- markus@cvs.openbsd.org 2001/06/24 05:35:33

[openssh.git] / ssh-keygen.c

diff --git a/ssh-keygen.c b/ssh-keygen.c
index bd7eea9af78211636e0ce5a45fd5d6b341a51a33..95fcd6521b77b91b5695a653222eea28d8f52462 100644 (file)
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.62 2001/06/23 06:41:10 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.65 2001/06/24 05:35:33 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -79,7 +79,7 @@ char *__progname;
 
 char hostname[MAXHOSTNAMELEN];
 
-void
+static void
 ask_filename(struct passwd *pw, const char *prompt)
 {
        char buf[1024];
@@ -112,7 +112,7 @@ ask_filename(struct passwd *pw, const char *prompt)
        have_identity = 1;
 }
 
-Key *
+static Key *
 load_identity(char *filename)
 {
        char *pass;
@@ -123,7 +123,8 @@ load_identity(char *filename)
                if (identity_passphrase)
                        pass = xstrdup(identity_passphrase);
                else
-                       pass = read_passphrase("Enter passphrase: ", 1);
+                       pass = read_passphrase("Enter passphrase: ",
+                           RP_ALLOW_STDIN);
                prv = key_load_private(filename, pass, NULL);
                memset(pass, 0, strlen(pass));
                xfree(pass);
@@ -136,7 +137,7 @@ load_identity(char *filename)
 #define SSH_COM_PRIVATE_BEGIN          "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----"
 #define        SSH_COM_PRIVATE_KEY_MAGIC       0x3f6ff9eb
 
-void
+static void
 do_convert_to_ssh2(struct passwd *pw)
 {
        Key *k;
@@ -169,7 +170,7 @@ do_convert_to_ssh2(struct passwd *pw)
        exit(0);
 }
 
-void
+static void
 buffer_get_bignum_bits(Buffer *b, BIGNUM *value)
 {
        int bits = buffer_get_int(b);
@@ -182,14 +183,16 @@ buffer_get_bignum_bits(Buffer *b, BIGNUM *value)
        buffer_consume(b, bytes);
 }
 
-Key *
+static Key *
 do_convert_private_ssh2_from_blob(char *blob, int blen)
 {
        Buffer b;
        Key *key = NULL;
+       char *type, *cipher;
+       u_char *sig, data[10] = "abcde12345";
        int magic, rlen, ktype, i1, i2, i3, i4;
+       u_int slen;
        u_long e;
-       char *type, *cipher;
 
        buffer_init(&b);
        buffer_append(&b, blob, blen);
@@ -264,20 +267,15 @@ do_convert_private_ssh2_from_blob(char *blob, int blen)
                error("do_convert_private_ssh2_from_blob: "
                    "remaining bytes in key blob %d", rlen);
        buffer_free(&b);
-#ifdef DEBUG_PK
-       {
-               u_int slen;
-               u_char *sig, data[10] = "abcde12345";
 
-               key_sign(key, &sig, &slen, data, sizeof(data));
-               key_verify(key, sig, slen, data, sizeof(data));
-               xfree(sig);
-       }
-#endif
+       /* try the key */
+       key_sign(key, &sig, &slen, data, sizeof(data));
+       key_verify(key, sig, slen, data, sizeof(data));
+       xfree(sig);
        return key;
 }
 
-void
+static void
 do_convert_from_ssh2(struct passwd *pw)
 {
        Key *k;
@@ -312,6 +310,9 @@ do_convert_from_ssh2(struct passwd *pw)
                    strstr(line, ": ") != NULL) {
                        if (strstr(line, SSH_COM_PRIVATE_BEGIN) != NULL)
                                private = 1;
+                       if (strstr(line, " END ") != NULL) {
+                               break;
+                       }
                        /* fprintf(stderr, "ignore: %s", line); */
                        continue;
                }
@@ -350,7 +351,7 @@ do_convert_from_ssh2(struct passwd *pw)
        exit(0);
 }
 
