xref: /freebsd/crypto/openssh/ssh-keygen.c (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e)
1 /* $OpenBSD: ssh-keygen.c,v 1.155 2006/11/06 21:25:28 markus Exp $ */
2 /*
3  * Author: Tatu Ylonen <ylo@cs.hut.fi>
4  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5  *                    All rights reserved
6  * Identity and host key generation and maintenance.
7  *
8  * As far as I am concerned, the code I have written for this software
9  * can be used freely for any purpose.  Any derived versions of this
10  * software must be clearly marked as such, and if the derived work is
11  * incompatible with the protocol description in the RFC file, it must be
12  * called by a name other than "ssh" or "Secure Shell".
13  */
14 
15 #include "includes.h"
16 
17 #include <sys/types.h>
18 #include <sys/socket.h>
19 #include <sys/stat.h>
20 #include <sys/param.h>
21 
22 #include <openssl/evp.h>
23 #include <openssl/pem.h>
24 
25 #include <errno.h>
26 #include <fcntl.h>
27 #include <netdb.h>
28 #ifdef HAVE_PATHS_H
29 # include <paths.h>
30 #endif
31 #include <pwd.h>
32 #include <stdarg.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <unistd.h>
37 
38 #include "xmalloc.h"
39 #include "key.h"
40 #include "rsa.h"
41 #include "authfile.h"
42 #include "uuencode.h"
43 #include "buffer.h"
44 #include "pathnames.h"
45 #include "log.h"
46 #include "misc.h"
47 #include "match.h"
48 #include "hostfile.h"
49 #include "dns.h"
50 
51 #ifdef SMARTCARD
52 #include "scard.h"
53 #endif
54 
55 /* Number of bits in the RSA/DSA key.  This value can be set on the command line. */
56 #define DEFAULT_BITS		2048
57 #define DEFAULT_BITS_DSA	1024
58 u_int32_t bits = 0;
59 
60 /*
61  * Flag indicating that we just want to change the passphrase.  This can be
62  * set on the command line.
63  */
64 int change_passphrase = 0;
65 
66 /*
67  * Flag indicating that we just want to change the comment.  This can be set
68  * on the command line.
69  */
70 int change_comment = 0;
71 
72 int quiet = 0;
73 
74 /* Flag indicating that we want to hash a known_hosts file */
75 int hash_hosts = 0;
76 /* Flag indicating that we want lookup a host in known_hosts file */
77 int find_host = 0;
78 /* Flag indicating that we want to delete a host from a known_hosts file */
79 int delete_host = 0;
80 
81 /* Flag indicating that we just want to see the key fingerprint */
82 int print_fingerprint = 0;
83 int print_bubblebabble = 0;
84 
85 /* The identity file name, given on the command line or entered by the user. */
86 char identity_file[1024];
87 int have_identity = 0;
88 
89 /* This is set to the passphrase if given on the command line. */
90 char *identity_passphrase = NULL;
91 
92 /* This is set to the new passphrase if given on the command line. */
93 char *identity_new_passphrase = NULL;
94 
95 /* This is set to the new comment if given on the command line. */
96 char *identity_comment = NULL;
97 
98 /* Dump public key file in format used by real and the original SSH 2 */
99 int convert_to_ssh2 = 0;
100 int convert_from_ssh2 = 0;
101 int print_public = 0;
102 int print_generic = 0;
103 
104 char *key_type_name = NULL;
105 
106 /* argv0 */
107 extern char *__progname;
108 
109 char hostname[MAXHOSTNAMELEN];
110 
111 /* moduli.c */
112 int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
113 int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
114 
115 static void
116 ask_filename(struct passwd *pw, const char *prompt)
117 {
118 	char buf[1024];
119 	char *name = NULL;
120 
121 	if (key_type_name == NULL)
122 		name = _PATH_SSH_CLIENT_ID_RSA;
123 	else {
124 		switch (key_type_from_name(key_type_name)) {
125 		case KEY_RSA1:
126 			name = _PATH_SSH_CLIENT_IDENTITY;
127 			break;
128 		case KEY_DSA:
129 			name = _PATH_SSH_CLIENT_ID_DSA;
130 			break;
131 		case KEY_RSA:
132 			name = _PATH_SSH_CLIENT_ID_RSA;
133 			break;
134 		default:
135 			fprintf(stderr, "bad key type");
136 			exit(1);
137 			break;
138 		}
139 	}
140 	snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name);
141 	fprintf(stderr, "%s (%s): ", prompt, identity_file);
142 	if (fgets(buf, sizeof(buf), stdin) == NULL)
143 		exit(1);
144 	if (strchr(buf, '\n'))
145 		*strchr(buf, '\n') = 0;
146 	if (strcmp(buf, "") != 0)
147 		strlcpy(identity_file, buf, sizeof(identity_file));
148 	have_identity = 1;
149 }
150 
151 static Key *
152 load_identity(char *filename)
153 {
154 	char *pass;
155 	Key *prv;
156 
