summaryrefslogtreecommitdiff
path: root/ssh-keygen.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r--ssh-keygen.c42
1 files changed, 28 insertions, 14 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 2a7939bfc..f17af036b 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.292 2016/09/12 03:29:16 dtucker Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.299 2017/03/10 04:26:06 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -37,6 +37,7 @@
37#include <string.h> 37#include <string.h>
38#include <unistd.h> 38#include <unistd.h>
39#include <limits.h> 39#include <limits.h>
40#include <locale.h>
40 41
41#include "xmalloc.h" 42#include "xmalloc.h"
42#include "sshkey.h" 43#include "sshkey.h"
@@ -57,6 +58,7 @@
57#include "atomicio.h" 58#include "atomicio.h"
58#include "krl.h" 59#include "krl.h"
59#include "digest.h" 60#include "digest.h"
61#include "utf8.h"
60 62
61#ifdef WITH_OPENSSL 63#ifdef WITH_OPENSSL
62# define DEFAULT_KEY_TYPE_NAME "rsa" 64# define DEFAULT_KEY_TYPE_NAME "rsa"
@@ -843,7 +845,7 @@ fingerprint_one_key(const struct sshkey *public, const char *comment)
843 ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART); 845 ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART);
844 if (fp == NULL || ra == NULL) 846 if (fp == NULL || ra == NULL)
845 fatal("%s: sshkey_fingerprint failed", __func__); 847 fatal("%s: sshkey_fingerprint failed", __func__);
846 printf("%u %s %s (%s)\n", sshkey_size(public), fp, 848 mprintf("%u %s %s (%s)\n", sshkey_size(public), fp,
847 comment ? comment : "no comment", sshkey_type(public)); 849 comment ? comment : "no comment", sshkey_type(public));
848 if (log_level >= SYSLOG_LEVEL_VERBOSE) 850 if (log_level >= SYSLOG_LEVEL_VERBOSE)
849 printf("%s\n", ra); 851 printf("%s\n", ra);
@@ -1082,6 +1084,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
1082 struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx; 1084 struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
1083 char *hashed, *cp, *hosts, *ohosts; 1085 char *hashed, *cp, *hosts, *ohosts;
1084 int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts); 1086 int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
1087 int was_hashed = l->hosts && l->hosts[0] == HASH_DELIM;
1085 1088
1086 switch (l->status) { 1089 switch (l->status) {
1087 case HKF_STATUS_OK: 1090 case HKF_STATUS_OK:
@@ -1090,11 +1093,10 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
1090 * Don't hash hosts already already hashed, with wildcard 1093 * Don't hash hosts already already hashed, with wildcard
1091 * characters or a CA/revocation marker. 1094 * characters or a CA/revocation marker.
1092 */ 1095 */
1093 if ((l->match & HKF_MATCH_HOST_HASHED) != 0 || 1096 if (was_hashed || has_wild || l->marker != MRK_NONE) {
1094 has_wild || l->marker != MRK_NONE) {
1095 fprintf(ctx->out, "%s\n", l->line); 1097 fprintf(ctx->out, "%s\n", l->line);
1096 if (has_wild && !find_host) { 1098 if (has_wild && !find_host) {
1097 logit("%s:%ld: ignoring host name " 1099 logit("%s:%lu: ignoring host name "
1098 "with wildcard: %.64s", l->path, 1100 "with wildcard: %.64s", l->path,
1099 l->linenum, l->hosts); 1101 l->linenum, l->hosts);
1100 } 1102 }
@@ -1106,6 +1108,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
1106 */ 1108 */
1107 ohosts = hosts = xstrdup(l->hosts); 1109 ohosts = hosts = xstrdup(l->hosts);
1108 while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') { 1110 while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') {
1111 lowercase(cp);
1109 if ((hashed = host_hash(cp, NULL, 0)) == NULL) 1112 if ((hashed = host_hash(cp, NULL, 0)) == NULL)
1110 fatal("hash_host failed"); 1113 fatal("hash_host failed");
1111 fprintf(ctx->out, "%s %s\n", hashed, l->rawkey); 1114 fprintf(ctx->out, "%s %s\n", hashed, l->rawkey);
@@ -1116,7 +1119,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
1116 case HKF_STATUS_INVALID: 1119 case HKF_STATUS_INVALID:
1117 /* Retain invalid lines, but mark file as invalid. */ 1120 /* Retain invalid lines, but mark file as invalid. */
1118 ctx->invalid = 1; 1121 ctx->invalid = 1;
1119 logit("%s:%ld: invalid line", l->path, l->linenum); 1122 logit("%s:%lu: invalid line", l->path, l->linenum);
1120 /* FALLTHROUGH */ 1123 /* FALLTHROUGH */
1121 default: 1124 default:
1122 fprintf(ctx->out, "%s\n", l->line); 1125 fprintf(ctx->out, "%s\n", l->line);
@@ -1150,14 +1153,14 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
1150 */ 1153 */
1151 ctx->found_key = 1; 1154 ctx->found_key = 1;
1152 if (!quiet) 1155 if (!quiet)
1153 printf("# Host %s found: line %ld\n", 1156 printf("# Host %s found: line %lu\n",
