopt(argc, argv, "ABHLQUXceghiklopquvxy"
(opt = BSDgeto...t:z:") ) != -1Description
TRUEevaluated 73 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 28 times by 1 test
Evaluated by:
  • ssh-keygen
28-73
2475 "C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Z:"
(opt = BSDgeto...t:z:") ) != -1Description
TRUEevaluated 73 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 28 times by 1 test
Evaluated by:
  • ssh-keygen
28-73
2476 "a:b:f:g:j:m:n:r:s:t:z:")) != -1) {
(opt = BSDgeto...t:z:") ) != -1Description
TRUEevaluated 73 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 28 times by 1 test
Evaluated by:
  • ssh-keygen
28-73
2477 switch (opt) {-
2478 case 'A':
never executed: case 'A':
0
2479 gen_all_hostkeys = 1;-
2480 break;
never executed: break;
0
2481 case 'b':
never executed: case 'b':
0
2482 bits = (u_int32_t)strtonum(optarg, 10, 32768, &errstr);-
2483 if (errstr)
errstrDescription
TRUEnever evaluated
FALSEnever evaluated
0
2484 fatal("Bits has bad value %s (%s)",
never executed: fatal("Bits has bad value %s (%s)", BSDoptarg, errstr);
0
2485 optarg, errstr);
never executed: fatal("Bits has bad value %s (%s)", BSDoptarg, errstr);
0
2486 break;
never executed: break;
0
2487 case 'E':
executed 2 times by 1 test: case 'E':
Executed by:
  • ssh-keygen
2
2488 fingerprint_hash = ssh_digest_alg_by_name(optarg);-
2489 if (fingerprint_hash == -1)
fingerprint_hash == -1Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • ssh-keygen
0-2
2490 fatal("Invalid hash algorithm \"%s\"", optarg);
never executed: fatal("Invalid hash algorithm \"%s\"", BSDoptarg);
0
2491 break;
executed 2 times by 1 test: break;
Executed by:
  • ssh-keygen
2
2492 case 'F':
never executed: case 'F':
0
2493 find_host = 1;-
2494 rr_hostname = optarg;-
2495 break;
never executed: break;
0
2496 case 'H':
never executed: case 'H':
0
2497 hash_hosts = 1;-
2498 break;
never executed: break;
0
2499 case 'I':
never executed: case 'I':
0
2500 cert_key_id = optarg;-
2501 break;
never executed: break;
0
2502 case 'R':
never executed: case 'R':
0
2503 delete_host = 1;-
2504 rr_hostname = optarg;-
2505 break;
never executed: break;
0
2506 case 'L':
never executed: case 'L':
0
2507 show_cert = 1;-
2508 break;
never executed: break;
0
2509 case 'l':
executed 7 times by 1 test: case 'l':
Executed by:
  • ssh-keygen
7
2510 print_fingerprint = 1;-
2511 break;
executed 7 times by 1 test: break;
Executed by:
  • ssh-keygen
7
2512 case 'B':
executed 5 times by 1 test: case 'B':
Executed by:
  • ssh-keygen
5
2513 print_bubblebabble = 1;-
2514 break;
executed 5 times by 1 test: break;
Executed by:
  • ssh-keygen
5
2515 case 'm':
never executed: case 'm':
0
2516 if (strcasecmp(optarg, "RFC4716") == 0 ||
strcasecmp(BSD...RFC4716") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2517 strcasecmp(optarg, "ssh2") == 0) {
strcasecmp(BSD..., "ssh2") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2518 convert_format = FMT_RFC4716;-
2519 break;
never executed: break;
0
2520 }-
2521 if (strcasecmp(optarg, "PKCS8") == 0) {
strcasecmp(BSD... "PKCS8") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2522 convert_format = FMT_PKCS8;-
2523 break;
never executed: break;
0
2524 }-
2525 if (strcasecmp(optarg, "PEM") == 0) {
strcasecmp(BSD...g, "PEM") == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2526 convert_format = FMT_PEM;-
2527 use_new_format = 0;-
2528 break;
never executed: break;
0
2529 }-
2530 fatal("Unsupported conversion format \"%s\"", optarg);-
2531 case 'n':
code before this statement never executed: case 'n':
never executed: case 'n':
0
2532 cert_principals = optarg;-
2533 break;
never executed: break;
0
2534 case 'o':
never executed: case 'o':
0
2535 /* no-op; new format is already the default */-
2536 break;
never executed: break;
0
2537 case 'p':
never executed: case 'p':
0
2538 change_passphrase = 1;-
