===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.136
retrieving revision 1.157
diff -u -r1.136 -r1.157
--- src/usr.bin/ssh/ssh-keygen.c	2006/02/20 17:19:54	1.136
+++ src/usr.bin/ssh/ssh-keygen.c	2007/01/03 00:53:38	1.157
@@ -1,3 +1,4 @@
+/* $OpenBSD: ssh-keygen.c,v 1.157 2007/01/03 00:53:38 stevesk Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -11,32 +12,38 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.136 2006/02/20 17:19:54 stevesk Exp $");
-
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/param.h>
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 
+#include <errno.h>
+#include <fcntl.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
 #include "xmalloc.h"
 #include "key.h"
 #include "rsa.h"
 #include "authfile.h"
 #include "uuencode.h"
 #include "buffer.h"
-#include "bufaux.h"
 #include "pathnames.h"
 #include "log.h"
 #include "misc.h"
 #include "match.h"
 #include "hostfile.h"
+#include "dns.h"
 
 #ifdef SMARTCARD
 #include "scard.h"
 #endif
-#include "dns.h"
 
 /* Number of bits in the RSA/DSA key.  This value can be set on the command line. */
 #define DEFAULT_BITS		2048
@@ -106,7 +113,7 @@
 
 	if (key_type_name == NULL)
 		name = _PATH_SSH_CLIENT_ID_RSA;
-	else
+	else {
 		switch (key_type_from_name(key_type_name)) {
 		case KEY_RSA1:
 			name = _PATH_SSH_CLIENT_IDENTITY;
@@ -122,7 +129,7 @@
 			exit(1);
 			break;
 		}
-
+	}
 	snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name);
 	fprintf(stderr, "%s (%s): ", prompt, identity_file);
 	if (fgets(buf, sizeof(buf), stdin) == NULL)
@@ -208,7 +215,8 @@
 	if (buffer_len(b) < bytes)
 		fatal("buffer_get_bignum_bits: input buffer too small: "
 		    "need %d have %d", bytes, buffer_len(b));
-	BN_bin2bn(buffer_ptr(b), bytes, value);
+	if (BN_bin2bn(buffer_ptr(b), bytes, value) == NULL)
+		fatal("buffer_get_bignum_bits: BN_bin2bn failed");
 	buffer_consume(b, bytes);
 }
 
@@ -305,13 +313,43 @@
 	return key;
 }
 
+static int
+get_line(FILE *fp, char *line, size_t len)
+{
+	int c;
+	size_t pos = 0;
+
+	line[0] = '\0';
+	while ((c = fgetc(fp)) != EOF) {
+		if (pos >= len - 1) {
+			fprintf(stderr, "input line too long.\n");
+			exit(1);
+		}
+		switch (c) {
+		case '\r':
+			c = fgetc(fp);
+			if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) {
+				fprintf(stderr, "unget: %s\n", strerror(errno));
+				exit(1);
+			}
+			return pos;
+		case '\n':
+			return pos;
+		}
+		line[pos++] = c;
+		line[pos] = '\0';
+	}
+	/* We reached EOF */
+	return -1;
+}
+
 static void
 do_convert_from_ssh2(struct passwd *pw)
 {
 	Key *k;
 	int blen;
 	u_int len;
-	char line[1024], *p;
+	char line[1024];
 	u_char blob[8096];
 	char encoded[8096];
 	struct stat st;
@@ -330,12 +368,8 @@
 		exit(1);
 	}
 	encoded[0] = '\0';
-	while (fgets(line, sizeof(line), fp)) {
-		if (!(p = strchr(line, '\n'))) {
-			fprintf(stderr, "input line too long.\n");
-			exit(1);
-		}
-		if (p > line && p[-1] == '\\')
+	while ((blen = get_line(fp, line, sizeof(line))) != -1) {
+		if (line[blen - 1] == '\\')
 			escaped++;
 		if (strncmp(line, "----", 4) == 0 ||
 		    strstr(line, ": ") != NULL) {
@@ -352,7 +386,6 @@
 			/* fprintf(stderr, "escaped: %s", line); */
 			continue;
 		}
-		*p = '\0';
 		strlcat(encoded, line, sizeof(encoded));
 	}
 	len = strlen(encoded);
@@ -488,8 +521,10 @@
 		xfree(fp);
 		exit(0);
 	}
-	if (comment)
+	if (comment) {
 		xfree(comment);
+		comment = NULL;
+	}
 
 	f = fopen(identity_file, "r");
 	if (f != NULL) {
@@ -835,30 +870,32 @@
 /*
  * Print the SSHFP RR.
  */
-static void
-do_print_resource_record(struct passwd *pw, char *hname)
+static int
+do_print_resource_record(struct passwd *pw, char *fname, char *hname)
 {
 	Key *public;
 	char *comment = NULL;
 	struct stat st;
 