1154 ctx->host, l->linenum); 1157 ctx->host, l->linenum);
1155 } 1158 }
1156 return 0; 1159 return 0;
1157 } else if (find_host) { 1160 } else if (find_host) {
1158 ctx->found_key = 1; 1161 ctx->found_key = 1;
1159 if (!quiet) { 1162 if (!quiet) {
1160 printf("# Host %s found: line %ld %s\n", 1163 printf("# Host %s found: line %lu %s\n",
1161 ctx->host, 1164 ctx->host,
1162 l->linenum, l->marker == MRK_CA ? "CA" : 1165 l->linenum, l->marker == MRK_CA ? "CA" :
1163 (l->marker == MRK_REVOKE ? "REVOKED" : "")); 1166 (l->marker == MRK_REVOKE ? "REVOKED" : ""));
@@ -1166,7 +1169,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
1166 known_hosts_hash(l, ctx); 1169 known_hosts_hash(l, ctx);
1167 else if (print_fingerprint) { 1170 else if (print_fingerprint) {
1168 fp = sshkey_fingerprint(l->key, fptype, rep); 1171 fp = sshkey_fingerprint(l->key, fptype, rep);
1169 printf("%s %s %s %s\n", ctx->host, 1172 mprintf("%s %s %s %s\n", ctx->host,
1170 sshkey_type(l->key), fp, l->comment); 1173 sshkey_type(l->key), fp, l->comment);
1171 free(fp); 1174 free(fp);
1172 } else 1175 } else
@@ -1177,7 +1180,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
1177 /* Retain non-matching hosts when deleting */ 1180 /* Retain non-matching hosts when deleting */
1178 if (l->status == HKF_STATUS_INVALID) { 1181 if (l->status == HKF_STATUS_INVALID) {
1179 ctx->invalid = 1; 1182 ctx->invalid = 1;
1180 logit("%s:%ld: invalid line", l->path, l->linenum); 1183 logit("%s:%lu: invalid line", l->path, l->linenum);
1181 } 1184 }
1182 fprintf(ctx->out, "%s\n", l->line); 1185 fprintf(ctx->out, "%s\n", l->line);
1183 } 1186 }
@@ -1317,7 +1320,7 @@ do_change_passphrase(struct passwd *pw)
1317 fatal("Failed to load key %s: %s", identity_file, ssh_err(r)); 1320 fatal("Failed to load key %s: %s", identity_file, ssh_err(r));
1318 } 1321 }
1319 if (comment) 1322 if (comment)
1320 printf("Key has comment '%s'\n", comment); 1323 mprintf("Key has comment '%s'\n", comment);
1321 1324
1322 /* Ask the new passphrase (twice). */ 1325 /* Ask the new passphrase (twice). */
1323 if (identity_new_passphrase) { 1326 if (identity_new_passphrase) {
@@ -1441,7 +1444,10 @@ do_change_comment(struct passwd *pw)
1441 sshkey_free(private); 1444 sshkey_free(private);
1442 exit(1); 1445 exit(1);
1443 } 1446 }
1444 printf("Key now has comment '%s'\n", comment); 1447 if (comment)
1448 printf("Key now has comment '%s'\n", comment);
1449 else
1450 printf("Key now has no comment\n");
1445 1451
1446 if (identity_comment) { 1452 if (identity_comment) {
1447 strlcpy(new_comment, identity_comment, sizeof(new_comment)); 1453 strlcpy(new_comment, identity_comment, sizeof(new_comment));
@@ -2203,11 +2209,17 @@ do_check_krl(struct passwd *pw, int argc, char **argv)
2203 exit(ret); 2209 exit(ret);
2204} 2210}
2205 2211
2212#ifdef WITH_SSH1
2213# define RSA1_USAGE " | rsa1"
2214#else
2215# define RSA1_USAGE ""
2216#endif
2217
2206static void 2218static void
2207usage(void) 2219usage(void)
2208{ 2220{
2209 fprintf(stderr, 2221 fprintf(stderr,
2210 "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]\n" 2222 "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa%s]\n"
2211 " [-N new_passphrase] [-C comment] [-f output_keyfile]\n" 2223 " [-N new_passphrase] [-C comment] [-f output_keyfile]\n"
2212 " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" 2224 " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n"
2213 " ssh-keygen -i [-m key_format] [-f input_keyfile]\n" 2225 " ssh-keygen -i [-m key_format] [-f input_keyfile]\n"
@@ -2215,7 +2227,7 @@ usage(void)
2215 " ssh-keygen -y [-f input_keyfile]\n" 2227 " ssh-keygen -y [-f input_keyfile]\n"
2216 " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" 2228 " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n"
2217 " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n" 2229 " ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n"
2218 " ssh-keygen -B [-f input_keyfile]\n"); 2230 " ssh-keygen -B [-f input_keyfile]\n", RSA1_USAGE);
2219#ifdef ENABLE_PKCS11 2231#ifdef ENABLE_PKCS11
2220 fprintf(stderr, 2232 fprintf(stderr,
2221 " ssh-keygen -D pkcs11\n"); 2233 " ssh-keygen -D pkcs11\n");
@@ -2280,6 +2292,8 @@ main(int argc, char **argv)
2280 2292
2281 seed_rng(); 2293 seed_rng();
2282 2294
2295 msetlocale();
2296
2283 /* we need this for the home * directory. */ 2297 /* we need this for the home * directory. */
2284 pw = getpwuid(getuid()); 2298 pw = getpwuid(getuid());
2285 if (!pw) 2299 if (!pw)
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 17:41:55 +0000