2539 break;
never executed: break;
0
2540 case 'c':
never executed: case 'c':
0
2541 change_comment = 1;-
2542 break;
never executed: break;
0
2543 case 'f':
executed 28 times by 1 test: case 'f':
Executed by:
  • ssh-keygen
28
2544 if (strlcpy(identity_file, optarg,
strlcpy(identi...identity_file)Description
TRUEnever evaluated
FALSEevaluated 28 times by 1 test
Evaluated by:
  • ssh-keygen
0-28
2545 sizeof(identity_file)) >= sizeof(identity_file))
strlcpy(identi...identity_file)Description
TRUEnever evaluated
FALSEevaluated 28 times by 1 test
Evaluated by:
  • ssh-keygen
0-28
2546 fatal("Identity filename too long");
never executed: fatal("Identity filename too long");
0
2547 have_identity = 1;-
2548 break;
executed 28 times by 1 test: break;
Executed by:
  • ssh-keygen
28
2549 case 'g':
never executed: case 'g':
0
2550 print_generic = 1;-
2551 break;
never executed: break;
0
2552 case 'P':
never executed: case 'P':
0
2553 identity_passphrase = optarg;-
2554 break;
never executed: break;
0
2555 case 'N':
executed 7 times by 1 test: case 'N':
Executed by:
  • ssh-keygen
7
2556 identity_new_passphrase = optarg;-
2557 break;
executed 7 times by 1 test: break;
Executed by:
  • ssh-keygen
7
2558 case 'Q':
never executed: case 'Q':
0
2559 check_krl = 1;-
2560 break;
never executed: break;
0
2561 case 'O':
never executed: case 'O':
0
2562 add_cert_option(optarg);-
2563 break;
never executed: break;
0
2564 case 'Z':
never executed: case 'Z':
0
2565 new_format_cipher = optarg;-
2566 break;
never executed: break;
0
2567 case 'C':
executed 1 time by 1 test: case 'C':
Executed by:
  • ssh-keygen
1
2568 identity_comment = optarg;-
2569 break;
executed 1 time by 1 test: break;
Executed by:
  • ssh-keygen
1
2570 case 'q':
executed 7 times by 1 test: case 'q':
Executed by:
  • ssh-keygen
7
2571 quiet = 1;-
2572 break;
executed 7 times by 1 test: break;
Executed by:
  • ssh-keygen
7
2573 case 'e':
executed 1 time by 1 test: case 'e':
Executed by:
  • ssh-keygen
1
2574 case 'x':
never executed: case 'x':
0
2575 /* export key */-
2576 convert_to = 1;-
2577 break;
executed 1 time by 1 test: break;
Executed by:
  • ssh-keygen
1
2578 case 'h':
never executed: case 'h':
0
2579 cert_key_type = SSH2_CERT_TYPE_HOST;-
2580 certflags_flags = 0;-
2581 break;
never executed: break;
0
2582 case 'k':
never executed: case 'k':
0
2583 gen_krl = 1;-
2584 break;
never executed: break;
0
2585 case 'i':
executed 6 times by 1 test: case 'i':
Executed by:
  • ssh-keygen
6
2586 case 'X':
never executed: case 'X':
0
2587 /* import key */-
2588 convert_from = 1;-
2589 break;
executed 6 times by 1 test: break;
Executed by:
  • ssh-keygen
6
2590 case 'y':
executed 2 times by 1 test: case 'y':
Executed by:
  • ssh-keygen
2
2591 print_public = 1;-
2592 break;
executed 2 times by 1 test: break;
Executed by:
  • ssh-keygen
2
2593 case 's':
never executed: case 's':
0
2594 ca_key_path = optarg;-
2595 break;
never executed: break;
0
2596 case 't':
executed 7 times by 1 test: case 't':
Executed by:
  • ssh-keygen
7
2597 key_type_name = optarg;-
2598 break;
executed 7 times by 1 test: break;
Executed by:
  • ssh-keygen
7
2599 case 'D':
never executed: case 'D':
0
2600 pkcs11provider = optarg;-
2601 break;
never executed: break;
0
2602 case 'U':
never executed: case 'U':
0
2603 prefer_agent = 1;-
2604 break;
never executed: break;
0
2605 case 'u':
never executed: case 'u':
0
2606 update_krl = 1;-
2607 break;
never executed: break;
0
2608 case 'v':
never executed: case 'v':
0
2609 if (log_level == SYSLOG_LEVEL_INFO)
log_level == SYSLOG_LEVEL_INFODescription
TRUEnever evaluated
FALSEnever evaluated
0
2610 log_level = SYSLOG_LEVEL_DEBUG1;
never executed: log_level = SYSLOG_LEVEL_DEBUG1;
0
2611 else {-
2612 if (log_level >= SYSLOG_LEVEL_DEBUG1 &&
log_level >= S...G_LEVEL_DEBUG1Description
TRUEnever evaluated
FALSEnever evaluated