157 	prv = key_load_private(filename, "", NULL);
158 	if (prv == NULL) {
159 		if (identity_passphrase)
160 			pass = xstrdup(identity_passphrase);
161 		else
162 			pass = read_passphrase("Enter passphrase: ",
163 			    RP_ALLOW_STDIN);
164 		prv = key_load_private(filename, pass, NULL);
165 		memset(pass, 0, strlen(pass));
166 		xfree(pass);
167 	}
168 	return prv;
169 }
170 
171 #define SSH_COM_PUBLIC_BEGIN		"---- BEGIN SSH2 PUBLIC KEY ----"
172 #define SSH_COM_PUBLIC_END		"---- END SSH2 PUBLIC KEY ----"
173 #define SSH_COM_PRIVATE_BEGIN		"---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----"
174 #define	SSH_COM_PRIVATE_KEY_MAGIC	0x3f6ff9eb
175 
176 static void
177 do_convert_to_ssh2(struct passwd *pw)
178 {
179 	Key *k;
180 	u_int len;
181 	u_char *blob;
182 	struct stat st;
183 
184 	if (!have_identity)
185 		ask_filename(pw, "Enter file in which the key is");
186 	if (stat(identity_file, &st) < 0) {
187 		perror(identity_file);
188 		exit(1);
189 	}
190 	if ((k = key_load_public(identity_file, NULL)) == NULL) {
191 		if ((k = load_identity(identity_file)) == NULL) {
192 			fprintf(stderr, "load failed\n");
193 			exit(1);
194 		}
195 	}
196 	if (k->type == KEY_RSA1) {
197 		fprintf(stderr, "version 1 keys are not supported\n");
198 		exit(1);
199 	}
200 	if (key_to_blob(k, &blob, &len) <= 0) {
201 		fprintf(stderr, "key_to_blob failed\n");
202 		exit(1);
203 	}
204 	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
205 	fprintf(stdout,
206 	    "Comment: \"%u-bit %s, converted from OpenSSH by %s@%s\"\n",
207 	    key_size(k), key_type(k),
208 	    pw->pw_name, hostname);
209 	dump_base64(stdout, blob, len);
210 	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END);
211 	key_free(k);
212 	xfree(blob);
213 	exit(0);
214 }
215 
216 static void
217 buffer_get_bignum_bits(Buffer *b, BIGNUM *value)
218 {
219 	u_int bignum_bits = buffer_get_int(b);
220 	u_int bytes = (bignum_bits + 7) / 8;
221 
222 	if (buffer_len(b) < bytes)
223 		fatal("buffer_get_bignum_bits: input buffer too small: "
224 		    "need %d have %d", bytes, buffer_len(b));
225 	if (BN_bin2bn(buffer_ptr(b), bytes, value) == NULL)
226 		fatal("buffer_get_bignum_bits: BN_bin2bn failed");
227 	buffer_consume(b, bytes);
228 }
229 
230 static Key *
231 do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
232 {
233 	Buffer b;
234 	Key *key = NULL;
235 	char *type, *cipher;
236 	u_char *sig, data[] = "abcde12345";
237 	int magic, rlen, ktype, i1, i2, i3, i4;
238 	u_int slen;
239 	u_long e;
240 
241 	buffer_init(&b);
242 	buffer_append(&b, blob, blen);
243 
244 	magic  = buffer_get_int(&b);
245 	if (magic != SSH_COM_PRIVATE_KEY_MAGIC) {
246 		error("bad magic 0x%x != 0x%x", magic, SSH_COM_PRIVATE_KEY_MAGIC);
247 		buffer_free(&b);
248 		return NULL;
249 	}
250 	i1 = buffer_get_int(&b);
251 	type   = buffer_get_string(&b, NULL);
252 	cipher = buffer_get_string(&b, NULL);
253 	i2 = buffer_get_int(&b);
254 	i3 = buffer_get_int(&b);
255 	i4 = buffer_get_int(&b);
256 	debug("ignore (%d %d %d %d)", i1,i2,i3,i4);
257 	if (strcmp(cipher, "none") != 0) {
258 		error("unsupported cipher %s", cipher);
259 		xfree(cipher);
260 		buffer_free(&b);
261 		xfree(type);
262 		return NULL;
263 	}
264 	xfree(cipher);
265 
266 	if (strstr(type, "dsa")) {
267 		ktype = KEY_DSA;
268 	} else if (strstr(type, "rsa")) {
269 		ktype = KEY_RSA;
270 	} else {
271 		buffer_free(&b);
272 		xfree(type);
273 		return NULL;
274 	}
275 	key = key_new_private(ktype);
276 	xfree(type);
277 
278 	switch (key->type) {
279 	case KEY_DSA:
280 		buffer_get_bignum_bits(&b, key->dsa->p);
281 		buffer_get_bignum_bits(&b, key->dsa->g);
282 		buffer_get_bignum_bits(&b, key->dsa->q);
283 		buffer_get_bignum_bits(&b, key->dsa->pub_key);
284 		buffer_get_bignum_bits(&b, key->dsa->priv_key);
285 		break;
286 	case KEY_RSA:
287 		e  = buffer_get_char(&b);
288 		debug("e %lx", e);
289 		if (e < 30) {
290 			e <<= 8;
291 			e += buffer_get_char(&b);
292 			debug("e %lx", e);
293 			e <<= 8;
294 			e += buffer_get_char(&b);
295 			debug("e %lx", e);
296 		}
297 		if (!BN_set_word(key->rsa->e, e)) {
298 			buffer_free(&b);
299 			key_free(key);
300 			return NULL;
301 		}
302 		buffer_get_bignum_bits(&b, key->rsa->d);
303 		buffer_get_bignum_bits(&b, key->rsa->n);
304 		buffer_get_bignum_bits(&b, key->rsa->iqmp);
305 		buffer_get_bignum_bits(&b, key->rsa->q);
306 		buffer_get_bignum_bits(&b, key->rsa->p);
307 		rsa_generate_additional_parameters(key->rsa);
