diff options
author | djm@openbsd.org <djm@openbsd.org> | 2014-12-21 22:27:55 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-12-22 09:32:29 +1100 |
commit | 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 (patch) | |
tree | 700a872e702c686c1815bb1049eb93e88079b598 /ssh-add.c | |
parent | 058f839fe15c51be8b3a844a76ab9a8db550be4f (diff) |
upstream commit
Add FingerprintHash option to control algorithm used for
key fingerprints. Default changes from MD5 to SHA256 and format from hex to
base64.
Feedback and ok naddy@ markus@
Diffstat (limited to 'ssh-add.c')
-rw-r--r-- | ssh-add.c | 54 |
1 files changed, 41 insertions, 13 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-add.c,v 1.114 2014/11/26 18:34:51 millert Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.115 2014/12/21 22:27:56 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -63,6 +63,7 @@ | |||
63 | #include "pathnames.h" | 63 | #include "pathnames.h" |
64 | #include "misc.h" | 64 | #include "misc.h" |
65 | #include "ssherr.h" | 65 | #include "ssherr.h" |
66 | #include "digest.h" | ||
66 | 67 | ||
67 | /* argv0 */ | 68 | /* argv0 */ |
68 | extern char *__progname; | 69 | extern char *__progname; |
@@ -79,6 +80,8 @@ static char *default_files[] = { | |||
79 | NULL | 80 | NULL |
80 | }; | 81 | }; |
81 | 82 | ||
83 | static int fingerprint_hash = SSH_FP_HASH_DEFAULT; | ||
84 | |||
82 | /* Default lifetime (0 == forever) */ | 85 | /* Default lifetime (0 == forever) */ |
83 | static int lifetime = 0; | 86 | static int lifetime = 0; |
84 | 87 | ||
@@ -340,8 +343,8 @@ list_identities(AuthenticationConnection *ac, int do_fp) | |||
340 | key = ssh_get_next_identity(ac, &comment, version)) { | 343 | key = ssh_get_next_identity(ac, &comment, version)) { |
341 | had_identities = 1; | 344 | had_identities = 1; |
342 | if (do_fp) { | 345 | if (do_fp) { |
343 | fp = key_fingerprint(key, SSH_FP_MD5, | 346 | fp = key_fingerprint(key, fingerprint_hash, |
344 | SSH_FP_HEX); | 347 | SSH_FP_DEFAULT); |
345 | printf("%d %s %s (%s)\n", | 348 | printf("%d %s %s (%s)\n", |
346 | key_size(key), fp, comment, key_type(key)); | 349 | key_size(key), fp, comment, key_type(key)); |
347 | free(fp); | 350 | free(fp); |
@@ -408,6 +411,7 @@ usage(void) | |||
408 | fprintf(stderr, "usage: %s [options] [file ...]\n", __progname); | 411 | fprintf(stderr, "usage: %s [options] [file ...]\n", __progname); |
409 | fprintf(stderr, "Options:\n"); | 412 | fprintf(stderr, "Options:\n"); |
410 | fprintf(stderr, " -l List fingerprints of all identities.\n"); | 413 | fprintf(stderr, " -l List fingerprints of all identities.\n"); |
414 | fprintf(stderr, " -E hash Specify hash algorithm used for fingerprints.\n"); | ||
411 | fprintf(stderr, " -L List public key parameters of all identities.\n"); | 415 | fprintf(stderr, " -L List public key parameters of all identities.\n"); |
412 | fprintf(stderr, " -k Load only keys and not certificates.\n"); | 416 | fprintf(stderr, " -k Load only keys and not certificates.\n"); |
413 | fprintf(stderr, " -c Require confirmation to sign using identities\n"); | 417 | fprintf(stderr, " -c Require confirmation to sign using identities\n"); |