-void
+static void
 do_print_public(struct passwd *pw)
 {
        Key *prv;
@@ -374,7 +375,7 @@ do_print_public(struct passwd *pw)
        exit(0);
 }
 
-void
+static void
 do_fingerprint(struct passwd *pw)
 {
        FILE *f;
@@ -471,7 +472,7 @@ do_fingerprint(struct passwd *pw)
  * Perform changing a passphrase.  The argument is the passwd structure
  * for the current user.
  */
-void
+static void
 do_change_passphrase(struct passwd *pw)
 {
        char *comment;
@@ -491,8 +492,11 @@ do_change_passphrase(struct passwd *pw)
                if (identity_passphrase)
                        old_passphrase = xstrdup(identity_passphrase);
                else
-                       old_passphrase = read_passphrase("Enter old passphrase: ", 1);
-               private = key_load_private(identity_file, old_passphrase , &comment);
+                       old_passphrase =
+                           read_passphrase("Enter old passphrase: ",
+                           RP_ALLOW_STDIN);
+               private = key_load_private(identity_file, old_passphrase,
+                   &comment);
                memset(old_passphrase, 0, strlen(old_passphrase));
                xfree(old_passphrase);
                if (private == NULL) {
@@ -508,8 +512,10 @@ do_change_passphrase(struct passwd *pw)
                passphrase2 = NULL;
        } else {
                passphrase1 =
-                       read_passphrase("Enter new passphrase (empty for no passphrase): ", 1);
-               passphrase2 = read_passphrase("Enter same passphrase again: ", 1);
+                       read_passphrase("Enter new passphrase (empty for no "
+                           "passphrase): ", RP_ALLOW_STDIN);
+               passphrase2 = read_passphrase("Enter same passphrase again: ",
+                    RP_ALLOW_STDIN);
 
                /* Verify that they are the same. */
                if (strcmp(passphrase1, passphrase2) != 0) {
@@ -547,7 +553,7 @@ do_change_passphrase(struct passwd *pw)
 /*
  * Change the comment of a private key file.
  */
-void
+static void
 do_change_comment(struct passwd *pw)
 {
        char new_comment[1024], *comment, *passphrase;
@@ -570,7 +576,8 @@ do_change_comment(struct passwd *pw)
                else if (identity_new_passphrase)
                        passphrase = xstrdup(identity_new_passphrase);
                else
-                       passphrase = read_passphrase("Enter passphrase: ", 1);
+                       passphrase = read_passphrase("Enter passphrase: ",
+                           RP_ALLOW_STDIN);
                /* Try to load using the passphrase. */
                private = key_load_private(identity_file, passphrase, &comment);
                if (private == NULL) {
@@ -640,7 +647,7 @@ do_change_comment(struct passwd *pw)
        exit(0);
 }
 
-void
+static void
 usage(void)
 {
        printf("Usage: %s [-ceilpqyB] [-t type] [-b bits] [-f file] [-C comment] "
@@ -830,10 +837,15 @@ main(int ac, char **av)
        else {
 passphrase_again:
                passphrase1 =
-                       read_passphrase("Enter passphrase (empty for no passphrase): ", 1);
-               passphrase2 = read_passphrase("Enter same passphrase again: ", 1);
+                       read_passphrase("Enter passphrase (empty for no "
+                           "passphrase): ", RP_ALLOW_STDIN);
+               passphrase2 = read_passphrase("Enter same passphrase again: ",
+                   RP_ALLOW_STDIN);
                if (strcmp(passphrase1, passphrase2) != 0) {
-                       /* The passphrases do not match.  Clear them and retry. */
+                       /*
+                        * The passphrases do not match.  Clear them and
+                        * retry.
+                        */
                        memset(passphrase1, 0, strlen(passphrase1));
                        memset(passphrase2, 0, strlen(passphrase2));
                        xfree(passphrase1);