src/usr.bin/ssh/ssh-keygen.c - diff

Return to ssh-keygen.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/ssh-keygen.c between version 1.246 and 1.249

version 1.246, 2014/04/29 18:01:49

version 1.249, 2014/07/03 03:47:27

Line 22

#include <errno.h>

#include <fcntl.h>

#include <netdb.h>

#include <pwd.h>

#include <stdio.h>

#include <stdlib.h>

Line 160

Line 161

/* argv0 */

extern char *__progname;

char hostname[MAXHOSTNAMELEN];

char hostname[NI_MAXHOST];

/* moduli.c */

int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);

Line 473

Line 474

buffer_get_bignum_bits(&b, key->rsa->iqmp);

buffer_get_bignum_bits(&b, key->rsa->q);

buffer_get_bignum_bits(&b, key->rsa->p);

rsa_generate_additional_parameters(key->rsa);

if (rsa_generate_additional_parameters(key->rsa) != 0)

fatal("%s: rsa_generate_additional_parameters "

"error", __func__);

break;

}

rlen = buffer_len(&b);

Line 970

Line 973

}

static void

printhost(FILE *f, const char *name, Key *public, int ca, int hash)

printhost(FILE *f, const char *name, Key *public, int ca, int revoked, int hash)

{

if (print_fingerprint) {

enum fp_rep rep;

Line 990

Line 993

} else {

if (hash && (name = host_hash(name, NULL, 0)) == NULL)

fatal("hash_host failed");

fprintf(f, "%s%s%s ", ca ? CA_MARKER : "", ca ? " " : "", name);

fprintf(f, "%s%s%s ", ca ? CA_MARKER " " : "",

revoked ? REVOKE_MARKER " " : "" , name);

if (!key_write(public, f))

fatal("key_write failed");

fprintf(f, "\n");

Line 1005

Line 1009

char *cp, *cp2, *kp, *kp2;

char line[16*1024], tmp[MAXPATHLEN], old[MAXPATHLEN];

int c, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0;

int ca;

int ca, revoked;

int found_key = 0;

if (!have_identity) {

Line 1019

Line 1023

if ((in = fopen(identity_file, "r")) == NULL)

fatal("%s: %s: %s", __progname, identity_file, strerror(errno));

/* XXX this code is a mess; refactor -djm */

* Find hosts goes to stdout, hash and deletions happen in-place

* A corner case is ssh-keygen -HF foo, which should go to stdout

Line 1062

Line 1067

fprintf(out, "%s\n", cp);

continue;

}

/* Check whether this is a CA key */

/* Check whether this is a CA key or revocation marker */

if (strncasecmp(cp, CA_MARKER, sizeof(CA_MARKER) - 1) == 0 &&

(cp[sizeof(CA_MARKER) - 1] == ' ' ||

cp[sizeof(CA_MARKER) - 1] == '\t')) {

Line 1070

Line 1075

cp += sizeof(CA_MARKER);

} else

ca = 0;

if (strncasecmp(cp, REVOKE_MARKER,

sizeof(REVOKE_MARKER) - 1) == 0 &&

(cp[sizeof(REVOKE_MARKER) - 1] == ' ' ||

cp[sizeof(REVOKE_MARKER) - 1] == '\t')) {

revoked = 1;

cp += sizeof(REVOKE_MARKER);

} else

revoked = 0;

/* Find the end of the host name portion. */

for (kp = cp; *kp && *kp != ' ' && *kp != '\t'; kp++)

Line 1113

Line 1126

printf("# Host %s found: "

"line %d type %s%s\n", name,

num, key_type(pub),

ca ? " (CA key)" : "");

ca ? " (CA key)" :

printhost(out, cp, pub, ca, 0);

revoked? " (revoked)" : "");

printhost(out, cp, pub, ca, revoked, 0);

found_key = 1;

}

if (delete_host) {

if (!c && !ca)

if (!c || ca || revoked) {

printhost(out, cp, pub, ca, 0);

printhost(out, cp, pub,

else

ca, revoked, 0);

} else {

printf("# Host %s found: "

"line %d type %s\n", name,

num, key_type(pub));

}

} else if (hash_hosts)

printhost(out, cp, pub, ca, 0);

printhost(out, cp, pub, ca, revoked, 0);

} else {

if (find_host || delete_host) {

c = (match_hostname(name, cp,

Line 1137

Line 1153

"line %d type %s%s\n", name,

num, key_type(pub),

ca ? " (CA key)" : "");

printhost(out, name, pub,

printhost(out, name, pub, ca, revoked,

ca, hash_hosts && !ca);

hash_hosts && !(ca || revoked));

found_key = 1;

}

if (delete_host) {

if (!c && !ca)

if (!c || ca || revoked) {

printhost(out, cp, pub, ca, 0);

printhost(out, cp, pub,

else

ca, revoked, 0);

} else {

printf("# Host %s found: "

"line %d type %s\n", name,

num, key_type(pub));

}

} else if (hash_hosts && (ca || revoked)) {

/* Don't hash CA and revoked keys' hostnames */

printhost(out, cp, pub, ca, revoked, 0);

has_unhashed = 1;

} else if (hash_hosts) {

/* Hash each hostname separately */

for (cp2 = strsep(&cp, ",");

cp2 != NULL && *cp2 != '\0';

cp2 = strsep(&cp, ",")) {

if (ca) {

if (strcspn(cp2, "*?!") !=

fprintf(stderr, "Warning: "

"ignoring CA key for host: "

"%.64s\n", cp2);

printhost(out, cp2, pub, ca, 0);

} else if (strcspn(cp2, "*?!") !=

strlen(cp2)) {

fprintf(stderr, "Warning: "

"ignoring host name with "

"metacharacters: %.64s\n",

cp2);

printhost(out, cp2, pub, ca, 0);

printhost(out, cp2, pub, ca,

} else

revoked, 0);

printhost(out, cp2, pub, ca, 1);

has_unhashed = 1;

} else {

printhost(out, cp2, pub, ca,

revoked, 1);

}

has_unhashed = 1;

}

key_free(pub);

Line 1622

Line 1643

public->cert->valid_after = cert_valid_from;

public->cert->valid_before = cert_valid_to;

if (v00) {

prepare_options_buf(&public->cert->critical,

prepare_options_buf(public->cert->critical,

OPTIONS_CRITICAL|OPTIONS_EXTENSIONS);

} else {

prepare_options_buf(&public->cert->critical,

prepare_options_buf(public->cert->critical,

OPTIONS_CRITICAL);

prepare_options_buf(&public->cert->extensions,

prepare_options_buf(public->cert->extensions,

OPTIONS_EXTENSIONS);

}

public->cert->signature_key = key_from_private(ca);

Line 1898

Line 1919

printf("\n");

}

printf(" Critical Options: ");

if (buffer_len(&key->cert->critical) == 0)

if (buffer_len(key->cert->critical) == 0)

printf("(none)\n");

else {

printf("\n");

show_options(&key->cert->critical, v00, 1);

show_options(key->cert->critical, v00, 1);

}

if (!v00) {

printf(" Extensions: ");

if (buffer_len(&key->cert->extensions) == 0)

if (buffer_len(key->cert->extensions) == 0)

printf("(none)\n");

else {

printf("\n");

show_options(&key->cert->extensions, v00, 0);

show_options(key->cert->extensions, v00, 0);

}

exit(0);