diff options
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 1bbe0b0a8..106f1536d 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.220 2012/12/03 00:14:06 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.221 2013/01/03 23:22:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -723,15 +723,30 @@ do_download(struct passwd *pw) | |||
723 | #ifdef ENABLE_PKCS11 | 723 | #ifdef ENABLE_PKCS11 |
724 | Key **keys = NULL; | 724 | Key **keys = NULL; |
725 | int i, nkeys; | 725 | int i, nkeys; |
726 | enum fp_rep rep; | ||
727 | enum fp_type fptype; | ||
728 | char *fp, *ra; | ||
726 | 729 | ||
727 | pkcs11_init(0); | 730 | pkcs11_init(0); |
728 | nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys); | 731 | nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys); |
729 | if (nkeys <= 0) | 732 | if (nkeys <= 0) |
730 | fatal("cannot read public key from pkcs11"); | 733 | fatal("cannot read public key from pkcs11"); |
731 | for (i = 0; i < nkeys; i++) { | 734 | for (i = 0; i < nkeys; i++) { |
732 | key_write(keys[i], stdout); | 735 | if (print_fingerprint) { |
736 | fp = key_fingerprint(keys[i], fptype, rep); | ||
737 | ra = key_fingerprint(keys[i], SSH_FP_MD5, | ||
738 | SSH_FP_RANDOMART); | ||
739 | printf("%u %s %s (PKCS11 key)\n", key_size(keys[i]), | ||
740 | fp, key_type(keys[i])); | ||
741 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | ||
742 | printf("%s\n", ra); | ||
743 | xfree(ra); | ||
744 | xfree(fp); | ||
745 | } else { | ||
746 | key_write(keys[i], stdout); | ||
747 | fprintf(stdout, "\n"); | ||
748 | } | ||
733 | key_free(keys[i]); | 749 | key_free(keys[i]); |
734 | fprintf(stdout, "\n"); | ||
735 | } | 750 | } |
736 | xfree(keys); | 751 | xfree(keys); |
737 | pkcs11_terminate(); | 752 | pkcs11_terminate(); |
@@ -2177,7 +2192,7 @@ main(int argc, char **argv) | |||
2177 | usage(); | 2192 | usage(); |
2178 | } | 2193 | } |
2179 | if (print_fingerprint && (delete_host || hash_hosts)) { | 2194 | if (print_fingerprint && (delete_host || hash_hosts)) { |
2180 | printf("Cannot use -l with -D or -R.\n"); | 2195 | printf("Cannot use -l with -H or -R.\n"); |
2181 | usage(); | 2196 | usage(); |
2182 | } | 2197 | } |
2183 | if (ca_key_path != NULL) { | 2198 | if (ca_key_path != NULL) { |
@@ -2189,6 +2204,8 @@ main(int argc, char **argv) | |||
2189 | do_show_cert(pw); | 2204 | do_show_cert(pw); |
2190 | if (delete_host || hash_hosts || find_host) | 2205 | if (delete_host || hash_hosts || find_host) |
2191 | do_known_hosts(pw, rr_hostname); | 2206 | do_known_hosts(pw, rr_hostname); |
2207 | if (pkcs11provider != NULL) | ||
2208 | do_download(pw); | ||
2192 | if (print_fingerprint || print_bubblebabble) | 2209 | if (print_fingerprint || print_bubblebabble) |
2193 | do_fingerprint(pw); | 2210 | do_fingerprint(pw); |
2194 | if (change_passphrase) | 2211 | if (change_passphrase) |
@@ -2226,8 +2243,6 @@ main(int argc, char **argv) | |||
2226 | exit(0); | 2243 | exit(0); |
2227 | } | 2244 | } |
2228 | } | 2245 | } |
2229 | if (pkcs11provider != NULL) | ||
2230 | do_download(pw); | ||
2231 | 2246 | ||
2232 | if (do_gen_candidates) { | 2247 | if (do_gen_candidates) { |
2233 | FILE *out = fopen(out_file, "w"); | 2248 | FILE *out = fopen(out_file, "w"); |