-	if (!have_identity)
+	if (fname == NULL)
 		ask_filename(pw, "Enter file in which the key is");
-	if (stat(identity_file, &st) < 0) {
-		perror(identity_file);
+	if (stat(fname, &st) < 0) {
+		if (errno == ENOENT)
+			return 0;
+		perror(fname);
 		exit(1);
 	}
-	public = key_load_public(identity_file, &comment);
+	public = key_load_public(fname, &comment);
 	if (public != NULL) {
 		export_dns_rr(hname, public, stdout, print_generic);
 		key_free(public);
 		xfree(comment);
-		exit(0);
+		return 1;
 	}
 	if (comment)
 		xfree(comment);
 
-	printf("failed to read v2 public key from %s.\n", identity_file);
+	printf("failed to read v2 public key from %s.\n", fname);
 	exit(1);
 }
 
@@ -1004,7 +1041,7 @@
  * Main program for key management.
  */
 int
-main(int ac, char **av)
+main(int argc, char **argv)
 {
 	char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;
 	char out_file[MAXPATHLEN], *reader_id = NULL;
@@ -1027,7 +1064,7 @@
 	sanitise_stdfd();
 
 	SSLeay_add_all_algorithms();
-	log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
+	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
 
 	/* we need this for the home * directory.  */
 	pw = getpwuid(getuid());
@@ -1040,11 +1077,11 @@
 		exit(1);
 	}
 
-	while ((opt = getopt(ac, av,
+	while ((opt = getopt(argc, argv,
 	    "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
 		switch (opt) {
 		case 'b':
-			bits = strtonum(optarg, 768, 32768, &errstr);
+			bits = (u_int32_t)strtonum(optarg, 768, 32768, &errstr);
 			if (errstr)
 				fatal("Bits has bad value %s (%s)",
 					optarg, errstr);
@@ -1114,6 +1151,7 @@
 			break;
 		case 'D':
 			download = 1;
+			/*FALLTHROUGH*/
 		case 'U':
 			reader_id = optarg;
 			break;
@@ -1130,19 +1168,20 @@
 			rr_hostname = optarg;
 			break;
 		case 'W':
-			generator_wanted = strtonum(optarg, 1, UINT_MAX, &errstr);
+			generator_wanted = (u_int32_t)strtonum(optarg, 1,
+			    UINT_MAX, &errstr);
 			if (errstr)
 				fatal("Desired generator has bad value: %s (%s)",
 					optarg, errstr);
 			break;
 		case 'a':
-			trials = strtonum(optarg, 1, UINT_MAX, &errstr);
+			trials = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr);
 			if (errstr)
 				fatal("Invalid number of trials: %s (%s)",
 					optarg, errstr);
 			break;
 		case 'M':
-			memory = strtonum(optarg, 1, UINT_MAX, &errstr);
+			memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr);
 			if (errstr) {
 				fatal("Memory limit is %s: %s", errstr, optarg);
 			}
@@ -1171,9 +1210,9 @@
 	}
 
 	/* reinit */
-	log_init(av[0], log_level, SYSLOG_FACILITY_USER, 1);
+	log_init(argv[0], log_level, SYSLOG_FACILITY_USER, 1);
 
-	if (optind < ac) {
+	if (optind < argc) {
 		printf("Too many arguments.\n");
 		usage();
 	}
@@ -1196,7 +1235,27 @@
 	if (print_public)
 		do_print_public(pw);
 	if (rr_hostname != NULL) {
-		do_print_resource_record(pw, rr_hostname);
+		unsigned int n = 0;
+
+		if (have_identity) {
+			n = do_print_resource_record(pw,
+			    identity_file, rr_hostname);
+			if (n == 0) {
+				perror(identity_file);
+				exit(1);
+			}
+			exit(0);
+		} else {
+
+			n += do_print_resource_record(pw,
+			    _PATH_HOST_RSA_KEY_FILE, rr_hostname);
+			n += do_print_resource_record(pw,
+			    _PATH_HOST_DSA_KEY_FILE, rr_hostname);
+
+			if (n == 0)
+				fatal("no keys found.");
+			exit(0);
+		}
 	}
 	if (reader_id != NULL) {
 #ifdef SMARTCARD