src/usr.bin/ssh/ssh-keygen.c - diff

Return to ssh-keygen.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/ssh-keygen.c between version 1.247 and 1.251

version 1.247, 2014/06/24 01:13:21

version 1.251, 2014/12/21 22:27:56

Line 22

#include <errno.h>

#include <fcntl.h>

#include <netdb.h>

#include <pwd.h>

#include <stdio.h>

#include <stdlib.h>

Line 44

Line 45

#include "ssh2.h"

#include "atomicio.h"

#include "krl.h"

#include "digest.h"

#ifdef ENABLE_PKCS11

#include "ssh-pkcs11.h"

Line 85

Line 87

int print_fingerprint = 0;

int print_bubblebabble = 0;

/* Hash algorithm to use for fingerprints. */

int fingerprint_hash = SSH_FP_HASH_DEFAULT;

/* The identity file name, given on the command line or entered by the user. */

char identity_file[1024];

int have_identity = 0;

Line 160

Line 165

/* argv0 */

extern char *__progname;

char hostname[MAXHOSTNAMELEN];

char hostname[NI_MAXHOST];

/* moduli.c */

int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);

Line 736

Line 741

Key **keys = NULL;

int i, nkeys;

enum fp_rep rep;

enum fp_type fptype;

int fptype;

char *fp, *ra;

fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5;

fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;

rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;

rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;

pkcs11_init(0);

nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys);

Line 749

Line 754

for (i = 0; i < nkeys; i++) {

if (print_fingerprint) {

fp = key_fingerprint(keys[i], fptype, rep);

ra = key_fingerprint(keys[i], SSH_FP_MD5,

ra = key_fingerprint(keys[i], fingerprint_hash,

SSH_FP_RANDOMART);

printf("%u %s %s (PKCS11 key)\n", key_size(keys[i]),

fp, key_type(keys[i]));

Line 779

Line 784

char *comment = NULL, *cp, *ep, line[16*1024], *fp, *ra;

int i, skip = 0, num = 0, invalid = 1;

enum fp_rep rep;

enum fp_type fptype;

int fptype;

struct stat st;

fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5;

fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;

rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;

rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;

if (!have_identity)

ask_filename(pw, "Enter file in which the key is");

if (stat(identity_file, &st) < 0) {

Line 794

Line 798

public = key_load_public(identity_file, &comment);

if (public != NULL) {

fp = key_fingerprint(public, fptype, rep);

ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART);

ra = key_fingerprint(public, fingerprint_hash,

SSH_FP_RANDOMART);

printf("%u %s %s (%s)\n", key_size(public), fp, comment,

key_type(public));

if (log_level >= SYSLOG_LEVEL_VERBOSE)

Line 860

Line 865

}

comment = *cp ? cp : comment;

fp = key_fingerprint(public, fptype, rep);

ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART);

ra = key_fingerprint(public, fingerprint_hash,

SSH_FP_RANDOMART);

printf("%u %s %s (%s)\n", key_size(public), fp,

comment ? comment : "no comment", key_type(public));

if (log_level >= SYSLOG_LEVEL_VERBOSE)

Line 952

Line 958

f = fdopen(fd, "w");

if (f == NULL) {

printf("fdopen %s failed\n", identity_file);

close(fd);

key_free(public);

first = 0;

continue;

}

if (!key_write(public, f)) {

fprintf(stderr, "write key failed\n");

fclose(f);

key_free(public);

first = 0;

continue;

Line 972

Line 980

}

static void

printhost(FILE *f, const char *name, Key *public, int ca, int hash)

printhost(FILE *f, const char *name, Key *public, int ca, int revoked, int hash)

{

if (print_fingerprint) {

enum fp_rep rep;

enum fp_type fptype;

int fptype;

char *fp, *ra;

fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5;

fptype = print_bubblebabble ?

rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;

SSH_DIGEST_SHA1 : fingerprint_hash;

rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;

fp = key_fingerprint(public, fptype, rep);

ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART);

ra = key_fingerprint(public, fingerprint_hash,

SSH_FP_RANDOMART);

printf("%u %s %s (%s)\n", key_size(public), fp, name,

key_type(public));

if (log_level >= SYSLOG_LEVEL_VERBOSE)

Line 992

Line 1002

} else {

if (hash && (name = host_hash(name, NULL, 0)) == NULL)

fatal("hash_host failed");

fprintf(f, "%s%s%s ", ca ? CA_MARKER : "", ca ? " " : "", name);

fprintf(f, "%s%s%s ", ca ? CA_MARKER " " : "",

revoked ? REVOKE_MARKER " " : "" , name);

if (!key_write(public, f))

fatal("key_write failed");

fprintf(f, "\n");

Line 1007

Line 1018

char *cp, *cp2, *kp, *kp2;

char line[16*1024], tmp[MAXPATHLEN], old[MAXPATHLEN];

int c, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0;

int ca;

int ca, revoked;

int found_key = 0;

if (!have_identity) {

Line 1021

Line 1032

if ((in = fopen(identity_file, "r")) == NULL)

fatal("%s: %s: %s", __progname, identity_file, strerror(errno));

/* XXX this code is a mess; refactor -djm */

* Find hosts goes to stdout, hash and deletions happen in-place

* A corner case is ssh-keygen -HF foo, which should go to stdout

Line 1064

Line 1076

fprintf(out, "%s\n", cp);

continue;