0
2613 log_level < SYSLOG_LEVEL_DEBUG3)
log_level < SY...G_LEVEL_DEBUG3Description
TRUEnever evaluated
FALSEnever evaluated
0
2614 log_level++;
never executed: log_level++;
0
2615 }
never executed: end of block
0
2616 break;
never executed: break;
0
2617 case 'r':
never executed: case 'r':
0
2618 rr_hostname = optarg;-
2619 break;
never executed: break;
0
2620 case 'a':
never executed: case 'a':
0
2621 rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr);-
2622 if (errstr)
errstrDescription
TRUEnever evaluated
FALSEnever evaluated
0
2623 fatal("Invalid number: %s (%s)",
never executed: fatal("Invalid number: %s (%s)", BSDoptarg, errstr);
0
2624 optarg, errstr);
never executed: fatal("Invalid number: %s (%s)", BSDoptarg, errstr);
0
2625 break;
never executed: break;
0
2626 case 'V':
never executed: case 'V':
0
2627 parse_cert_times(optarg);-
2628 break;
never executed: break;
0
2629 case 'z':
never executed: case 'z':
0
2630 errno = 0;-
2631 cert_serial = strtoull(optarg, &ep, 10);-
2632 if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
*BSDoptarg < '0'Description
TRUEnever evaluated
FALSEnever evaluated
*BSDoptarg > '9'Description
TRUEnever evaluated
FALSEnever evaluated
*ep != '\0'Description
TRUEnever evaluated
FALSEnever evaluated
0
2633 (errno == ERANGE && cert_serial == ULLONG_MAX))
(*__errno_location ()) == 34Description
TRUEnever evaluated
FALSEnever evaluated
cert_serial ==...* 2ULL + 1ULL)Description
TRUEnever evaluated
FALSEnever evaluated
0
2634 fatal("Invalid serial number \"%s\"", optarg);
never executed: fatal("Invalid serial number \"%s\"", BSDoptarg);
0
2635 break;
never executed: break;
0
2636#ifdef WITH_OPENSSL-
2637 /* Moduli generation/screening */-
2638 case 'G':
never executed: case 'G':
0
2639 do_gen_candidates = 1;-
2640 if (strlcpy(out_file, optarg, sizeof(out_file)) >=
strlcpy(out_fi...zeof(out_file)Description
TRUEnever evaluated
FALSEnever evaluated
0
2641 sizeof(out_file))
strlcpy(out_fi...zeof(out_file)Description
TRUEnever evaluated
FALSEnever evaluated
0
2642 fatal("Output filename too long");
never executed: fatal("Output filename too long");
0
2643 break;
never executed: break;
0
2644 case 'J':
never executed: case 'J':
0
2645 lines_to_process = strtoul(optarg, NULL, 10);-
2646 break;
never executed: break;
0
2647 case 'j':
never executed: case 'j':
0
2648 start_lineno = strtoul(optarg, NULL, 10);-
2649 break;
never executed: break;
0
2650 case 'K':
never executed: case 'K':
0
2651 if (strlen(optarg) >= PATH_MAX)
strlen(BSDoptarg) >= 4096Description
TRUEnever evaluated
FALSEnever evaluated
0
2652 fatal("Checkpoint filename too long");
never executed: fatal("Checkpoint filename too long");
0
2653 checkpoint = xstrdup(optarg);-
2654 break;
never executed: break;
0
2655 case 'M':
never executed: case 'M':
0
2656 memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX,-
2657 &errstr);-
2658 if (errstr)
errstrDescription
TRUEnever evaluated
FALSEnever evaluated
0
2659 fatal("Memory limit is %s: %s", errstr, optarg);
never executed: fatal("Memory limit is %s: %s", errstr, BSDoptarg);
0
2660 break;
never executed: break;
0
2661 case 'S':
never executed: case 'S':
0
2662 /* XXX - also compare length against bits */-
2663 if (BN_hex2bn(&start, optarg) == 0)
BN_hex2bn(&sta...SDoptarg) == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2664 fatal("Invalid start point.");
never executed: fatal("Invalid start point.");
0
2665 break;
never executed: break;
0
2666 case 'T':
never executed: case 'T':
0
2667 do_screen_candidates = 1;-
2668 if (strlcpy(out_file, optarg, sizeof(out_file)) >=
strlcpy(out_fi...zeof(out_file)Description
TRUEnever evaluated
FALSEnever evaluated
0
2669 sizeof(out_file))
strlcpy(out_fi...zeof(out_file)Description
TRUEnever evaluated
FALSEnever evaluated
0
2670 fatal("Output filename too long");