308 		break;
309 	}
310 	rlen = buffer_len(&b);
311 	if (rlen != 0)
312 		error("do_convert_private_ssh2_from_blob: "
313 		    "remaining bytes in key blob %d", rlen);
314 	buffer_free(&b);
315 
316 	/* try the key */
317 	key_sign(key, &sig, &slen, data, sizeof(data));
318 	key_verify(key, sig, slen, data, sizeof(data));
319 	xfree(sig);
320 	return key;
321 }
322 
323 static int
324 get_line(FILE *fp, char *line, size_t len)
325 {
326 	int c;
327 	size_t pos = 0;
328 
329 	line[0] = '\0';
330 	while ((c = fgetc(fp)) != EOF) {
331 		if (pos >= len - 1) {
332 			fprintf(stderr, "input line too long.\n");
333 			exit(1);
334 		}
335 		switch (c) {
336 		case '\r':
337 			c = fgetc(fp);
338 			if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) {
339 				fprintf(stderr, "unget: %s\n", strerror(errno));
340 				exit(1);
341 			}
342 			return pos;
343 		case '\n':
344 			return pos;
345 		}
346 		line[pos++] = c;
347 		line[pos] = '\0';
348 	}
349 	if (c == EOF)
350 		return -1;
351 	return pos;
352 }
353 
354 static void
355 do_convert_from_ssh2(struct passwd *pw)
356 {
357 	Key *k;
358 	int blen;
359 	u_int len;
360 	char line[1024];
361 	u_char blob[8096];
362 	char encoded[8096];
363 	struct stat st;
364 	int escaped = 0, private = 0, ok;
365 	FILE *fp;
366 
367 	if (!have_identity)
368 		ask_filename(pw, "Enter file in which the key is");
369 	if (stat(identity_file, &st) < 0) {
370 		perror(identity_file);
371 		exit(1);
372 	}
373 	fp = fopen(identity_file, "r");
374 	if (fp == NULL) {
375 		perror(identity_file);
376 		exit(1);
377 	}
378 	encoded[0] = '\0';
379 	while ((blen = get_line(fp, line, sizeof(line))) != -1) {
380 		if (line[blen - 1] == '\\')
381 			escaped++;
382 		if (strncmp(line, "----", 4) == 0 ||
383 		    strstr(line, ": ") != NULL) {
384 			if (strstr(line, SSH_COM_PRIVATE_BEGIN) != NULL)
385 				private = 1;
386 			if (strstr(line, " END ") != NULL) {
387 				break;
388 			}
389 			/* fprintf(stderr, "ignore: %s", line); */
390 			continue;
391 		}
392 		if (escaped) {
393 			escaped--;
394 			/* fprintf(stderr, "escaped: %s", line); */
395 			continue;
396 		}
397 		strlcat(encoded, line, sizeof(encoded));
398 	}
399 	len = strlen(encoded);
400 	if (((len % 4) == 3) &&
401 	    (encoded[len-1] == '=') &&
402 	    (encoded[len-2] == '=') &&
403 	    (encoded[len-3] == '='))
404 		encoded[len-3] = '\0';
405 	blen = uudecode(encoded, blob, sizeof(blob));
406 	if (blen < 0) {
407 		fprintf(stderr, "uudecode failed.\n");
408 		exit(1);
409 	}
410 	k = private ?
411 	    do_convert_private_ssh2_from_blob(blob, blen) :
412 	    key_from_blob(blob, blen);
413 	if (k == NULL) {
414 		fprintf(stderr, "decode blob failed.\n");
415 		exit(1);
416 	}
417 	ok = private ?
418 	    (k->type == KEY_DSA ?
419 		 PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL) :
420 		 PEM_write_RSAPrivateKey(stdout, k->rsa, NULL, NULL, 0, NULL, NULL)) :
421 	    key_write(k, stdout);
422 	if (!ok) {
423 		fprintf(stderr, "key write failed");
424 		exit(1);
425 	}
426 	key_free(k);
427 	if (!private)
428 		fprintf(stdout, "\n");
429 	fclose(fp);
430 	exit(0);
431 }
432 
433 static void
434 do_print_public(struct passwd *pw)
435 {
436 	Key *prv;
437 	struct stat st;
438 
439 	if (!have_identity)
440 		ask_filename(pw, "Enter file in which the key is");
441 	if (stat(identity_file, &st) < 0) {
442 		perror(identity_file);
443 		exit(1);
444 	}
445 	prv = load_identity(identity_file);
446 	if (prv == NULL) {
447 		fprintf(stderr, "load failed\n");
448 		exit(1);
449 	}
450 	if (!key_write(prv, stdout))
451 		fprintf(stderr, "key_write failed");
452 	key_free(prv);
453 	fprintf(stdout, "\n");
454 	exit(0);
455 }
456 
457 #ifdef SMARTCARD
458 static void
459 do_upload(struct passwd *pw, const char *sc_reader_id)
460 {
461 	Key *prv = NULL;
462 	struct stat st;
463 	int ret;
464 
465 	if (!have_identity)
466 		ask_filename(pw, "Enter file in which the key is");
467 	if (stat(identity_file, &st) < 0) {
468 		perror(identity_file);
469 		exit(1);
470 	}
471 	prv = load_identity(identity_file);
472 	if (prv == NULL) {
473 		error("load failed");
474 		exit(1);
475 	}
476 	ret = sc_put_key(prv, sc_reader_id);
477 	key_free(prv);
478 	if (ret < 0)
479 		exit(1);
480 	logit("loading key done");
481 	exit(0);
482 }
483 
484 static void
485 do_download(struct passwd *pw, const char *sc_reader_id)
486 {
487 	Key **keys = NULL;
488 	int i;
