X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/c1cb7bae1a56520c8bc58c1753faddacb16ac646..048acbeb927b418d5d9d351cfa07b9d087193038:/ssh-keygen.c

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 84f13c42..a03c6575 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.141 2006/03/25 13:17:02 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.166 2008/05/19 15:46:31 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -15,10 +15,26 @@
 #include "includes.h"
 
 #include <sys/types.h>
+#include <sys/socket.h>
 #include <sys/stat.h>
+#include <sys/param.h>
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
+#include "openbsd-compat/openssl-compat.h"
+
+#include <errno.h>
+#include <fcntl.h>
+#include <netdb.h>
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+#include <pwd.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
 
 #include "xmalloc.h"
 #include "key.h"
@@ -26,17 +42,16 @@
 #include "authfile.h"
 #include "uuencode.h"
 #include "buffer.h"
-#include "bufaux.h"
 #include "pathnames.h"
 #include "log.h"
 #include "misc.h"
 #include "match.h"
 #include "hostfile.h"
+#include "dns.h"
 
 #ifdef SMARTCARD
 #include "scard.h"
 #endif
-#include "dns.h"
 
 /* Number of bits in the RSA/DSA key.  This value can be set on the command line. */
 #define DEFAULT_BITS		2048
@@ -127,8 +142,7 @@ ask_filename(struct passwd *pw, const char *prompt)
 	fprintf(stderr, "%s (%s): ", prompt, identity_file);
 	if (fgets(buf, sizeof(buf), stdin) == NULL)
 		exit(1);
-	if (strchr(buf, '\n'))
-		*strchr(buf, '\n') = 0;
+	buf[strcspn(buf, "\n")] = '\0';
 	if (strcmp(buf, "") != 0)
 		strlcpy(identity_file, buf, sizeof(identity_file));
 	have_identity = 1;
@@ -208,7 +222,8 @@ buffer_get_bignum_bits(Buffer *b, BIGNUM *value)
 	if (buffer_len(b) < bytes)
 		fatal("buffer_get_bignum_bits: input buffer too small: "
 		    "need %d have %d", bytes, buffer_len(b));
-	BN_bin2bn(buffer_ptr(b), bytes, value);
+	if (BN_bin2bn(buffer_ptr(b), bytes, value) == NULL)
+		fatal("buffer_get_bignum_bits: BN_bin2bn failed");
 	buffer_consume(b, bytes);
 }
 
@@ -226,7 +241,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
 	buffer_init(&b);
 	buffer_append(&b, blob, blen);
 
-	magic  = buffer_get_int(&b);
+	magic = buffer_get_int(&b);
 	if (magic != SSH_COM_PRIVATE_KEY_MAGIC) {
 		error("bad magic 0x%x != 0x%x", magic, SSH_COM_PRIVATE_KEY_MAGIC);
 		buffer_free(&b);
@@ -238,7 +253,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
 	i2 = buffer_get_int(&b);
 	i3 = buffer_get_int(&b);
 	i4 = buffer_get_int(&b);
-	debug("ignore (%d %d %d %d)", i1,i2,i3,i4);
+	debug("ignore (%d %d %d %d)", i1, i2, i3, i4);
 	if (strcmp(cipher, "none") != 0) {
 		error("unsupported cipher %s", cipher);
 		xfree(cipher);
@@ -269,7 +284,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
 		buffer_get_bignum_bits(&b, key->dsa->priv_key);
 		break;
 	case KEY_RSA:
-		e  = buffer_get_char(&b);
+		e = buffer_get_char(&b);
 		debug("e %lx", e);
 		if (e < 30) {
 			e <<= 8;
@@ -331,7 +346,8 @@ get_line(FILE *fp, char *line, size_t len)
 		line[pos++] = c;
 		line[pos] = '\0';
 	}
-	return pos;
+	/* We reached EOF */
+	return -1;
 }
 
 static void
@@ -489,7 +505,7 @@ do_fingerprint(struct passwd *pw)
 	FILE *f;
 	Key *public;
 	char *comment = NULL, *cp, *ep, line[16*1024], *fp;
-	int i, skip = 0, num = 1, invalid = 1;
+	int i, skip = 0, num = 0, invalid = 1;
 	enum fp_rep rep;
 	enum fp_type fptype;
 	struct stat st;
@@ -512,15 +528,17 @@ do_fingerprint(struct passwd *pw)
 		xfree(fp);
 		exit(0);
 	}
-	if (comment)
+	if (comment) {
 		xfree(comment);
+		comment = NULL;
+	}
 
 	f = fopen(identity_file, "r");
 	if (f != NULL) {
 		while (fgets(line, sizeof(line), f)) {
-			i = strlen(line) - 1;
-			if (line[i] != '\n') {
-				error("line %d too long: %.40s...", num, line);
+			if ((cp = strchr(line, '\n')) == NULL) {
+				error("line %d too long: %.40s...",
+				    num + 1, line);
 				skip = 1;
 				continue;
 			}
@@ -529,13 +547,13 @@ do_fingerprint(struct passwd *pw)
 				skip = 0;
 				continue;
 			}
-			line[i] = '\0';
+			*cp = '\0';
 