never executed: fatal("Output filename too long");
0
2671 break;
never executed: break;
0
2672 case 'W':
never executed: case 'W':
0
2673 generator_wanted = (u_int32_t)strtonum(optarg, 1,-
2674 UINT_MAX, &errstr);-
2675 if (errstr != NULL)
errstr != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2676 fatal("Desired generator invalid: %s (%s)",
never executed: fatal("Desired generator invalid: %s (%s)", BSDoptarg, errstr);
0
2677 optarg, errstr);
never executed: fatal("Desired generator invalid: %s (%s)", BSDoptarg, errstr);
0
2678 break;
never executed: break;
0
2679#endif /* WITH_OPENSSL */-
2680 case '?':
never executed: case '?':
0
2681 default:
never executed: default:
0
2682 usage();-
2683 }
never executed: end of block
0
2684 }-
2685-
2686 /* reinit */-
2687 log_init(argv[0], log_level, SYSLOG_FACILITY_USER, 1);-
2688-
2689 argv += optind;-
2690 argc -= optind;-
2691-
2692 if (ca_key_path != NULL) {
ca_key_path != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 28 times by 1 test
Evaluated by:
  • ssh-keygen
0-28
2693 if (argc < 1 && !gen_krl) {
argc < 1Description
TRUEnever evaluated
FALSEnever evaluated
!gen_krlDescription
TRUEnever evaluated
FALSEnever evaluated
0
2694 error("Too few arguments.");-
2695 usage();-
2696 }
never executed: end of block
0
2697 } else if (argc > 0 && !gen_krl && !check_krl) {
never executed: end of block
argc > 0Description
TRUEnever evaluated
FALSEevaluated 28 times by 1 test
Evaluated by:
  • ssh-keygen
!gen_krlDescription
TRUEnever evaluated
FALSEnever evaluated
!check_krlDescription
TRUEnever evaluated
FALSEnever evaluated
0-28
2698 error("Too many arguments.");-
2699 usage();-
2700 }
never executed: end of block
0
2701 if (change_passphrase && change_comment) {
change_passphraseDescription
TRUEnever evaluated
FALSEevaluated 28 times by 1 test
Evaluated by:
  • ssh-keygen
change_commentDescription
TRUEnever evaluated
FALSEnever evaluated
0-28
2702 error("Can only have one of -p and -c.");-
2703 usage();-
2704 }
never executed: end of block
0
2705 if (print_fingerprint && (delete_host || hash_hosts)) {
print_fingerprintDescription
TRUEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 21 times by 1 test
Evaluated by:
  • ssh-keygen
delete_hostDescription
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
hash_hostsDescription
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-21
2706 error("Cannot use -l with -H or -R.");-
2707 usage();-
2708 }
never executed: end of block
0
2709 if (gen_krl) {
gen_krlDescription
TRUEnever evaluated
FALSEevaluated 28 times by 1 test
Evaluated by:
  • ssh-keygen
0-28
2710 do_gen_krl(pw, update_krl, argc, argv);-
2711 return (0);
never executed: return (0);
0
2712 }-
2713 if (check_krl) {
check_krlDescription
TRUEnever evaluated
FALSEevaluated 28 times by 1 test
Evaluated by:
  • ssh-keygen
0-28
2714 do_check_krl(pw, argc, argv);-
2715 return (0);
never executed: return (0);
0
2716 }-
2717 if (ca_key_path != NULL) {
ca_key_path != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 28 times by 1 test
Evaluated by:
  • ssh-keygen
0-28
2718 if (cert_key_id == NULL)
cert_key_id == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2719 fatal("Must specify key id (-I) when certifying");
never executed: fatal("Must specify key id (-I) when certifying");
0
2720 do_ca_sign(pw, argc, argv);-
2721 }
never executed: end of block
0
2722 if (show_cert)
show_certDescription
TRUEnever evaluated
FALSEevaluated 28 times by 1 test
Evaluated by:
  • ssh-keygen
0-28
2723 do_show_cert(pw);
never executed: do_show_cert(pw);
0
2724 if (delete_host || hash_hosts || find_host)
delete_hostDescription
TRUEnever evaluated
FALSEevaluated 28 times by 1 test
Evaluated by:
  • ssh-keygen
hash_hostsDescription
TRUEnever evaluated
FALSEevaluated 28 times by 1 test
Evaluated by:
  • ssh-keygen
find_hostDescription
TRUEnever evaluated
