===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.152
retrieving revision 1.172
diff -u -r1.152 -r1.172
--- src/usr.bin/ssh/ssh-keygen.c	2006/07/26 13:57:17	1.152
+++ src/usr.bin/ssh/ssh-keygen.c	2008/11/07 00:42:12	1.172
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.152 2006/07/26 13:57:17 stevesk Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.172 2008/11/07 00:42:12 stevesk Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -12,10 +12,9 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-#include "includes.h"
-
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <sys/socket.h>
 #include <sys/param.h>
 
 #include <openssl/evp.h>
@@ -24,6 +23,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <pwd.h>
+#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
@@ -34,7 +34,6 @@
 #include "authfile.h"
 #include "uuencode.h"
 #include "buffer.h"
-#include "bufaux.h"
 #include "pathnames.h"
 #include "log.h"
 #include "misc.h"
@@ -65,6 +64,8 @@
 
 int quiet = 0;
 
+int log_level = SYSLOG_LEVEL_INFO;
+
 /* Flag indicating that we want to hash a known_hosts file */
 int hash_hosts = 0;
 /* Flag indicating that we want lookup a host in known_hosts file */
@@ -135,8 +136,7 @@
 	fprintf(stderr, "%s (%s): ", prompt, identity_file);
 	if (fgets(buf, sizeof(buf), stdin) == NULL)
 		exit(1);
-	if (strchr(buf, '\n'))
-		*strchr(buf, '\n') = 0;
+	buf[strcspn(buf, "\n")] = '\0';
 	if (strcmp(buf, "") != 0)
 		strlcpy(identity_file, buf, sizeof(identity_file));
 	have_identity = 1;
@@ -216,7 +216,8 @@
 	if (buffer_len(b) < bytes)
 		fatal("buffer_get_bignum_bits: input buffer too small: "
 		    "need %d have %d", bytes, buffer_len(b));
-	BN_bin2bn(buffer_ptr(b), bytes, value);
+	if (BN_bin2bn(buffer_ptr(b), bytes, value) == NULL)
+		fatal("buffer_get_bignum_bits: BN_bin2bn failed");
 	buffer_consume(b, bytes);
 }
 
@@ -234,7 +235,7 @@
 	buffer_init(&b);
 	buffer_append(&b, blob, blen);
 
-	magic  = buffer_get_int(&b);
+	magic = buffer_get_int(&b);
 	if (magic != SSH_COM_PRIVATE_KEY_MAGIC) {
 		error("bad magic 0x%x != 0x%x", magic, SSH_COM_PRIVATE_KEY_MAGIC);
 		buffer_free(&b);
@@ -246,7 +247,7 @@
 	i2 = buffer_get_int(&b);
 	i3 = buffer_get_int(&b);
 	i4 = buffer_get_int(&b);
-	debug("ignore (%d %d %d %d)", i1,i2,i3,i4);
+	debug("ignore (%d %d %d %d)", i1, i2, i3, i4);
 	if (strcmp(cipher, "none") != 0) {
 		error("unsupported cipher %s", cipher);
 		xfree(cipher);
@@ -277,7 +278,7 @@
 		buffer_get_bignum_bits(&b, key->dsa->priv_key);
 		break;
 	case KEY_RSA:
-		e  = buffer_get_char(&b);
+		e = buffer_get_char(&b);
 		debug("e %lx", e);
 		if (e < 30) {
 			e <<= 8;
@@ -339,9 +340,8 @@
 		line[pos++] = c;
 		line[pos] = '\0';
 	}
-	if (c == EOF)
-		return -1;
-	return pos;
+	/* We reached EOF */
+	return -1;
 }
 
 static void
@@ -498,8 +498,8 @@
 {
 	FILE *f;
 	Key *public;
-	char *comment = NULL, *cp, *ep, line[16*1024], *fp;
-	int i, skip = 0, num = 1, invalid = 1;
+	char *comment = NULL, *cp, *ep, line[16*1024], *fp, *ra;
+	int i, skip = 0, num = 0, invalid = 1;
 	enum fp_rep rep;
 	enum fp_type fptype;
 	struct stat st;
@@ -516,9 +516,14 @@
 	public = key_load_public(identity_file, &comment);
 	if (public != NULL) {
 		fp = key_fingerprint(public, fptype, rep);
-		printf("%u %s %s\n", key_size(public), fp, comment);
+		ra = key_fingerprint(public, fptype, SSH_FP_RANDOMART);
+		printf("%u %s %s (%s)\n", key_size(public), fp, comment,
+		    key_type(public));
+		if (log_level >= SYSLOG_LEVEL_VERBOSE)
+			printf("%s\n", ra);
 		key_free(public);
 		xfree(comment);
+		xfree(ra);
 		xfree(fp);
 		exit(0);
 	}
@@ -530,9 +535,9 @@
 	f = fopen(identity_file, "r");
 	if (f != NULL) {
 		while (fgets(line, sizeof(line), f)) {
-			i = strlen(line) - 1;
-			if (line[i] != '\n') {
-				error("line %d too long: %.40s...", num, line);
+			if ((cp = strchr(line, '\n')) == NULL) {
+				error("line %d too long: %.40s...",
+				    num + 1, line);
 				skip = 1;
 				continue;
 			}
@@ -541,13 +546,13 @@
 				skip = 0;
 				continue;
 			}
-			line[i] = '\0';
+			*cp = '\0';
 