489 
490 	keys = sc_get_keys(sc_reader_id, NULL);
491 	if (keys == NULL)
492 		fatal("cannot read public key from smartcard");
493 	for (i = 0; keys[i]; i++) {
494 		key_write(keys[i], stdout);
495 		key_free(keys[i]);
496 		fprintf(stdout, "\n");
497 	}
498 	xfree(keys);
499 	exit(0);
500 }
501 #endif /* SMARTCARD */
502 
503 static void
504 do_fingerprint(struct passwd *pw)
505 {
506 	FILE *f;
507 	Key *public;
508 	char *comment = NULL, *cp, *ep, line[16*1024], *fp;
509 	int i, skip = 0, num = 1, invalid = 1;
510 	enum fp_rep rep;
511 	enum fp_type fptype;
512 	struct stat st;
513 
514 	fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5;
515 	rep =    print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;
516 
517 	if (!have_identity)
518 		ask_filename(pw, "Enter file in which the key is");
519 	if (stat(identity_file, &st) < 0) {
520 		perror(identity_file);
521 		exit(1);
522 	}
523 	public = key_load_public(identity_file, &comment);
524 	if (public != NULL) {
525 		fp = key_fingerprint(public, fptype, rep);
526 		printf("%u %s %s\n", key_size(public), fp, comment);
527 		key_free(public);
528 		xfree(comment);
529 		xfree(fp);
530 		exit(0);
531 	}
532 	if (comment) {
533 		xfree(comment);
534 		comment = NULL;
535 	}
536 
537 	f = fopen(identity_file, "r");
538 	if (f != NULL) {
539 		while (fgets(line, sizeof(line), f)) {
540 			i = strlen(line) - 1;
541 			if (line[i] != '\n') {
542 				error("line %d too long: %.40s...", num, line);
543 				skip = 1;
544 				continue;
545 			}
546 			num++;
547 			if (skip) {
548 				skip = 0;
549 				continue;
550 			}
551 			line[i] = '\0';
552 
553 			/* Skip leading whitespace, empty and comment lines. */
554 			for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
555 				;
556 			if (!*cp || *cp == '\n' || *cp == '#')
557 				continue ;
558 			i = strtol(cp, &ep, 10);
559 			if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) {
560 				int quoted = 0;
561 				comment = cp;
562 				for (; *cp && (quoted || (*cp != ' ' &&
563 				    *cp != '\t')); cp++) {
564 					if (*cp == '\\' && cp[1] == '"')
565 						cp++;	/* Skip both */
566 					else if (*cp == '"')
567 						quoted = !quoted;
568 				}
569 				if (!*cp)
570 					continue;
571 				*cp++ = '\0';
572 			}
573 			ep = cp;
574 			public = key_new(KEY_RSA1);
575 			if (key_read(public, &cp) != 1) {
576 				cp = ep;
577 				key_free(public);
578 				public = key_new(KEY_UNSPEC);
579 				if (key_read(public, &cp) != 1) {
580 					key_free(public);
581 					continue;
582 				}
583 			}
584 			comment = *cp ? cp : comment;
585 			fp = key_fingerprint(public, fptype, rep);
586 			printf("%u %s %s\n", key_size(public), fp,
587 			    comment ? comment : "no comment");
588 			xfree(fp);
589 			key_free(public);
590 			invalid = 0;
591 		}
592 		fclose(f);
593 	}
594 	if (invalid) {
595 		printf("%s is not a public key file.\n", identity_file);
596 		exit(1);
597 	}
598 	exit(0);
599 }
600 
601 static void
602 print_host(FILE *f, char *name, Key *public, int hash)
603 {
604 	if (hash && (name = host_hash(name, NULL, 0)) == NULL)
605 		fatal("hash_host failed");
606 	fprintf(f, "%s ", name);
607 	if (!key_write(public, f))
608 		fatal("key_write failed");
609 	fprintf(f, "\n");
610 }
611 
612 static void
613 do_known_hosts(struct passwd *pw, const char *name)
614 {
615 	FILE *in, *out = stdout;
616 	Key *public;
617 	char *cp, *cp2, *kp, *kp2;
618 	char line[16*1024], tmp[MAXPATHLEN], old[MAXPATHLEN];
619 	int c, i, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0;
620 
621 	if (!have_identity) {
622 		cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
623 		if (strlcpy(identity_file, cp, sizeof(identity_file)) >=
624 		    sizeof(identity_file))
625 			fatal("Specified known hosts path too long");
626 		xfree(cp);
627 		have_identity = 1;
628 	}
629 	if ((in = fopen(identity_file, "r")) == NULL)
630 		fatal("fopen: %s", strerror(errno));
631 
632 	/*
633 	 * Find hosts goes to stdout, hash and deletions happen in-place
634 	 * A corner case is ssh-keygen -HF foo, which should go to stdout
635 	 */
636 	if (!find_host && (hash_hosts || delete_host)) {
637 		if (strlcpy(tmp, identity_file, sizeof(tmp)) >= sizeof(tmp) ||
638 		    strlcat(tmp, ".XXXXXXXXXX", sizeof(tmp)) >= sizeof(tmp) ||
639 		    strlcpy(old, identity_file, sizeof(old)) >= sizeof(old) ||
640 		    strlcat(old, ".old", sizeof(old)) >= sizeof(old))