FALSEevaluated 28 times by 1 test
Evaluated by:
  • ssh-keygen
0-28
2725 do_known_hosts(pw, rr_hostname);
never executed: do_known_hosts(pw, rr_hostname);
0
2726 if (pkcs11provider != NULL)
pkcs11provider != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 28 times by 1 test
Evaluated by:
  • ssh-keygen
0-28
2727 do_download(pw);
never executed: do_download(pw);
0
2728 if (print_fingerprint || print_bubblebabble)
print_fingerprintDescription
TRUEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 21 times by 1 test
Evaluated by:
  • ssh-keygen
print_bubblebabbleDescription
TRUEevaluated 5 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 16 times by 1 test
Evaluated by:
  • ssh-keygen
5-21
2729 do_fingerprint(pw);
executed 12 times by 1 test: do_fingerprint(pw);
Executed by:
  • ssh-keygen
12
2730 if (change_passphrase)
change_passphraseDescription
TRUEnever evaluated
FALSEevaluated 16 times by 1 test
Evaluated by:
  • ssh-keygen
0-16
2731 do_change_passphrase(pw);
never executed: do_change_passphrase(pw);
0
2732 if (change_comment)
change_commentDescription
TRUEnever evaluated
FALSEevaluated 16 times by 1 test
Evaluated by:
  • ssh-keygen
0-16
2733 do_change_comment(pw);
never executed: do_change_comment(pw);
0
2734#ifdef WITH_OPENSSL-
2735 if (convert_to)
convert_toDescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 15 times by 1 test
Evaluated by:
  • ssh-keygen
1-15
2736 do_convert_to(pw);
executed 1 time by 1 test: do_convert_to(pw);
Executed by:
  • ssh-keygen
1
2737 if (convert_from)
convert_fromDescription
TRUEevaluated 6 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 9 times by 1 test
Evaluated by:
  • ssh-keygen
6-9
2738 do_convert_from(pw);
executed 6 times by 1 test: do_convert_from(pw);
Executed by:
  • ssh-keygen
6
2739#endif-
2740 if (print_public)
print_publicDescription
TRUEevaluated 2 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
2-7
2741 do_print_public(pw);
executed 2 times by 1 test: do_print_public(pw);
Executed by:
  • ssh-keygen
2
2742 if (rr_hostname != NULL) {
rr_hostname != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2743 unsigned int n = 0;-
2744-
2745 if (have_identity) {
have_identityDescription
TRUEnever evaluated
FALSEnever evaluated
0
2746 n = do_print_resource_record(pw,-
2747 identity_file, rr_hostname);-
2748 if (n == 0)
n == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2749 fatal("%s: %s", identity_file, strerror(errno));
never executed: fatal("%s: %s", identity_file, strerror( (*__errno_location ()) ));
0
2750 exit(0);
never executed: exit(0);
0
2751 } else {-
2752-
2753 n += do_print_resource_record(pw,-
2754 _PATH_HOST_RSA_KEY_FILE, rr_hostname);-
2755 n += do_print_resource_record(pw,-
2756 _PATH_HOST_DSA_KEY_FILE, rr_hostname);-
2757 n += do_print_resource_record(pw,-
2758 _PATH_HOST_ECDSA_KEY_FILE, rr_hostname);-
2759 n += do_print_resource_record(pw,-
2760 _PATH_HOST_ED25519_KEY_FILE, rr_hostname);-
2761 n += do_print_resource_record(pw,-
2762 _PATH_HOST_XMSS_KEY_FILE, rr_hostname);-
2763 if (n == 0)
n == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2764 fatal("no keys found.");
never executed: fatal("no keys found.");
0
2765 exit(0);
never executed: exit(0);
0
2766 }-
2767 }-
2768-
2769#ifdef WITH_OPENSSL-
2770 if (do_gen_candidates) {
do_gen_candidatesDescription
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2771 FILE *out = fopen(out_file, "w");-
2772-
2773 if (out == NULL) {
out == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2774 error("Couldn't open modulus candidate file \"%s\": %s",-
2775 out_file, strerror(errno));-
2776 return (1);
never executed: return (1);
0
2777 }-
2778 if (bits == 0)
bits == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2779 bits = DEFAULT_BITS;
never executed: bits = 2048;
0
2780 if (gen_candidates(out, memory, bits, start) != 0)
