diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2014-12-21 22:27:55 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-12-22 09:32:29 +1100 |
| commit | 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 (patch) | |
| tree | 700a872e702c686c1815bb1049eb93e88079b598 /ssh-add.c | |
| parent | 058f839fe15c51be8b3a844a76ab9a8db550be4f (diff) | |
upstream commit
Add FingerprintHash option to control algorithm used for
key fingerprints. Default changes from MD5 to SHA256 and format from hex to
base64.
Feedback and ok naddy@ markus@
Diffstat (limited to 'ssh-add.c')
| -rw-r--r-- | ssh-add.c | 54 |
1 files changed, 41 insertions, 13 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-add.c,v 1.114 2014/11/26 18:34:51 millert Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.115 2014/12/21 22:27:56 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -63,6 +63,7 @@ | |||
| 63 | #include "pathnames.h" | 63 | #include "pathnames.h" |
| 64 | #include "misc.h" | 64 | #include "misc.h" |
| 65 | #include "ssherr.h" | 65 | #include "ssherr.h" |
| 66 | #include "digest.h" | ||
| 66 | 67 | ||
| 67 | /* argv0 */ | 68 | /* argv0 */ |
| 68 | extern char *__progname; | 69 | extern char *__progname; |
| @@ -79,6 +80,8 @@ static char *default_files[] = { | |||
| 79 | NULL | 80 | NULL |
| 80 | }; | 81 | }; |
| 81 | 82 | ||
| 83 | static int fingerprint_hash = SSH_FP_HASH_DEFAULT; | ||
| 84 | |||
| 82 | /* Default lifetime (0 == forever) */ | 85 | /* Default lifetime (0 == forever) */ |
| 83 | static int lifetime = 0; | 86 | static int lifetime = 0; |
| 84 | 87 | ||
| @@ -340,8 +343,8 @@ list_identities(AuthenticationConnection *ac, int do_fp) | |||
| 340 | key = ssh_get_next_identity(ac, &comment, version)) { | 343 | key = ssh_get_next_identity(ac, &comment, version)) { |
| 341 | had_identities = 1; | 344 | had_identities = 1; |
| 342 | if (do_fp) { | 345 | if (do_fp) { |
| 343 | fp = key_fingerprint(key, SSH_FP_MD5, | 346 | fp = key_fingerprint(key, fingerprint_hash, |
| 344 | SSH_FP_HEX); | 347 | SSH_FP_DEFAULT); |
| 345 | printf("%d %s %s (%s)\n", | 348 | printf("%d %s %s (%s)\n", |
| 346 | key_size(key), fp, comment, key_type(key)); | 349 | key_size(key), fp, comment, key_type(key)); |
| 347 | free(fp); | 350 | free(fp); |
| @@ -408,6 +411,7 @@ usage(void) | |||
| 408 | fprintf(stderr, "usage: %s [options] [file ...]\n", __progname); | 411 | fprintf(stderr, "usage: %s [options] [file ...]\n", __progname); |
| 409 | fprintf(stderr, "Options:\n"); | 412 | fprintf(stderr, "Options:\n"); |
| 410 | fprintf(stderr, " -l List fingerprints of all identities.\n"); | 413 | fprintf(stderr, " -l List fingerprints of all identities.\n"); |
| 414 | fprintf(stderr, " -E hash Specify hash algorithm used for fingerprints.\n"); | ||
| 411 | fprintf(stderr, " -L List public key parameters of all identities.\n"); | 415 | fprintf(stderr, " -L List public key parameters of all identities.\n"); |
| 412 | fprintf(stderr, " -k Load only keys and not certificates.\n"); | 416 | fprintf(stderr, " -k Load only keys and not certificates.\n"); |
| 413 | fprintf(stderr, " -c Require confirmation to sign using identities\n"); | 417 | fprintf(stderr, " -c Require confirmation to sign using identities\n"); |
| @@ -428,6 +432,7 @@ main(int argc, char **argv) | |||