 			/* Skip leading whitespace, empty and comment lines. */
 			for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
 				;
 			if (!*cp || *cp == '\n' || *cp == '#')
-				continue ;
+				continue;
 			i = strtol(cp, &ep, 10);
 			if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) {
 				int quoted = 0;
@@ -576,8 +581,12 @@
 			}
 			comment = *cp ? cp : comment;
 			fp = key_fingerprint(public, fptype, rep);
-			printf("%u %s %s\n", key_size(public), fp,
-			    comment ? comment : "no comment");
+			ra = key_fingerprint(public, fptype, SSH_FP_RANDOMART);
+			printf("%u %s %s (%s)\n", key_size(public), fp,
+			    comment ? comment : "no comment", key_type(public));
+			if (log_level >= SYSLOG_LEVEL_VERBOSE)
+				printf("%s\n", ra);
+			xfree(ra);
 			xfree(fp);
 			key_free(public);
 			invalid = 0;
@@ -592,14 +601,31 @@
 }
 
 static void
-print_host(FILE *f, char *name, Key *public, int hash)
+print_host(FILE *f, const char *name, Key *public, int hash)
 {
-	if (hash && (name = host_hash(name, NULL, 0)) == NULL)
-		fatal("hash_host failed");
-	fprintf(f, "%s ", name);
-	if (!key_write(public, f))
-		fatal("key_write failed");
-	fprintf(f, "\n");
+	if (print_fingerprint) {
+		enum fp_rep rep;
+		enum fp_type fptype;
+		char *fp, *ra;
+
+		fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5;
+		rep =    print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;
+		fp = key_fingerprint(public, fptype, rep);
+		ra = key_fingerprint(public, fptype, SSH_FP_RANDOMART);
+		printf("%u %s %s (%s)\n", key_size(public), fp, name,
+		    key_type(public));
+		if (log_level >= SYSLOG_LEVEL_VERBOSE)
+			printf("%s\n", ra);
+		xfree(ra);
+		xfree(fp);
+	} else {
+		if (hash && (name = host_hash(name, NULL, 0)) == NULL)
+			fatal("hash_host failed");
+		fprintf(f, "%s ", name);
+		if (!key_write(public, f))
+			fatal("key_write failed");
+		fprintf(f, "\n");
+	}
 }
 
 static void
@@ -609,7 +635,7 @@
 	Key *public;
 	char *cp, *cp2, *kp, *kp2;
 	char line[16*1024], tmp[MAXPATHLEN], old[MAXPATHLEN];
-	int c, i, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0;
+	int c, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0;
 
 	if (!have_identity) {
 		cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
@@ -644,19 +670,18 @@
 	}
 
 	while (fgets(line, sizeof(line), in)) {
-		num++;
-		i = strlen(line) - 1;
-		if (line[i] != '\n') {
-			error("line %d too long: %.40s...", num, line);
+		if ((cp = strchr(line, '\n')) == NULL) {
+			error("line %d too long: %.40s...", num + 1, line);
 			skip = 1;
 			invalid = 1;
 			continue;
 		}
+		num++;
 		if (skip) {
 			skip = 0;
 			continue;
 		}
-		line[i] = '\0';
+		*cp = '\0';
 
 		/* Skip leading whitespace, empty and comment lines. */
 		for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -720,7 +745,8 @@
 					printf("# Host %s found: "
 					    "line %d type %s\n", name,
 					    num, key_type(public));
-					print_host(out, cp, public, hash_hosts);
+					print_host(out, name, public,
+					    hash_hosts);
 				}
 				if (delete_host && !c)
 					print_host(out, cp, public, 0);
@@ -744,7 +770,7 @@
 	fclose(in);
 
 	if (invalid) {
-		fprintf(stderr, "%s is not a valid known_host file.\n",
+		fprintf(stderr, "%s is not a valid known_hosts file.\n",
 		    identity_file);
 		if (inplace) {
 			fprintf(stderr, "Not replacing existing known_hosts "
@@ -956,8 +982,7 @@
 			key_free(private);
 			exit(1);
 		}
-		if (strchr(new_comment, '\n'))
-			*strchr(new_comment, '\n') = 0;
+		new_comment[strcspn(new_comment, "\n")] = '\0';
 	}
 