gen_candidates...s, start) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2781 fatal("modulus candidate generation failed");
never executed: fatal("modulus candidate generation failed");
0
2782-
2783 return (0);
never executed: return (0);
0
2784 }-
2785-
2786 if (do_screen_candidates) {
do_screen_candidatesDescription
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2787 FILE *in;-
2788 FILE *out = fopen(out_file, "a");-
2789-
2790 if (have_identity && strcmp(identity_file, "-") != 0) {
never executed: __result = (((const unsigned char *) (const char *) ( identity_file ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( "-" ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
have_identityDescription
TRUEnever evaluated
FALSEnever evaluated
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2791 if ((in = fopen(identity_file, "r")) == NULL) {
(in = fopen(id...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2792 fatal("Couldn't open modulus candidate "-
2793 "file \"%s\": %s", identity_file,-
2794 strerror(errno));-
2795 }
never executed: end of block
0
2796 } else
never executed: end of block
0
2797 in = stdin;
never executed: in = stdin ;
0
2798-
2799 if (out == NULL) {
out == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2800 fatal("Couldn't open moduli file \"%s\": %s",-
2801 out_file, strerror(errno));-
2802 }
never executed: end of block
0
2803 if (prime_test(in, out, rounds == 0 ? 100 : rounds,
prime_test(in,..._process) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2804 generator_wanted, checkpoint,
prime_test(in,..._process) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2805 start_lineno, lines_to_process) != 0)
prime_test(in,..._process) != 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2806 fatal("modulus screening failed");
never executed: fatal("modulus screening failed");
0
2807 return (0);
never executed: return (0);
0
2808 }-
2809#endif-
2810-
2811 if (gen_all_hostkeys) {
gen_all_hostkeysDescription
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2812 do_gen_all_hostkeys(pw);-
2813 return (0);
never executed: return (0);
0
2814 }-
2815-
2816 if (key_type_name == NULL)
key_type_name == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2817 key_type_name = DEFAULT_KEY_TYPE_NAME;
never executed: key_type_name = "rsa";
0
2818-
2819 type = sshkey_type_from_name(key_type_name);-
2820 type_bits_valid(type, key_type_name, &bits);-
2821-
2822 if (!quiet)
!quietDescription
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2823 printf("Generating public/private %s key pair.\n",
never executed: printf("Generating public/private %s key pair.\n", key_type_name);
0
2824 key_type_name);
never executed: printf("Generating public/private %s key pair.\n", key_type_name);
0
2825 if ((r = sshkey_generate(type, bits, &private)) != 0)
(r = sshkey_ge...private)) != 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2826 fatal("sshkey_generate failed");
never executed: fatal("sshkey_generate failed");
0
2827 if ((r = sshkey_from_private(private, &public)) != 0)
(r = sshkey_fr...&public)) != 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2828 fatal("sshkey_from_private failed: %s\n", ssh_err(r));
never executed: fatal("sshkey_from_private failed: %s\n", ssh_err(r));
0
2829-
2830 if (!have_identity)
!have_identityDescription
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2831 ask_filename(pw, "Enter file in which to save the key");
never executed: ask_filename(pw, "Enter file in which to save the key");
0
2832-
2833 /* Create ~/.ssh directory if it doesn't already exist. */-
2834 snprintf(dotsshdir, sizeof dotsshdir, "%s/%s",-
2835 pw->pw_dir, _PATH_SSH_USER_DIR);-
2836 if (strstr(identity_file, dotsshdir) != NULL) {
strstr(identit...!= ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2837 if (stat(dotsshdir, &st) < 0) {
