===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.269
retrieving revision 1.272
diff -u -r1.269 -r1.272
--- src/usr.bin/ssh/ssh-keygen.c	2015/04/17 13:19:22	1.269
+++ src/usr.bin/ssh/ssh-keygen.c	2015/05/21 12:01:19	1.272
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.269 2015/04/17 13:19:22 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.272 2015/05/21 12:01:19 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -176,11 +176,14 @@
 static void
 type_bits_valid(int type, const char *name, u_int32_t *bitsp)
 {
+#ifdef WITH_OPENSSL
 	u_int maxbits, nid;
+#endif
 
 	if (type == KEY_UNSPEC)
 		fatal("unknown key type %s", key_type_name);
 	if (*bitsp == 0) {
+#ifdef WITH_OPENSSL
 		if (type == KEY_DSA)
 			*bitsp = DEFAULT_BITS_DSA;
 		else if (type == KEY_ECDSA) {
@@ -191,13 +194,14 @@
 				*bitsp = DEFAULT_BITS_ECDSA;
 		}
 		else
+#endif
 			*bitsp = DEFAULT_BITS;
 	}
+#ifdef WITH_OPENSSL
 	maxbits = (type == KEY_DSA) ?
 	    OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
 	if (*bitsp > maxbits)
 		fatal("key bits exceeds maximum %d", maxbits);
-#ifdef WITH_OPENSSL
 	if (type == KEY_DSA && *bitsp != 1024)
 		fatal("DSA keys must be 1024 bits");
 	else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)
@@ -1059,7 +1063,13 @@
 known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
 {
 	struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
+	enum sshkey_fp_rep rep;
+	int fptype;
+	char *fp;
 
+	fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;
+	rep =    print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
+
 	if (l->status == HKF_STATUS_MATCHED) {
 		if (delete_host) {
 			if (l->marker != MRK_NONE) {
@@ -1087,7 +1097,12 @@
 			}
 			if (hash_hosts)
 				known_hosts_hash(l, ctx);
-			else
+			else if (print_fingerprint) {
+				fp = sshkey_fingerprint(l->key, fptype, rep);
+				printf("%s %s %s %s\n", ctx->host,
+				    sshkey_type(l->key), fp, l->comment);
+				free(fp);
+			} else
 				fprintf(ctx->out, "%s\n", l->line);
 			return 0;
 		}
@@ -1108,6 +1123,7 @@
 	char *cp, tmp[PATH_MAX], old[PATH_MAX];
 	int r, fd, oerrno, inplace = 0;
 	struct known_hosts_ctx ctx;
+	u_int foreach_options;
 
 	if (!have_identity) {
 		cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
@@ -1144,9 +1160,11 @@
 	}
 
 	/* XXX support identity_file == "-" for stdin */
+	foreach_options = find_host ? HKF_WANT_MATCH : 0;
+	foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0;
 	if ((r = hostkeys_foreach(identity_file,
 	    hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx,
-	    name, NULL, find_host ? HKF_WANT_MATCH : 0)) != 0)
+	    name, NULL, foreach_options)) != 0)
 		fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));
 
 	if (inplace)
@@ -1572,7 +1590,7 @@
 			otmp = tmp = xstrdup(cert_principals);
 			plist = NULL;
 			for (; (cp = strsep(&tmp, ",")) != NULL; n++) {
-				plist = xrealloc(plist, n + 1, sizeof(*plist));
+				plist = xreallocarray(plist, n + 1, sizeof(*plist));
 				if (*(plist[n] = xstrdup(cp)) == '\0')
 					fatal("Empty principal name");
 			}