| 428 | AuthenticationConnection *ac = NULL; | 432 | AuthenticationConnection *ac = NULL; |
| 429 | char *pkcs11provider = NULL; | 433 | char *pkcs11provider = NULL; |
| 430 | int i, ch, deleting = 0, ret = 0, key_only = 0; | 434 | int i, ch, deleting = 0, ret = 0, key_only = 0; |
| 435 | int xflag = 0, lflag = 0, Dflag = 0; | ||
| 431 | 436 | ||
| 432 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 437 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
| 433 | sanitise_stdfd(); | 438 | sanitise_stdfd(); |
| @@ -446,21 +451,28 @@ main(int argc, char **argv) | |||
| 446 | "Could not open a connection to your authentication agent.\n"); | 451 | "Could not open a connection to your authentication agent.\n"); |
| 447 | exit(2); | 452 | exit(2); |
| 448 | } | 453 | } |
| 449 | while ((ch = getopt(argc, argv, "klLcdDxXe:s:t:")) != -1) { | 454 | while ((ch = getopt(argc, argv, "klLcdDxXE:e:s:t:")) != -1) { |
| 450 | switch (ch) { | 455 | switch (ch) { |
| 456 | case 'E': | ||
| 457 | fingerprint_hash = ssh_digest_alg_by_name(optarg); | ||
| 458 | if (fingerprint_hash == -1) | ||
| 459 | fatal("Invalid hash algorithm \"%s\"", optarg); | ||
| 460 | break; | ||
| 451 | case 'k': | 461 | case 'k': |
| 452 | key_only = 1; | 462 | key_only = 1; |
| 453 | break; | 463 | break; |
| 454 | case 'l': | 464 | case 'l': |
| 455 | case 'L': | 465 | case 'L': |
| 456 | if (list_identities(ac, ch == 'l' ? 1 : 0) == -1) | 466 | if (lflag != 0) |
| 457 | ret = 1; | 467 | fatal("-%c flag already specified", lflag); |
| 458 | goto done; | 468 | lflag = ch; |
| 469 | break; | ||
| 459 | case 'x': | 470 | case 'x': |
| 460 | case 'X': | 471 | case 'X': |
| 461 | if (lock_agent(ac, ch == 'x' ? 1 : 0) == -1) | 472 | if (xflag != 0) |
| 462 | ret = 1; | 473 | fatal("-%c flag already specified", xflag); |
| 463 | goto done; | 474 | xflag = ch; |
| 475 | break; | ||
| 464 | case 'c': | 476 | case 'c': |
| 465 | confirm = 1; | 477 | confirm = 1; |
| 466 | break; | 478 | break; |
| @@ -468,9 +480,8 @@ main(int argc, char **argv) | |||
| 468 | deleting = 1; | 480 | deleting = 1; |
| 469 | break; | 481 | break; |
| 470 | case 'D': | 482 | case 'D': |
| 471 | if (delete_all(ac) == -1) | 483 | Dflag = 1; |
| 472 | ret = 1; | 484 | break; |
| 473 | goto done; | ||
| 474 | case 's': | 485 | case 's': |
| 475 | pkcs11provider = optarg; | 486 | pkcs11provider = optarg; |
| 476 | break; | 487 | break; |
| @@ -491,6 +502,23 @@ main(int argc, char **argv) | |||
| 491 | goto done; | 502 | goto done; |
| 492 | } | 503 | } |
| 493 | } | 504 | } |
| 505 | |||
| 506 | if ((xflag != 0) + (lflag != 0) + (Dflag != 0) > 1) | ||
| 507 | fatal("Invalid combination of actions"); | ||
| 508 | else if (xflag) { | ||
| 509 | if (lock_agent(ac, xflag == 'x' ? 1 : 0) == -1) | ||
| 510 | ret = 1; | ||
| 511 | goto done; | ||
| 512 | } else if (lflag) { | ||
| 513 | if (list_identities(ac, lflag == 'l' ? 1 : 0) == -1) | ||
| 514 | ret = 1; | ||
| 515 | goto done; | ||
| 516 | } else if (Dflag) { | ||
| 517 | if (delete_all(ac) == -1) | ||
| 518 | ret = 1; | ||
| 519 | goto done; | ||
| 520 | } | ||
| 521 | |||
| 494 | argc -= optind; | 522 | argc -= optind; |
| 495 | argv += optind; | 523 | argv += optind; |
| 496 | if (pkcs11provider != NULL) { | 524 | if (pkcs11provider != NULL) { |