stat(dotsshdir, &st) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2838 if (errno != ENOENT) {
(*__errno_location ()) != 2Description
TRUEnever evaluated
FALSEnever evaluated
0
2839 error("Could not stat %s: %s", dotsshdir,-
2840 strerror(errno));-
2841 } else if (mkdir(dotsshdir, 0700) < 0) {
never executed: end of block
mkdir(dotsshdir, 0700) < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2842 error("Could not create directory '%s': %s",-
2843 dotsshdir, strerror(errno));-
2844 } else if (!quiet)
never executed: end of block
!quietDescription
TRUEnever evaluated
FALSEnever evaluated
0
2845 printf("Created directory '%s'.\n", dotsshdir);
never executed: printf("Created directory '%s'.\n", dotsshdir);
0
2846 }
never executed: end of block
0
2847 }
never executed: end of block
0
2848 /* If the file already exists, ask the user to confirm. */-
2849 if (stat(identity_file, &st) >= 0) {
stat(identity_file, &st) >= 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2850 char yesno[3];-
2851 printf("%s already exists.\n", identity_file);-
2852 printf("Overwrite (y/n)? ");-
2853 fflush(stdout);-
2854 if (fgets(yesno, sizeof(yesno), stdin) == NULL)
fgets(yesno, s...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2855 exit(1);
never executed: exit(1);
0
2856 if (yesno[0] != 'y' && yesno[0] != 'Y')
yesno[0] != 'y'Description
TRUEnever evaluated
FALSEnever evaluated
yesno[0] != 'Y'Description
TRUEnever evaluated
FALSEnever evaluated
0
2857 exit(1);
never executed: exit(1);
0
2858 }
never executed: end of block
0
2859 /* Ask for a passphrase (twice). */-
2860 if (identity_passphrase)
identity_passphraseDescription
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2861 passphrase1 = xstrdup(identity_passphrase);
never executed: passphrase1 = xstrdup(identity_passphrase);
0
2862 else if (identity_new_passphrase)
identity_new_passphraseDescription
TRUEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
FALSEnever evaluated
0-7
2863 passphrase1 = xstrdup(identity_new_passphrase);
executed 7 times by 1 test: passphrase1 = xstrdup(identity_new_passphrase);
Executed by:
  • ssh-keygen
7
2864 else {-
2865passphrase_again:-
2866 passphrase1 =-
2867 read_passphrase("Enter passphrase (empty for no "-
2868 "passphrase): ", RP_ALLOW_STDIN);-
2869 passphrase2 = read_passphrase("Enter same passphrase again: ",-
2870 RP_ALLOW_STDIN);-
2871 if (strcmp(passphrase1, passphrase2) != 0) {
never executed: __result = (((const unsigned char *) (const char *) ( passphrase1 ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
never executed: __result = (((const unsigned char *) (const char *) ( passphrase2 ))[3] - __s2[3]);
never executed: end of block
never executed: end of block
__extension__ ... )))); }) != 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s1_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 0Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 1Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
__s2_len > 2Description
TRUEnever evaluated
FALSEnever evaluated
__result == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
2872 /*-
2873 * The passphrases do not match. Clear them and-
2874 * retry.-
2875 */-
2876 explicit_bzero(passphrase1, strlen(passphrase1));-
2877 explicit_bzero(passphrase2, strlen(passphrase2));-
2878 free(passphrase1);-
2879 free(passphrase2);-
2880 printf("Passphrases do not match. Try again.\n");-
2881 goto passphrase_again;
never executed: goto passphrase_again;
0
2882 }-
2883 /* Clear the other copy of the passphrase. */-
2884 explicit_bzero(passphrase2, strlen(passphrase2));-
2885 free(passphrase2);-
2886 }
never executed: end of block
0
2887-
2888 if (identity_comment) {
identity_commentDescription
TRUEevaluated 1 time by 1 test
Evaluated by:
  • ssh-keygen
FALSEevaluated 6 times by 1 test
Evaluated by:
  • ssh-keygen
