=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.c,v retrieving revision 1.269 retrieving revision 1.273 diff -u -r1.269 -r1.273 --- src/usr.bin/ssh/ssh-keygen.c 2015/04/17 13:19:22 1.269 +++ src/usr.bin/ssh/ssh-keygen.c 2015/05/28 04:40:13 1.273 @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.269 2015/04/17 13:19:22 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.273 2015/05/28 04:40:13 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -52,6 +52,12 @@ #include "ssh-pkcs11.h" #endif +#ifdef WITH_OPENSSL +# define DEFAULT_KEY_TYPE_NAME "rsa" +#else +# define DEFAULT_KEY_TYPE_NAME "ed25519" +#endif + /* Number of bits in the RSA/DSA key. This value can be set on the command line. */ #define DEFAULT_BITS 2048 #define DEFAULT_BITS_DSA 1024 @@ -176,11 +182,14 @@ static void type_bits_valid(int type, const char *name, u_int32_t *bitsp) { +#ifdef WITH_OPENSSL u_int maxbits, nid; +#endif if (type == KEY_UNSPEC) fatal("unknown key type %s", key_type_name); if (*bitsp == 0) { +#ifdef WITH_OPENSSL if (type == KEY_DSA) *bitsp = DEFAULT_BITS_DSA; else if (type == KEY_ECDSA) { @@ -191,13 +200,14 @@ *bitsp = DEFAULT_BITS_ECDSA; } else +#endif *bitsp = DEFAULT_BITS; } +#ifdef WITH_OPENSSL maxbits = (type == KEY_DSA) ? OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; if (*bitsp > maxbits) fatal("key bits exceeds maximum %d", maxbits); -#ifdef WITH_OPENSSL if (type == KEY_DSA && *bitsp != 1024) fatal("DSA keys must be 1024 bits"); else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) @@ -1059,7 +1069,13 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) { struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx; + enum sshkey_fp_rep rep; + int fptype; + char *fp; + fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; + rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; + if (l->status == HKF_STATUS_MATCHED) { if (delete_host) { if (l->marker != MRK_NONE) { @@ -1087,7 +1103,12 @@ } if (hash_hosts) known_hosts_hash(l, ctx); - else + else if (print_fingerprint) { + fp = sshkey_fingerprint(l->key, fptype, rep); + printf("%s %s %s %s\n", ctx->host, + sshkey_type(l->key), fp, l->comment); + free(fp); + } else fprintf(ctx->out, "%s\n", l->line); return 0; } @@ -1108,6 +1129,7 @@ char *cp, tmp[PATH_MAX], old[PATH_MAX]; int r, fd, oerrno, inplace = 0; struct known_hosts_ctx ctx; + u_int foreach_options; if (!have_identity) { cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); @@ -1144,9 +1166,11 @@ } /* XXX support identity_file == "-" for stdin */ + foreach_options = find_host ? HKF_WANT_MATCH : 0; + foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0; if ((r = hostkeys_foreach(identity_file, hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx, - name, NULL, find_host ? HKF_WANT_MATCH : 0)) != 0) + name, NULL, foreach_options)) != 0) fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); if (inplace) @@ -1572,7 +1596,7 @@ otmp = tmp = xstrdup(cert_principals); plist = NULL; for (; (cp = strsep(&tmp, ",")) != NULL; n++) { - plist = xrealloc(plist, n + 1, sizeof(*plist)); + plist = xreallocarray(plist, n + 1, sizeof(*plist)); if (*(plist[n] = xstrdup(cp)) == '\0') fatal("Empty principal name"); } @@ -2543,7 +2567,7 @@ } if (key_type_name == NULL) - key_type_name = "rsa"; + key_type_name = DEFAULT_KEY_TYPE_NAME; type = sshkey_type_from_name(key_type_name); type_bits_valid(type, key_type_name, &bits);