641 			fatal("known_hosts path too long");
642 		umask(077);
643 		if ((c = mkstemp(tmp)) == -1)
644 			fatal("mkstemp: %s", strerror(errno));
645 		if ((out = fdopen(c, "w")) == NULL) {
646 			c = errno;
647 			unlink(tmp);
648 			fatal("fdopen: %s", strerror(c));
649 		}
650 		inplace = 1;
651 	}
652 
653 	while (fgets(line, sizeof(line), in)) {
654 		num++;
655 		i = strlen(line) - 1;
656 		if (line[i] != '\n') {
657 			error("line %d too long: %.40s...", num, line);
658 			skip = 1;
659 			invalid = 1;
660 			continue;
661 		}
662 		if (skip) {
663 			skip = 0;
664 			continue;
665 		}
666 		line[i] = '\0';
667 
668 		/* Skip leading whitespace, empty and comment lines. */
669 		for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
670 			;
671 		if (!*cp || *cp == '\n' || *cp == '#') {
672 			if (inplace)
673 				fprintf(out, "%s\n", cp);
674 			continue;
675 		}
676 		/* Find the end of the host name portion. */
677 		for (kp = cp; *kp && *kp != ' ' && *kp != '\t'; kp++)
678 			;
679 		if (*kp == '\0' || *(kp + 1) == '\0') {
680 			error("line %d missing key: %.40s...",
681 			    num, line);
682 			invalid = 1;
683 			continue;
684 		}
685 		*kp++ = '\0';
686 		kp2 = kp;
687 
688 		public = key_new(KEY_RSA1);
689 		if (key_read(public, &kp) != 1) {
690 			kp = kp2;
691 			key_free(public);
692 			public = key_new(KEY_UNSPEC);
693 			if (key_read(public, &kp) != 1) {
694 				error("line %d invalid key: %.40s...",
695 				    num, line);
696 				key_free(public);
697 				invalid = 1;
698 				continue;
699 			}
700 		}
701 
702 		if (*cp == HASH_DELIM) {
703 			if (find_host || delete_host) {
704 				cp2 = host_hash(name, cp, strlen(cp));
705 				if (cp2 == NULL) {
706 					error("line %d: invalid hashed "
707 					    "name: %.64s...", num, line);
708 					invalid = 1;
709 					continue;
710 				}
711 				c = (strcmp(cp2, cp) == 0);
712 				if (find_host && c) {
713 					printf("# Host %s found: "
714 					    "line %d type %s\n", name,
715 					    num, key_type(public));
716 					print_host(out, cp, public, 0);
717 				}
718 				if (delete_host && !c)
719 					print_host(out, cp, public, 0);
720 			} else if (hash_hosts)
721 				print_host(out, cp, public, 0);
722 		} else {
723 			if (find_host || delete_host) {
724 				c = (match_hostname(name, cp,
725 				    strlen(cp)) == 1);
726 				if (find_host && c) {
727 					printf("# Host %s found: "
728 					    "line %d type %s\n", name,
729 					    num, key_type(public));
730 					print_host(out, cp, public, hash_hosts);
731 				}
732 				if (delete_host && !c)
733 					print_host(out, cp, public, 0);
734 			} else if (hash_hosts) {
735 				for (cp2 = strsep(&cp, ",");
736 				    cp2 != NULL && *cp2 != '\0';
737 				    cp2 = strsep(&cp, ",")) {
738 					if (strcspn(cp2, "*?!") != strlen(cp2))
739 						fprintf(stderr, "Warning: "
740 						    "ignoring host name with "
741 						    "metacharacters: %.64s\n",
742 						    cp2);
743 					else
744 						print_host(out, cp2, public, 1);
745 				}
746 				has_unhashed = 1;
747 			}
748 		}
749 		key_free(public);
750 	}
751 	fclose(in);
752 
753 	if (invalid) {
754 		fprintf(stderr, "%s is not a valid known_host file.\n",
755 		    identity_file);
756 		if (inplace) {
757 			fprintf(stderr, "Not replacing existing known_hosts "
758 			    "file because of errors\n");
759 			fclose(out);
760 			unlink(tmp);
761 		}
762 		exit(1);
763 	}
764 
765 	if (inplace) {
766 		fclose(out);
767 
768 		/* Backup existing file */
769 		if (unlink(old) == -1 && errno != ENOENT)
770 			fatal("unlink %.100s: %s", old, strerror(errno));
771 		if (link(identity_file, old) == -1)
772 			fatal("link %.100s to %.100s: %s", identity_file, old,
773 			    strerror(errno));
774 		/* Move new one into place */
775 		if (rename(tmp, identity_file) == -1) {
776 			error("rename\"%s\" to \"%s\": %s", tmp, identity_file,
777 			    strerror(errno));
778 			unlink(tmp);
779 			unlink(old);
780 			exit(1);
781 		}
782 
783 		fprintf(stderr, "%s updated.\n", identity_file);
784 		fprintf(stderr, "Original contents retained as %s\n", old);
785 		if (has_unhashed) {
786 			fprintf(stderr, "WARNING: %s contains unhashed "
787 			    "entries\n", old);
788 			fprintf(stderr, "Delete this file to ensure privacy "
789 			    "of hostnames\n");
790 		}
791 	}
792 
793 	exit(0);
794 }
795 
796 /*
797  * Perform changing a passphrase.  The argument is the passwd structure
798  * for the current user.