1-6
2889 strlcpy(comment, identity_comment, sizeof(comment));-
2890 } else {
executed 1 time by 1 test: end of block
Executed by:
  • ssh-keygen
1
2891 /* Create default comment field for the passphrase. */-
2892 snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname);-
2893 }
executed 6 times by 1 test: end of block
Executed by:
  • ssh-keygen
6
2894-
2895 /* Save the key with the given passphrase and comment. */-
2896 if ((r = sshkey_save_private(private, identity_file, passphrase1,
(r = sshkey_sa... rounds)) != 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2897 comment, use_new_format, new_format_cipher, rounds)) != 0) {
(r = sshkey_sa... rounds)) != 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2898 error("Saving key \"%s\" failed: %s",-
2899 identity_file, ssh_err(r));-
2900 explicit_bzero(passphrase1, strlen(passphrase1));-
2901 free(passphrase1);-
2902 exit(1);
never executed: exit(1);
0
2903 }-
2904 /* Clear the passphrase. */-
2905 explicit_bzero(passphrase1, strlen(passphrase1));-
2906 free(passphrase1);-
2907-
2908 /* Clear the private key and the random number generator. */-
2909 sshkey_free(private);-
2910-
2911 if (!quiet)
!quietDescription
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2912 printf("Your identification has been saved in %s.\n", identity_file);
never executed: printf("Your identification has been saved in %s.\n", identity_file);
0
2913-
2914 strlcat(identity_file, ".pub", sizeof(identity_file));-
2915 if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
(fd = open(ide..., 0644)) == -1Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2916 fatal("Unable to save public key to %s: %s",
never executed: fatal("Unable to save public key to %s: %s", identity_file, strerror( (*__errno_location ()) ));
0
2917 identity_file, strerror(errno));
never executed: fatal("Unable to save public key to %s: %s", identity_file, strerror( (*__errno_location ()) ));
0
2918 if ((f = fdopen(fd, "w")) == NULL)
(f = fdopen(fd...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2919 fatal("fdopen %s failed: %s", identity_file, strerror(errno));
never executed: fatal("fdopen %s failed: %s", identity_file, strerror( (*__errno_location ()) ));
0
2920 if ((r = sshkey_write(public, f)) != 0)
(r = sshkey_wr...blic, f)) != 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2921 error("write key failed: %s", ssh_err(r));
never executed: error("write key failed: %s", ssh_err(r));
0
2922 fprintf(f, " %s\n", comment);-
2923 if (ferror(f) || fclose(f) != 0)
ferror(f)Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
fclose(f) != 0Description
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2924 fatal("write public failed: %s", strerror(errno));
never executed: fatal("write public failed: %s", strerror( (*__errno_location ()) ));
0
2925-
2926 if (!quiet) {
!quietDescription
TRUEnever evaluated
FALSEevaluated 7 times by 1 test
Evaluated by:
  • ssh-keygen
0-7
2927 fp = sshkey_fingerprint(public, fingerprint_hash,-
2928 SSH_FP_DEFAULT);-
2929 ra = sshkey_fingerprint(public, fingerprint_hash,-
2930 SSH_FP_RANDOMART);-
2931 if (fp == NULL || ra == NULL)
fp == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
ra == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
2932 fatal("sshkey_fingerprint failed");
never executed: fatal("sshkey_fingerprint failed");
0
2933 printf("Your public key has been saved in %s.\n",-
2934 identity_file);-
2935 printf("The key fingerprint is:\n");-
2936 printf("%s %s\n", fp, comment);-
2937 printf("The key's randomart image is:\n");-
2938 printf("%s\n", ra);-
2939 free(ra);-
2940 free(fp);-
2941 }
never executed: end of block
0
2942-
2943 sshkey_free(public);-
2944 exit(0);
executed 7 times by 1 test: exit(0);
Executed by:
  • ssh-keygen
7
2945}-
Source codeSwitch to Preprocessed file

Generated by Squish Coco 4.2.2