@@ -428,6 +432,7 @@ main(int argc, char **argv) | |||
428 | AuthenticationConnection *ac = NULL; | 432 | AuthenticationConnection *ac = NULL; |
429 | char *pkcs11provider = NULL; | 433 | char *pkcs11provider = NULL; |
430 | int i, ch, deleting = 0, ret = 0, key_only = 0; | 434 | int i, ch, deleting = 0, ret = 0, key_only = 0; |
435 | int xflag = 0, lflag = 0, Dflag = 0; | ||
431 | 436 | ||
432 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 437 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
433 | sanitise_stdfd(); | 438 | sanitise_stdfd(); |
@@ -446,21 +451,28 @@ main(int argc, char **argv) | |||
446 | "Could not open a connection to your authentication agent.\n"); | 451 | "Could not open a connection to your authentication agent.\n"); |
447 | exit(2); | 452 | exit(2); |
448 | } | 453 | } |
449 | while ((ch = getopt(argc, argv, "klLcdDxXe:s:t:")) != -1) { | 454 | while ((ch = getopt(argc, argv, "klLcdDxXE:e:s:t:")) != -1) { |
450 | switch (ch) { | 455 | switch (ch) { |
456 | case 'E': | ||
457 | fingerprint_hash = ssh_digest_alg_by_name(optarg); | ||
458 | if (fingerprint_hash == -1) | ||
459 | fatal("Invalid hash algorithm \"%s\"", optarg); | ||
460 | break; | ||
451 | case 'k': | 461 | case 'k': |
452 | key_only = 1; | 462 | key_only = 1; |
453 | break; | 463 | break; |
454 | case 'l': | 464 | case 'l': |
455 | case 'L': | 465 | case 'L': |
456 | if (list_identities(ac, ch == 'l' ? 1 : 0) == -1) | 466 | if (lflag != 0) |
457 | ret = 1; | 467 | fatal("-%c flag already specified", lflag); |
458 | goto done; | 468 | lflag = ch; |
469 | break; | ||
459 | case 'x': | 470 | case 'x': |
460 | case 'X': | 471 | case 'X': |
461 | if (lock_agent(ac, ch == 'x' ? 1 : 0) == -1) | 472 | if (xflag != 0) |
462 | ret = 1; | 473 | fatal("-%c flag already specified", xflag); |
463 | goto done; | 474 | xflag = ch; |
475 | break; | ||
464 | case 'c': | 476 | case 'c': |
465 | confirm = 1; | 477 | confirm = 1; |
466 | break; | 478 | break; |
@@ -468,9 +480,8 @@ main(int argc, char **argv) | |||
468 | deleting = 1; | 480 | deleting = 1; |
469 | break; | 481 | break; |
470 | case 'D': | 482 | case 'D': |
471 | if (delete_all(ac) == -1) | 483 | Dflag = 1; |
472 | ret = 1; | 484 | break; |
473 | goto done; | ||
474 | case 's': | 485 | case 's': |
475 | pkcs11provider = optarg; | 486 | pkcs11provider = optarg; |
476 | break; | 487 | break; |
@@ -491,6 +502,23 @@ main(int argc, char **argv) | |||
491 | goto done; | 502 | goto done; |
492 | } | 503 | } |
493 | } | 504 | } |
505 | |||
506 | if ((xflag != 0) + (lflag != 0) + (Dflag != 0) > 1) | ||
507 | fatal("Invalid combination of actions"); | ||
508 | else if (xflag) { | ||
509 | if (lock_agent(ac, xflag == 'x' ? 1 : 0) == -1) | ||
510 | ret = 1; | ||
511 | goto done; | ||
512 | } else if (lflag) { | ||
513 | if (list_identities(ac, lflag == 'l' ? 1 : 0) == -1) | ||
514 | ret = 1; | ||
515 | goto done; | ||
516 | } else if (Dflag) { | ||
517 | if (delete_all(ac) == -1) | ||
518 | ret = 1; | ||
519 | goto done; | ||
520 | } | ||
521 | |||
494 | argc -= optind; | 522 | argc -= optind; |
495 | argv += optind; | 523 | argv += optind; |
496 | if (pkcs11provider != NULL) { | 524 | if (pkcs11provider != NULL) { |