diff options
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 42 |
1 files changed, 28 insertions, 14 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 2a7939bfc..f17af036b 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.292 2016/09/12 03:29:16 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.299 2017/03/10 04:26:06 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -37,6 +37,7 @@ | |||
37 | #include <string.h> | 37 | #include <string.h> |
38 | #include <unistd.h> | 38 | #include <unistd.h> |
39 | #include <limits.h> | 39 | #include <limits.h> |
40 | #include <locale.h> | ||
40 | 41 | ||
41 | #include "xmalloc.h" | 42 | #include "xmalloc.h" |
42 | #include "sshkey.h" | 43 | #include "sshkey.h" |
@@ -57,6 +58,7 @@ | |||
57 | #include "atomicio.h" | 58 | #include "atomicio.h" |
58 | #include "krl.h" | 59 | #include "krl.h" |
59 | #include "digest.h" | 60 | #include "digest.h" |
61 | #include "utf8.h" | ||
60 | 62 | ||
61 | #ifdef WITH_OPENSSL | 63 | #ifdef WITH_OPENSSL |
62 | # define DEFAULT_KEY_TYPE_NAME "rsa" | 64 | # define DEFAULT_KEY_TYPE_NAME "rsa" |
@@ -843,7 +845,7 @@ fingerprint_one_key(const struct sshkey *public, const char *comment) | |||
843 | ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART); | 845 | ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART); |
844 | if (fp == NULL || ra == NULL) | 846 | if (fp == NULL || ra == NULL) |
845 | fatal("%s: sshkey_fingerprint failed", __func__); | 847 | fatal("%s: sshkey_fingerprint failed", __func__); |
846 | printf("%u %s %s (%s)\n", sshkey_size(public), fp, | 848 | mprintf("%u %s %s (%s)\n", sshkey_size(public), fp, |
847 | comment ? comment : "no comment", sshkey_type(public)); | 849 | comment ? comment : "no comment", sshkey_type(public)); |
848 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | 850 | if (log_level >= SYSLOG_LEVEL_VERBOSE) |
849 | printf("%s\n", ra); | 851 | printf("%s\n", ra); |
@@ -1082,6 +1084,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) | |||
1082 | struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx; | 1084 | struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx; |
1083 | char *hashed, *cp, *hosts, *ohosts; | 1085 | char *hashed, *cp, *hosts, *ohosts; |
1084 | int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts); | 1086 | int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts); |
1087 | int was_hashed = l->hosts && l->hosts[0] == HASH_DELIM; | ||
1085 | 1088 | ||
1086 | switch (l->status) { | 1089 | switch (l->status) { |
1087 | case HKF_STATUS_OK: | 1090 | case HKF_STATUS_OK: |
@@ -1090,11 +1093,10 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) | |||
1090 | * Don't hash hosts already already hashed, with wildcard | 1093 | * Don't hash hosts already already hashed, with wildcard |
1091 | * characters or a CA/revocation marker. | 1094 | * characters or a CA/revocation marker. |
1092 | */ | 1095 | */ |
1093 | if ((l->match & HKF_MATCH_HOST_HASHED) != 0 || | 1096 | if (was_hashed || has_wild || l->marker != MRK_NONE) { |
1094 | has_wild || l->marker != MRK_NONE) { | ||
1095 | fprintf(ctx->out, "%s\n", l->line); | 1097 | fprintf(ctx->out, "%s\n", l->line); |
1096 | if (has_wild && !find_host) { | 1098 | if (has_wild && !find_host) { |
1097 | logit("%s:%ld: ignoring host name " | 1099 | logit("%s:%lu: ignoring host name " |
1098 | "with wildcard: %.64s", l->path, | 1100 | "with wildcard: %.64s", l->path, |