 	/* Save the file using the new passphrase. */
@@ -1000,7 +1025,7 @@
 static void
 usage(void)
 {
-	fprintf(stderr, "Usage: %s [options]\n", __progname);
+	fprintf(stderr, "usage: %s [options]\n", __progname);
 	fprintf(stderr, "Options:\n");
 	fprintf(stderr, "  -a trials   Number of trials for screening DH-GEX moduli.\n");
 	fprintf(stderr, "  -B          Show bubblebabble digest of key file.\n");
@@ -1010,13 +1035,13 @@
 #ifdef SMARTCARD
 	fprintf(stderr, "  -D reader   Download public key from smartcard.\n");
 #endif /* SMARTCARD */
-	fprintf(stderr, "  -e          Convert OpenSSH to IETF SECSH key file.\n");
+	fprintf(stderr, "  -e          Convert OpenSSH to RFC 4716 key file.\n");
 	fprintf(stderr, "  -F hostname Find hostname in known hosts file.\n");
 	fprintf(stderr, "  -f filename Filename of the key file.\n");
 	fprintf(stderr, "  -G file     Generate candidates for DH-GEX moduli.\n");
 	fprintf(stderr, "  -g          Use generic DNS resource record format.\n");
 	fprintf(stderr, "  -H          Hash names in known_hosts file.\n");
-	fprintf(stderr, "  -i          Convert IETF SECSH to OpenSSH key file.\n");
+	fprintf(stderr, "  -i          Convert RFC 4716 to OpenSSH key file.\n");
 	fprintf(stderr, "  -l          Show fingerprint of key file.\n");
 	fprintf(stderr, "  -M memory   Amount of memory (MB) to use for generating DH-GEX moduli.\n");
 	fprintf(stderr, "  -N phrase   Provide new passphrase.\n");
@@ -1042,7 +1067,7 @@
  * Main program for key management.
  */
 int
-main(int ac, char **av)
+main(int argc, char **argv)
 {
 	char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;
 	char out_file[MAXPATHLEN], *reader_id = NULL;
@@ -1053,7 +1078,6 @@
 	int opt, type, fd, download = 0;
 	u_int32_t memory = 0, generator_wanted = 0, trials = 100;
 	int do_gen_candidates = 0, do_screen_candidates = 0;
-	int log_level = SYSLOG_LEVEL_INFO;
 	BIGNUM *start = NULL;
 	FILE *f;
 	const char *errstr;
@@ -1065,7 +1089,7 @@
 	sanitise_stdfd();
 
 	SSLeay_add_all_algorithms();
-	log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
+	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
 
 	/* we need this for the home * directory.  */
 	pw = getpwuid(getuid());
@@ -1078,7 +1102,7 @@
 		exit(1);
 	}
 
-	while ((opt = getopt(ac, av,
+	while ((opt = getopt(argc, argv,
 	    "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
 		switch (opt) {
 		case 'b':
@@ -1211,9 +1235,9 @@
 	}
 
 	/* reinit */
-	log_init(av[0], log_level, SYSLOG_FACILITY_USER, 1);
+	log_init(argv[0], log_level, SYSLOG_FACILITY_USER, 1);
 
-	if (optind < ac) {
+	if (optind < argc) {
 		printf("Too many arguments.\n");
 		usage();
 	}
@@ -1221,6 +1245,10 @@
 		printf("Can only have one of -p and -c.\n");
 		usage();
 	}
+	if (print_fingerprint && (delete_host || hash_hosts)) {
+		printf("Cannot use -l with -D or -R.\n");
+		usage();
+	}
 	if (delete_host || hash_hosts || find_host)
 		do_known_hosts(pw, rr_hostname);
 	if (print_fingerprint || print_bubblebabble)
@@ -1385,7 +1413,7 @@
 	if (identity_comment) {
 		strlcpy(comment, identity_comment, sizeof(comment));
 	} else {
-		/* Create default commend field for the passphrase. */
+		/* Create default comment field for the passphrase. */
 		snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname);
 	}
 
@@ -1425,10 +1453,15 @@
 
 	if (!quiet) {
 		char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX);
+		char *ra = key_fingerprint(public, SSH_FP_MD5,
+		    SSH_FP_RANDOMART);
 		printf("Your public key has been saved in %s.\n",
 		    identity_file);
 		printf("The key fingerprint is:\n");
 		printf("%s %s\n", fp, comment);
+		printf("The key's randomart image is:\n");
+		printf("%s\n", ra);
+		xfree(ra);
 		xfree(fp);
 	}