 			/* Skip leading whitespace, empty and comment lines. */
 			for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
 				;
 			if (!*cp || *cp == '\n' || *cp == '#')
-				continue ;
+				continue;
 			i = strtol(cp, &ep, 10);
 			if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) {
 				int quoted = 0;
@@ -580,14 +598,26 @@ do_fingerprint(struct passwd *pw)
 }
 
 static void
-print_host(FILE *f, char *name, Key *public, int hash)
+print_host(FILE *f, const char *name, Key *public, int hash)
 {
-	if (hash && (name = host_hash(name, NULL, 0)) == NULL)
-		fatal("hash_host failed");
-	fprintf(f, "%s ", name);
-	if (!key_write(public, f))
-		fatal("key_write failed");
-	fprintf(f, "\n");
+	if (print_fingerprint) {
+		enum fp_rep rep;
+		enum fp_type fptype;
+		char *fp;
+
+		fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5;
+		rep =    print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;
+		fp = key_fingerprint(public, fptype, rep);
+		printf("%u %s %s\n", key_size(public), fp, name);
+		xfree(fp);
+	} else {
+		if (hash && (name = host_hash(name, NULL, 0)) == NULL)
+			fatal("hash_host failed");
+		fprintf(f, "%s ", name);
+		if (!key_write(public, f))
+			fatal("key_write failed");
+		fprintf(f, "\n");
+	}
 }
 
 static void
@@ -597,7 +627,7 @@ do_known_hosts(struct passwd *pw, const char *name)
 	Key *public;
 	char *cp, *cp2, *kp, *kp2;
 	char line[16*1024], tmp[MAXPATHLEN], old[MAXPATHLEN];
-	int c, i, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0;
+	int c, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0;
 
 	if (!have_identity) {
 		cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
@@ -632,19 +662,18 @@ do_known_hosts(struct passwd *pw, const char *name)
 	}
 
 	while (fgets(line, sizeof(line), in)) {
-		num++;
-		i = strlen(line) - 1;
-		if (line[i] != '\n') {
-			error("line %d too long: %.40s...", num, line);
+		if ((cp = strchr(line, '\n')) == NULL) {
+			error("line %d too long: %.40s...", num + 1, line);
 			skip = 1;
 			invalid = 1;
 			continue;
 		}
+		num++;
 		if (skip) {
 			skip = 0;
 			continue;
 		}
-		line[i] = '\0';
+		*cp = '\0';
 
 		/* Skip leading whitespace, empty and comment lines. */
 		for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -708,7 +737,8 @@ do_known_hosts(struct passwd *pw, const char *name)
 					printf("# Host %s found: "
 					    "line %d type %s\n", name,
 					    num, key_type(public));
-					print_host(out, cp, public, hash_hosts);
+					print_host(out, name, public,
+					    hash_hosts);
 				}
 				if (delete_host && !c)
 					print_host(out, cp, public, 0);
@@ -732,7 +762,7 @@ do_known_hosts(struct passwd *pw, const char *name)
 	fclose(in);
 
 	if (invalid) {
-		fprintf(stderr, "%s is not a valid known_host file.\n",
+		fprintf(stderr, "%s is not a valid known_hosts file.\n",
 		    identity_file);
 		if (inplace) {
 			fprintf(stderr, "Not replacing existing known_hosts "
@@ -944,8 +974,7 @@ do_change_comment(struct passwd *pw)
 			key_free(private);
 			exit(1);
 		}
-		if (strchr(new_comment, '\n'))
-			*strchr(new_comment, '\n') = 0;
+		new_comment[strcspn(new_comment, "\n")] = '\0';
 	}
 