1099 | l->linenum, l->hosts); | 1101 | l->linenum, l->hosts); |
1100 | } | 1102 | } |
@@ -1106,6 +1108,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) | |||
1106 | */ | 1108 | */ |
1107 | ohosts = hosts = xstrdup(l->hosts); | 1109 | ohosts = hosts = xstrdup(l->hosts); |
1108 | while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') { | 1110 | while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') { |
1111 | lowercase(cp); | ||
1109 | if ((hashed = host_hash(cp, NULL, 0)) == NULL) | 1112 | if ((hashed = host_hash(cp, NULL, 0)) == NULL) |
1110 | fatal("hash_host failed"); | 1113 | fatal("hash_host failed"); |
1111 | fprintf(ctx->out, "%s %s\n", hashed, l->rawkey); | 1114 | fprintf(ctx->out, "%s %s\n", hashed, l->rawkey); |
@@ -1116,7 +1119,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx) | |||
1116 | case HKF_STATUS_INVALID: | 1119 | case HKF_STATUS_INVALID: |
1117 | /* Retain invalid lines, but mark file as invalid. */ | 1120 | /* Retain invalid lines, but mark file as invalid. */ |
1118 | ctx->invalid = 1; | 1121 | ctx->invalid = 1; |
1119 | logit("%s:%ld: invalid line", l->path, l->linenum); | 1122 | logit("%s:%lu: invalid line", l->path, l->linenum); |
1120 | /* FALLTHROUGH */ | 1123 | /* FALLTHROUGH */ |
1121 | default: | 1124 | default: |
1122 | fprintf(ctx->out, "%s\n", l->line); | 1125 | fprintf(ctx->out, "%s\n", l->line); |
@@ -1150,14 +1153,14 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) | |||
1150 | */ | 1153 | */ |
1151 | ctx->found_key = 1; | 1154 | ctx->found_key = 1; |
1152 | if (!quiet) | 1155 | if (!quiet) |
1153 | printf("# Host %s found: line %ld\n", | 1156 | printf("# Host %s found: line %lu\n", |
1154 | ctx->host, l->linenum); | 1157 | ctx->host, l->linenum); |
1155 | } | 1158 | } |
1156 | return 0; | 1159 | return 0; |
1157 | } else if (find_host) { | 1160 | } else if (find_host) { |
1158 | ctx->found_key = 1; | 1161 | ctx->found_key = 1; |
1159 | if (!quiet) { | 1162 | if (!quiet) { |
1160 | printf("# Host %s found: line %ld %s\n", | 1163 | printf("# Host %s found: line %lu %s\n", |
1161 | ctx->host, | 1164 | ctx->host, |
1162 | l->linenum, l->marker == MRK_CA ? "CA" : | 1165 | l->linenum, l->marker == MRK_CA ? "CA" : |
1163 | (l->marker == MRK_REVOKE ? "REVOKED" : "")); | 1166 | (l->marker == MRK_REVOKE ? "REVOKED" : "")); |
@@ -1166,7 +1169,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) | |||
1166 | known_hosts_hash(l, ctx); | 1169 | known_hosts_hash(l, ctx); |
1167 | else if (print_fingerprint) { | 1170 | else if (print_fingerprint) { |
1168 | fp = sshkey_fingerprint(l->key, fptype, rep); | 1171 | fp = sshkey_fingerprint(l->key, fptype, rep); |
1169 | printf("%s %s %s %s\n", ctx->host, | 1172 | mprintf("%s %s %s %s\n", ctx->host, |
1170 | sshkey_type(l->key), fp, l->comment); | 1173 | sshkey_type(l->key), fp, l->comment); |
1171 | free(fp); | 1174 | free(fp); |
1172 | } else | 1175 | } else |
@@ -1177,7 +1180,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) | |||
1177 | /* Retain non-matching hosts when deleting */ | 1180 | /* Retain non-matching hosts when deleting */ |
1178 | if (l->status == HKF_STATUS_INVALID) { | 1181 | if (l->status == HKF_STATUS_INVALID) { |
1179 | ctx->invalid = 1; | 1182 | ctx->invalid = 1; |
1180 | logit("%s:%ld: invalid line", l->path, l->linenum); | 1183 | logit("%s:%lu: invalid line", l->path, l->linenum); |