799  */
800 static void
801 do_change_passphrase(struct passwd *pw)
802 {
803 	char *comment;
804 	char *old_passphrase, *passphrase1, *passphrase2;
805 	struct stat st;
806 	Key *private;
807 
808 	if (!have_identity)
809 		ask_filename(pw, "Enter file in which the key is");
810 	if (stat(identity_file, &st) < 0) {
811 		perror(identity_file);
812 		exit(1);
813 	}
814 	/* Try to load the file with empty passphrase. */
815 	private = key_load_private(identity_file, "", &comment);
816 	if (private == NULL) {
817 		if (identity_passphrase)
818 			old_passphrase = xstrdup(identity_passphrase);
819 		else
820 			old_passphrase =
821 			    read_passphrase("Enter old passphrase: ",
822 			    RP_ALLOW_STDIN);
823 		private = key_load_private(identity_file, old_passphrase,
824 		    &comment);
825 		memset(old_passphrase, 0, strlen(old_passphrase));
826 		xfree(old_passphrase);
827 		if (private == NULL) {
828 			printf("Bad passphrase.\n");
829 			exit(1);
830 		}
831 	}
832 	printf("Key has comment '%s'\n", comment);
833 
834 	/* Ask the new passphrase (twice). */
835 	if (identity_new_passphrase) {
836 		passphrase1 = xstrdup(identity_new_passphrase);
837 		passphrase2 = NULL;
838 	} else {
839 		passphrase1 =
840 			read_passphrase("Enter new passphrase (empty for no "
841 			    "passphrase): ", RP_ALLOW_STDIN);
842 		passphrase2 = read_passphrase("Enter same passphrase again: ",
843 		    RP_ALLOW_STDIN);
844 
845 		/* Verify that they are the same. */
846 		if (strcmp(passphrase1, passphrase2) != 0) {
847 			memset(passphrase1, 0, strlen(passphrase1));
848 			memset(passphrase2, 0, strlen(passphrase2));
849 			xfree(passphrase1);
850 			xfree(passphrase2);
851 			printf("Pass phrases do not match.  Try again.\n");
852 			exit(1);
853 		}
854 		/* Destroy the other copy. */
855 		memset(passphrase2, 0, strlen(passphrase2));
856 		xfree(passphrase2);
857 	}
858 
859 	/* Save the file using the new passphrase. */
860 	if (!key_save_private(private, identity_file, passphrase1, comment)) {
861 		printf("Saving the key failed: %s.\n", identity_file);
862 		memset(passphrase1, 0, strlen(passphrase1));
863 		xfree(passphrase1);
864 		key_free(private);
865 		xfree(comment);
866 		exit(1);
867 	}
868 	/* Destroy the passphrase and the copy of the key in memory. */
869 	memset(passphrase1, 0, strlen(passphrase1));
870 	xfree(passphrase1);
871 	key_free(private);		 /* Destroys contents */
872 	xfree(comment);
873 
874 	printf("Your identification has been saved with the new passphrase.\n");
875 	exit(0);
876 }
877 
878 /*
879  * Print the SSHFP RR.
880  */
881 static int
882 do_print_resource_record(struct passwd *pw, char *fname, char *hname)
883 {
884 	Key *public;
885 	char *comment = NULL;
886 	struct stat st;
887 
888 	if (fname == NULL)
889 		ask_filename(pw, "Enter file in which the key is");
890 	if (stat(fname, &st) < 0) {
891 		if (errno == ENOENT)
892 			return 0;
893 		perror(fname);
894 		exit(1);
895 	}
896 	public = key_load_public(fname, &comment);
897 	if (public != NULL) {
898 		export_dns_rr(hname, public, stdout, print_generic);
899 		key_free(public);
900 		xfree(comment);
901 		return 1;
902 	}
903 	if (comment)
904 		xfree(comment);
905 
906 	printf("failed to read v2 public key from %s.\n", fname);
907 	exit(1);
908 }
909 
910 /*
911  * Change the comment of a private key file.
912  */
913 static void
914 do_change_comment(struct passwd *pw)
915 {
916 	char new_comment[1024], *comment, *passphrase;
917 	Key *private;
918 	Key *public;
919 	struct stat st;
920 	FILE *f;
921 	int fd;
922 
923 	if (!have_identity)
924 		ask_filename(pw, "Enter file in which the key is");
925 	if (stat(identity_file, &st) < 0) {
926 		perror(identity_file);
927 		exit(1);
928 	}
929 	private = key_load_private(identity_file, "", &comment);
930 	if (private == NULL) {
931 		if (identity_passphrase)
932 			passphrase = xstrdup(identity_passphrase);
933 		else if (identity_new_passphrase)
934 			passphrase = xstrdup(identity_new_passphrase);
935 		else
936 			passphrase = read_passphrase("Enter passphrase: ",
937 			    RP_ALLOW_STDIN);
938 		/* Try to load using the passphrase. */
939 		private = key_load_private(identity_file, passphrase, &comment);
940 		if (private == NULL) {
941 			memset(passphrase, 0, strlen(passphrase));
942 			xfree(passphrase);