}

/* Check whether this is a CA key */

/* Check whether this is a CA key or revocation marker */

if (strncasecmp(cp, CA_MARKER, sizeof(CA_MARKER) - 1) == 0 &&

(cp[sizeof(CA_MARKER) - 1] == ' ' ||

cp[sizeof(CA_MARKER) - 1] == '\t')) {

Line 1072

Line 1084

cp += sizeof(CA_MARKER);

} else

ca = 0;

if (strncasecmp(cp, REVOKE_MARKER,

sizeof(REVOKE_MARKER) - 1) == 0 &&

(cp[sizeof(REVOKE_MARKER) - 1] == ' ' ||

cp[sizeof(REVOKE_MARKER) - 1] == '\t')) {

revoked = 1;

cp += sizeof(REVOKE_MARKER);

} else

revoked = 0;

/* Find the end of the host name portion. */

for (kp = cp; *kp && *kp != ' ' && *kp != '\t'; kp++)

Line 1115

Line 1135

printf("# Host %s found: "

"line %d type %s%s\n", name,

num, key_type(pub),

ca ? " (CA key)" : "");

ca ? " (CA key)" :

printhost(out, cp, pub, ca, 0);

revoked? " (revoked)" : "");

printhost(out, cp, pub, ca, revoked, 0);

found_key = 1;

}

if (delete_host) {

if (!c && !ca)

if (!c || ca || revoked) {

printhost(out, cp, pub, ca, 0);

printhost(out, cp, pub,

else

ca, revoked, 0);

} else {

printf("# Host %s found: "

"line %d type %s\n", name,

num, key_type(pub));

}

} else if (hash_hosts)

printhost(out, cp, pub, ca, 0);

printhost(out, cp, pub, ca, revoked, 0);

} else {

if (find_host || delete_host) {

c = (match_hostname(name, cp,

Line 1139

Line 1162

"line %d type %s%s\n", name,

num, key_type(pub),

ca ? " (CA key)" : "");

printhost(out, name, pub,

printhost(out, name, pub, ca, revoked,

ca, hash_hosts && !ca);

hash_hosts && !(ca || revoked));

found_key = 1;

}

if (delete_host) {

if (!c && !ca)

if (!c || ca || revoked) {

printhost(out, cp, pub, ca, 0);

printhost(out, cp, pub,

else

ca, revoked, 0);

} else {

printf("# Host %s found: "

"line %d type %s\n", name,

num, key_type(pub));

}

} else if (hash_hosts && (ca || revoked)) {

/* Don't hash CA and revoked keys' hostnames */

printhost(out, cp, pub, ca, revoked, 0);

has_unhashed = 1;

} else if (hash_hosts) {

/* Hash each hostname separately */

for (cp2 = strsep(&cp, ",");

cp2 != NULL && *cp2 != '\0';

cp2 = strsep(&cp, ",")) {

if (ca) {

if (strcspn(cp2, "*?!") !=

fprintf(stderr, "Warning: "

"ignoring CA key for host: "

"%.64s\n", cp2);

printhost(out, cp2, pub, ca, 0);

} else if (strcspn(cp2, "*?!") !=

strlen(cp2)) {

fprintf(stderr, "Warning: "

"ignoring host name with "

"metacharacters: %.64s\n",

cp2);

printhost(out, cp2, pub, ca, 0);

printhost(out, cp2, pub, ca,

} else

revoked, 0);

printhost(out, cp2, pub, ca, 1);

has_unhashed = 1;

} else {

printhost(out, cp2, pub, ca,

revoked, 1);

}

has_unhashed = 1;

}

key_free(pub);

Line 1873

Line 1901

fatal("%s is not a certificate", identity_file);

v00 = key->type == KEY_RSA_CERT_V00 || key->type == KEY_DSA_CERT_V00;

key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);

key_fp = key_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT);

ca_fp = key_fingerprint(key->cert->signature_key,

SSH_FP_MD5, SSH_FP_HEX);

fingerprint_hash, SSH_FP_DEFAULT);

printf("%s:\n", identity_file);

printf(" Type: %s %s certificate\n", key_ssh_name(key),

Line 2154

Line 2182

" ssh-keygen -e [-m key_format] [-f input_keyfile]\n"

" ssh-keygen -y [-f input_keyfile]\n"

" ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n"

" ssh-keygen -l [-f input_keyfile]\n"

" ssh-keygen -l [-E fingerprint_hash] [-f input_keyfile]\n"

" ssh-keygen -B [-f input_keyfile]\n");

#ifdef ENABLE_PKCS11

fprintf(stderr,

Line 2219

Line 2247

exit(1);

}

/* Remaining characters: EUYdw */

/* Remaining characters: UYdw */

while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy"

"C:D:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Z:a:b:f:g:j:m:n:r:s:t:z:")) != -1) {

"C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Z:"

"a:b:f:g:j:m:n:r:s:t:z:")) != -1) {

switch (opt) {

case 'A':

gen_all_hostkeys = 1;

Line 2232

Line 2261

fatal("Bits has bad value %s (%s)",

optarg, errstr);

break;

case 'E':

fingerprint_hash = ssh_digest_alg_by_name(optarg);

if (fingerprint_hash == -1)

fatal("Invalid hash algorithm \"%s\"", optarg);

break;

case 'F':

find_host = 1;

rr_hostname = optarg;

Line 2663

Line 2697

fclose(f);

if (!quiet) {

char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX);

char *fp = key_fingerprint(public, fingerprint_hash,

char *ra = key_fingerprint(public, SSH_FP_MD5,

SSH_FP_DEFAULT);

char *ra = key_fingerprint(public, fingerprint_hash,

SSH_FP_RANDOMART);

printf("Your public key has been saved in %s.\n",

identity_file);