summaryrefslogtreecommitdiff
path: root/ssh-add.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2014-12-21 22:27:55 +0000
committerDamien Miller <djm@mindrot.org>2014-12-22 09:32:29 +1100
commit56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 (patch)
tree700a872e702c686c1815bb1049eb93e88079b598 /ssh-add.c
parent058f839fe15c51be8b3a844a76ab9a8db550be4f (diff)
upstream commit
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
Diffstat (limited to 'ssh-add.c')
-rw-r--r--ssh-add.c54
1 files changed, 41 insertions, 13 deletions
diff --git a/ssh-add.c b/ssh-add.c
index ba11aa150..3680ab07a 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-add.c,v 1.114 2014/11/26 18:34:51 millert Exp $ */ 1/* $OpenBSD: ssh-add.c,v 1.115 2014/12/21 22:27:56 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -63,6 +63,7 @@
63#include "pathnames.h" 63#include "pathnames.h"
64#include "misc.h" 64#include "misc.h"
65#include "ssherr.h" 65#include "ssherr.h"
66#include "digest.h"
66 67
67/* argv0 */ 68/* argv0 */
68extern char *__progname; 69extern char *__progname;
@@ -79,6 +80,8 @@ static char *default_files[] = {
79 NULL 80 NULL
80}; 81};
81 82
83static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
84
82/* Default lifetime (0 == forever) */ 85/* Default lifetime (0 == forever) */
83static int lifetime = 0; 86static int lifetime = 0;
84 87
@@ -340,8 +343,8 @@ list_identities(AuthenticationConnection *ac, int do_fp)
340 key = ssh_get_next_identity(ac, &comment, version)) { 343 key = ssh_get_next_identity(ac, &comment, version)) {
341 had_identities = 1; 344 had_identities = 1;
342 if (do_fp) { 345 if (do_fp) {
343 fp = key_fingerprint(key, SSH_FP_MD5, 346 fp = key_fingerprint(key, fingerprint_hash,
344 SSH_FP_HEX); 347 SSH_FP_DEFAULT);
345 printf("%d %s %s (%s)\n", 348 printf("%d %s %s (%s)\n",
346 key_size(key), fp, comment, key_type(key)); 349 key_size(key), fp, comment, key_type(key));
347 free(fp); 350 free(fp);
@@ -408,6 +411,7 @@ usage(void)
408 fprintf(stderr, "usage: %s [options] [file ...]\n", __progname); 411 fprintf(stderr, "usage: %s [options] [file ...]\n", __progname);
409 fprintf(stderr, "Options:\n"); 412 fprintf(stderr, "Options:\n");
410 fprintf(stderr, " -l List fingerprints of all identities.\n"); 413 fprintf(stderr, " -l List fingerprints of all identities.\n");
414 fprintf(stderr, " -E hash Specify hash algorithm used for fingerprints.\n");
411 fprintf(stderr, " -L List public key parameters of all identities.\n"); 415 fprintf(stderr, " -L List public key parameters of all identities.\n");
412 fprintf(stderr, " -k Load only keys and not certificates.\n"); 416 fprintf(stderr, " -k Load only keys and not certificates.\n");
413 fprintf(stderr, " -c Require confirmation to sign using identities\n"); 417 fprintf(stderr, " -c Require confirmation to sign using identities\n");
@@ -428,6 +432,7 @@ main(int argc, char **argv)
428 AuthenticationConnection *ac = NULL; 432 AuthenticationConnection *ac = NULL;
429 char *pkcs11provider = NULL; 433 char *pkcs11provider = NULL;
430 int i, ch, deleting = 0, ret = 0, key_only = 0; 434 int i, ch, deleting = 0, ret = 0, key_only = 0;
435 int xflag = 0, lflag = 0, Dflag = 0;
431 436
432 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 437 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
433 sanitise_stdfd(); 438 sanitise_stdfd();
@@ -446,21 +451,28 @@ main(int argc, char **argv)
446 "Could not open a connection to your authentication agent.\n"); 451 "Could not open a connection to your authentication agent.\n");
447 exit(2); 452 exit(2);
448 } 453 }
449 while ((ch = getopt(argc, argv, "klLcdDxXe:s:t:")) != -1) { 454 while ((ch = getopt(argc, argv, "klLcdDxXE:e:s:t:")) != -1) {
450 switch (ch) { 455 switch (ch) {
456 case 'E':
457 fingerprint_hash = ssh_digest_alg_by_name(optarg);
458 if (fingerprint_hash == -1)
459 fatal("Invalid hash algorithm \"%s\"", optarg);
460 break;
451 case 'k': 461 case 'k':
452 key_only = 1; 462 key_only = 1;
453 break; 463 break;
454 case 'l': 464 case 'l':
455 case 'L': 465 case 'L':
456 if (list_identities(ac, ch == 'l' ? 1 : 0) == -1) 466 if (lflag != 0)
457 ret = 1; 467 fatal("-%c flag already specified", lflag);
458 goto done; 468 lflag = ch;
469 break;
459 case 'x': 470 case 'x':
460 case 'X': 471 case 'X':
461 if (lock_agent(ac, ch == 'x' ? 1 : 0) == -1) 472 if (xflag != 0)
462 ret = 1; 473 fatal("-%c flag already specified", xflag);
463 goto done; 474 xflag = ch;
475 break;
464 case 'c': 476 case 'c':
465 confirm = 1; 477 confirm = 1;
466 break; 478 break;
@@ -468,9 +480,8 @@ main(int argc, char **argv)
468 deleting = 1; 480 deleting = 1;
469 break; 481 break;
470 case 'D': 482 case 'D':
471 if (delete_all(ac) == -1) 483 Dflag = 1;
472 ret = 1; 484 break;
473 goto done;
474 case 's': 485 case 's':
475 pkcs11provider = optarg; 486 pkcs11provider = optarg;
476 break; 487 break;
@@ -491,6 +502,23 @@ main(int argc, char **argv)
491 goto done; 502 goto done;
492 } 503 }
493 } 504 }
505
506 if ((xflag != 0) + (lflag != 0) + (Dflag != 0) > 1)
507 fatal("Invalid combination of actions");
508 else if (xflag) {
509 if (lock_agent(ac, xflag == 'x' ? 1 : 0) == -1)
510 ret = 1;
511 goto done;
512 } else if (lflag) {
513 if (list_identities(ac, lflag == 'l' ? 1 : 0) == -1)
514 ret = 1;
515 goto done;
516 } else if (Dflag) {
517 if (delete_all(ac) == -1)
518 ret = 1;
519 goto done;
520 }
521
494 argc -= optind; 522 argc -= optind;
495 argv += optind; 523 argv += optind;
496 if (pkcs11provider != NULL) { 524 if (pkcs11provider != NULL) {