943 			printf("Bad passphrase.\n");
944 			exit(1);
945 		}
946 	} else {
947 		passphrase = xstrdup("");
948 	}
949 	if (private->type != KEY_RSA1) {
950 		fprintf(stderr, "Comments are only supported for RSA1 keys.\n");
951 		key_free(private);
952 		exit(1);
953 	}
954 	printf("Key now has comment '%s'\n", comment);
955 
956 	if (identity_comment) {
957 		strlcpy(new_comment, identity_comment, sizeof(new_comment));
958 	} else {
959 		printf("Enter new comment: ");
960 		fflush(stdout);
961 		if (!fgets(new_comment, sizeof(new_comment), stdin)) {
962 			memset(passphrase, 0, strlen(passphrase));
963 			key_free(private);
964 			exit(1);
965 		}
966 		if (strchr(new_comment, '\n'))
967 			*strchr(new_comment, '\n') = 0;
968 	}
969 
970 	/* Save the file using the new passphrase. */
971 	if (!key_save_private(private, identity_file, passphrase, new_comment)) {
972 		printf("Saving the key failed: %s.\n", identity_file);
973 		memset(passphrase, 0, strlen(passphrase));
974 		xfree(passphrase);
975 		key_free(private);
976 		xfree(comment);
977 		exit(1);
978 	}
979 	memset(passphrase, 0, strlen(passphrase));
980 	xfree(passphrase);
981 	public = key_from_private(private);
982 	key_free(private);
983 
984 	strlcat(identity_file, ".pub", sizeof(identity_file));
985 	fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
986 	if (fd == -1) {
987 		printf("Could not save your public key in %s\n", identity_file);
988 		exit(1);
989 	}
990 	f = fdopen(fd, "w");
991 	if (f == NULL) {
992 		printf("fdopen %s failed", identity_file);
993 		exit(1);
994 	}
995 	if (!key_write(public, f))
996 		fprintf(stderr, "write key failed");
997 	key_free(public);
998 	fprintf(f, " %s\n", new_comment);
999 	fclose(f);
1000 
1001 	xfree(comment);
1002 
1003 	printf("The comment in your key file has been changed.\n");
1004 	exit(0);
1005 }
1006 
1007 static void
1008 usage(void)
1009 {
1010 	fprintf(stderr, "Usage: %s [options]\n", __progname);
1011 	fprintf(stderr, "Options:\n");
1012 	fprintf(stderr, "  -a trials   Number of trials for screening DH-GEX moduli.\n");
1013 	fprintf(stderr, "  -B          Show bubblebabble digest of key file.\n");
1014 	fprintf(stderr, "  -b bits     Number of bits in the key to create.\n");
1015 	fprintf(stderr, "  -C comment  Provide new comment.\n");
1016 	fprintf(stderr, "  -c          Change comment in private and public key files.\n");
1017 #ifdef SMARTCARD
1018 	fprintf(stderr, "  -D reader   Download public key from smartcard.\n");
1019 #endif /* SMARTCARD */
1020 	fprintf(stderr, "  -e          Convert OpenSSH to IETF SECSH key file.\n");
1021 	fprintf(stderr, "  -F hostname Find hostname in known hosts file.\n");
1022 	fprintf(stderr, "  -f filename Filename of the key file.\n");
1023 	fprintf(stderr, "  -G file     Generate candidates for DH-GEX moduli.\n");
1024 	fprintf(stderr, "  -g          Use generic DNS resource record format.\n");
1025 	fprintf(stderr, "  -H          Hash names in known_hosts file.\n");
1026 	fprintf(stderr, "  -i          Convert IETF SECSH to OpenSSH key file.\n");
1027 	fprintf(stderr, "  -l          Show fingerprint of key file.\n");
1028 	fprintf(stderr, "  -M memory   Amount of memory (MB) to use for generating DH-GEX moduli.\n");
1029 	fprintf(stderr, "  -N phrase   Provide new passphrase.\n");
1030 	fprintf(stderr, "  -P phrase   Provide old passphrase.\n");
1031 	fprintf(stderr, "  -p          Change passphrase of private key file.\n");
1032 	fprintf(stderr, "  -q          Quiet.\n");
1033 	fprintf(stderr, "  -R hostname Remove host from known_hosts file.\n");
1034 	fprintf(stderr, "  -r hostname Print DNS resource record.\n");
1035 	fprintf(stderr, "  -S start    Start point (hex) for generating DH-GEX moduli.\n");
1036 	fprintf(stderr, "  -T file     Screen candidates for DH-GEX moduli.\n");
1037 	fprintf(stderr, "  -t type     Specify type of key to create.\n");
1038 #ifdef SMARTCARD
1039 	fprintf(stderr, "  -U reader   Upload private key to smartcard.\n");
1040 #endif /* SMARTCARD */
1041 	fprintf(stderr, "  -v          Verbose.\n");
1042 	fprintf(stderr, "  -W gen      Generator to use for generating DH-GEX moduli.\n");
1043 	fprintf(stderr, "  -y          Read private key file and print public key.\n");
1044 
1045 	exit(1);
1046 }
1047 
1048 /*
1049  * Main program for key management.