1181 | } | 1184 | } |
1182 | fprintf(ctx->out, "%s\n", l->line); | 1185 | fprintf(ctx->out, "%s\n", l->line); |
1183 | } | 1186 | } |
@@ -1317,7 +1320,7 @@ do_change_passphrase(struct passwd *pw) | |||
1317 | fatal("Failed to load key %s: %s", identity_file, ssh_err(r)); | 1320 | fatal("Failed to load key %s: %s", identity_file, ssh_err(r)); |
1318 | } | 1321 | } |
1319 | if (comment) | 1322 | if (comment) |
1320 | printf("Key has comment '%s'\n", comment); | 1323 | mprintf("Key has comment '%s'\n", comment); |
1321 | 1324 | ||
1322 | /* Ask the new passphrase (twice). */ | 1325 | /* Ask the new passphrase (twice). */ |
1323 | if (identity_new_passphrase) { | 1326 | if (identity_new_passphrase) { |
@@ -1441,7 +1444,10 @@ do_change_comment(struct passwd *pw) | |||
1441 | sshkey_free(private); | 1444 | sshkey_free(private); |
1442 | exit(1); | 1445 | exit(1); |
1443 | } | 1446 | } |
1444 | printf("Key now has comment '%s'\n", comment); | 1447 | if (comment) |
1448 | printf("Key now has comment '%s'\n", comment); | ||
1449 | else | ||
1450 | printf("Key now has no comment\n"); | ||
1445 | 1451 | ||
1446 | if (identity_comment) { | 1452 | if (identity_comment) { |
1447 | strlcpy(new_comment, identity_comment, sizeof(new_comment)); | 1453 | strlcpy(new_comment, identity_comment, sizeof(new_comment)); |
@@ -2203,11 +2209,17 @@ do_check_krl(struct passwd *pw, int argc, char **argv) | |||
2203 | exit(ret); | 2209 | exit(ret); |
2204 | } | 2210 | } |
2205 | 2211 | ||
2212 | #ifdef WITH_SSH1 | ||
2213 | # define RSA1_USAGE " | rsa1" | ||
2214 | #else | ||
2215 | # define RSA1_USAGE "" | ||
2216 | #endif | ||
2217 | |||
2206 | static void | 2218 | static void |
2207 | usage(void) | 2219 | usage(void) |
2208 | { | 2220 | { |
2209 | fprintf(stderr, | 2221 | fprintf(stderr, |
2210 | "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]\n" | 2222 | "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa%s]\n" |
2211 | " [-N new_passphrase] [-C comment] [-f output_keyfile]\n" | 2223 | " [-N new_passphrase] [-C comment] [-f output_keyfile]\n" |
2212 | " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" | 2224 | " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" |
2213 | " ssh-keygen -i [-m key_format] [-f input_keyfile]\n" | 2225 | " ssh-keygen -i [-m key_format] [-f input_keyfile]\n" |
@@ -2215,7 +2227,7 @@ usage(void) | |||
2215 | " ssh-keygen -y [-f input_keyfile]\n" | 2227 | " ssh-keygen -y [-f input_keyfile]\n" |
2216 | " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" | 2228 | " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" |
2217 | " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n" | 2229 | " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n" |
2218 | " ssh-keygen -B [-f input_keyfile]\n"); | 2230 | " ssh-keygen -B [-f input_keyfile]\n", RSA1_USAGE); |
2219 | #ifdef ENABLE_PKCS11 | 2231 | #ifdef ENABLE_PKCS11 |
2220 | fprintf(stderr, | 2232 | fprintf(stderr, |
2221 | " ssh-keygen -D pkcs11\n"); | 2233 | " ssh-keygen -D pkcs11\n"); |
@@ -2280,6 +2292,8 @@ main(int argc, char **argv) | |||
2280 | 2292 | ||
2281 | seed_rng(); | 2293 | seed_rng(); |
2282 | 2294 | ||
2295 | msetlocale(); | ||
2296 | |||
2283 | /* we need this for the home * directory. */ | 2297 | /* we need this for the home * directory. */ |
2284 | pw = getpwuid(getuid()); | 2298 | pw = getpwuid(getuid()); |
2285 | if (!pw) | 2299 | if (!pw) |