 	/* Save the file using the new passphrase. */
@@ -988,7 +1017,7 @@ do_change_comment(struct passwd *pw)
 static void
 usage(void)
 {
-	fprintf(stderr, "Usage: %s [options]\n", __progname);
+	fprintf(stderr, "usage: %s [options]\n", __progname);
 	fprintf(stderr, "Options:\n");
 	fprintf(stderr, "  -a trials   Number of trials for screening DH-GEX moduli.\n");
 	fprintf(stderr, "  -B          Show bubblebabble digest of key file.\n");
@@ -998,13 +1027,13 @@ usage(void)
 #ifdef SMARTCARD
 	fprintf(stderr, "  -D reader   Download public key from smartcard.\n");
 #endif /* SMARTCARD */
-	fprintf(stderr, "  -e          Convert OpenSSH to IETF SECSH key file.\n");
+	fprintf(stderr, "  -e          Convert OpenSSH to RFC 4716 key file.\n");
 	fprintf(stderr, "  -F hostname Find hostname in known hosts file.\n");
 	fprintf(stderr, "  -f filename Filename of the key file.\n");
 	fprintf(stderr, "  -G file     Generate candidates for DH-GEX moduli.\n");
 	fprintf(stderr, "  -g          Use generic DNS resource record format.\n");
 	fprintf(stderr, "  -H          Hash names in known_hosts file.\n");
-	fprintf(stderr, "  -i          Convert IETF SECSH to OpenSSH key file.\n");
+	fprintf(stderr, "  -i          Convert RFC 4716 to OpenSSH key file.\n");
 	fprintf(stderr, "  -l          Show fingerprint of key file.\n");
 	fprintf(stderr, "  -M memory   Amount of memory (MB) to use for generating DH-GEX moduli.\n");
 	fprintf(stderr, "  -N phrase   Provide new passphrase.\n");
@@ -1030,7 +1059,7 @@ usage(void)
  * Main program for key management.
  */
 int
-main(int ac, char **av)
+main(int argc, char **argv)
 {
 	char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;
 	char out_file[MAXPATHLEN], *reader_id = NULL;
@@ -1052,10 +1081,10 @@ main(int ac, char **av)
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
 
-	__progname = ssh_get_progname(av[0]);
+	__progname = ssh_get_progname(argv[0]);
 
 	SSLeay_add_all_algorithms();
-	log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
+	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
 
 	init_rng();
 	seed_rng();
@@ -1071,11 +1100,11 @@ main(int ac, char **av)
 		exit(1);
 	}
 
-	while ((opt = getopt(ac, av,
+	while ((opt = getopt(argc, argv,
 	    "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
 		switch (opt) {
 		case 'b':
-			bits = strtonum(optarg, 768, 32768, &errstr);
+			bits = (u_int32_t)strtonum(optarg, 768, 32768, &errstr);
 			if (errstr)
 				fatal("Bits has bad value %s (%s)",
 					optarg, errstr);
@@ -1162,19 +1191,20 @@ main(int ac, char **av)
 			rr_hostname = optarg;
 			break;
 		case 'W':
-			generator_wanted = strtonum(optarg, 1, UINT_MAX, &errstr);
+			generator_wanted = (u_int32_t)strtonum(optarg, 1,
+			    UINT_MAX, &errstr);
 			if (errstr)
 				fatal("Desired generator has bad value: %s (%s)",
 					optarg, errstr);
 			break;
 		case 'a':
-			trials = strtonum(optarg, 1, UINT_MAX, &errstr);
+			trials = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr);
 			if (errstr)
 				fatal("Invalid number of trials: %s (%s)",
 					optarg, errstr);
 			break;
 		case 'M':
-			memory = strtonum(optarg, 1, UINT_MAX, &errstr);
+			memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr);
 			if (errstr) {
 				fatal("Memory limit is %s: %s", errstr, optarg);
 			}
@@ -1203,9 +1233,9 @@ main(int ac, char **av)
 	}
 
 	/* reinit */
-	log_init(av[0], log_level, SYSLOG_FACILITY_USER, 1);
+	log_init(argv[0], log_level, SYSLOG_FACILITY_USER, 1);
 
-	if (optind < ac) {
+	if (optind < argc) {
 		printf("Too many arguments.\n");
 		usage();
 	}
@@ -1213,6 +1243,10 @@ main(int ac, char **av)
 		printf("Can only have one of -p and -c.\n");
 		usage();
 	}
+	if (print_fingerprint && (delete_host || hash_hosts)) {
+		printf("Cannot use -l with -D or -R.\n");
+		usage();
+	}
 	if (delete_host || hash_hosts || find_host)
 		do_known_hosts(pw, rr_hostname);
 	if (print_fingerprint || print_bubblebabble)