1050  */
1051 int
1052 main(int ac, char **av)
1053 {
1054 	char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;
1055 	char out_file[MAXPATHLEN], *reader_id = NULL;
1056 	char *rr_hostname = NULL;
1057 	Key *private, *public;
1058 	struct passwd *pw;
1059 	struct stat st;
1060 	int opt, type, fd, download = 0;
1061 	u_int32_t memory = 0, generator_wanted = 0, trials = 100;
1062 	int do_gen_candidates = 0, do_screen_candidates = 0;
1063 	int log_level = SYSLOG_LEVEL_INFO;
1064 	BIGNUM *start = NULL;
1065 	FILE *f;
1066 	const char *errstr;
1067 
1068 	extern int optind;
1069 	extern char *optarg;
1070 
1071 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
1072 	sanitise_stdfd();
1073 
1074 	__progname = ssh_get_progname(av[0]);
1075 
1076 	SSLeay_add_all_algorithms();
1077 	log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
1078 
1079 	init_rng();
1080 	seed_rng();
1081 
1082 	/* we need this for the home * directory.  */
1083 	pw = getpwuid(getuid());
1084 	if (!pw) {
1085 		printf("You don't exist, go away!\n");
1086 		exit(1);
1087 	}
1088 	if (gethostname(hostname, sizeof(hostname)) < 0) {
1089 		perror("gethostname");
1090 		exit(1);
1091 	}
1092 
1093 	while ((opt = getopt(ac, av,
1094 	    "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
1095 		switch (opt) {
1096 		case 'b':
1097 			bits = (u_int32_t)strtonum(optarg, 768, 32768, &errstr);
1098 			if (errstr)
1099 				fatal("Bits has bad value %s (%s)",
1100 					optarg, errstr);
1101 			break;
1102 		case 'F':
1103 			find_host = 1;
1104 			rr_hostname = optarg;
1105 			break;
1106 		case 'H':
1107 			hash_hosts = 1;
1108 			break;
1109 		case 'R':
1110 			delete_host = 1;
1111 			rr_hostname = optarg;
1112 			break;
1113 		case 'l':
1114 			print_fingerprint = 1;
1115 			break;
1116 		case 'B':
1117 			print_bubblebabble = 1;
1118 			break;
1119 		case 'p':
1120 			change_passphrase = 1;
1121 			break;
1122 		case 'c':
1123 			change_comment = 1;
1124 			break;
1125 		case 'f':
1126 			if (strlcpy(identity_file, optarg, sizeof(identity_file)) >=
1127 			    sizeof(identity_file))
1128 				fatal("Identity filename too long");
1129 			have_identity = 1;
1130 			break;
1131 		case 'g':
1132 			print_generic = 1;
1133 			break;
1134 		case 'P':
1135 			identity_passphrase = optarg;
1136 			break;
1137 		case 'N':
1138 			identity_new_passphrase = optarg;
1139 			break;
1140 		case 'C':
1141 			identity_comment = optarg;
1142 			break;
1143 		case 'q':
1144 			quiet = 1;
1145 			break;
1146 		case 'e':
1147 		case 'x':
1148 			/* export key */
1149 			convert_to_ssh2 = 1;
1150 			break;
1151 		case 'i':
1152 		case 'X':
1153 			/* import key */
1154 			convert_from_ssh2 = 1;
1155 			break;
1156 		case 'y':
1157 			print_public = 1;
1158 			break;
1159 		case 'd':
1160 			key_type_name = "dsa";
1161 			break;
1162 		case 't':
1163 			key_type_name = optarg;
1164 			break;
1165 		case 'D':
1166 			download = 1;
1167 			/*FALLTHROUGH*/
1168 		case 'U':
1169 			reader_id = optarg;
1170 			break;
1171 		case 'v':
1172 			if (log_level == SYSLOG_LEVEL_INFO)
1173 				log_level = SYSLOG_LEVEL_DEBUG1;
1174 			else {
1175 				if (log_level >= SYSLOG_LEVEL_DEBUG1 &&
1176 				    log_level < SYSLOG_LEVEL_DEBUG3)
1177 					log_level++;
1178 			}
1179 			break;
1180 		case 'r':
1181 			rr_hostname = optarg;
1182 			break;
1183 		case 'W':
1184 			generator_wanted = (u_int32_t)strtonum(optarg, 1,
1185 			    UINT_MAX, &errstr);
1186 			if (errstr)
1187 				fatal("Desired generator has bad value: %s (%s)",
1188 					optarg, errstr);
1189 			break;
1190 		case 'a':
1191 			trials = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr);
1192 			if (errstr)
1193 				fatal("Invalid number of trials: %s (%s)",
1194 					optarg, errstr);
1195 			break;
1196 		case 'M':
1197 			memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr);
1198 			if (errstr) {
1199 				fatal("Memory limit is %s: %s", errstr, optarg);
1200 			}
1201 			break;
1202 		case 'G':
1203 			do_gen_candidates = 1;
1204 			if (strlcpy(out_file, optarg, sizeof(out_file)) >=
1205 			    sizeof(out_file))
1206 				fatal("Output filename too long");
1207 			break;
1208 		case 'T':
1209 			do_screen_candidates = 1;
1210 			if (strlcpy(out_file, optarg, sizeof(out_file)) >=
1211 			    sizeof(out_file))
1212 				fatal("Output filename too long");
1213 			break;
1214 		case 'S':
1215 			/* XXX - also compare length against bits */
1216 			if (BN_hex2bn(&start, optarg) == 0)
1217 				fatal("Invalid start point.");
1218 			break;
1219 		case '?':
1220 		default:
1221 			usage();
1222 		}
1223 	}
1224 
1225 	/* reinit */
1226 	log_init(av[0], log_level, SYSLOG_FACILITY_USER, 1);
1227 
1228 	if (optind < ac) {
1229 		printf("Too many arguments.\n");
1230 		usage();
1231 	}
1232 	if (change_passphrase && change_comment) {
1233 		printf("Can only have one of -p and -c.\n");
1234 		usage();
1235 	}
1236 	if (delete_host || hash_hosts || find_host)
1237 		do_known_hosts(pw, rr_hostname);
1238 	if (print_fingerprint || print_bubblebabble)
1239 		do_fingerprint(pw);
1240 	if (change_passphrase)
1241 		do_change_passphrase(pw);
1242 	if (change_comment)
1243 		do_change_comment(pw);
1244 	if (convert_to_ssh2)
1245 		do_convert_to_ssh2(pw);
1246 	if (convert_from_ssh2)
1247 		do_convert_from_ssh2(pw);
1248 	if (print_public)
1249 		do_print_public(pw);
1250 	if (rr_hostname != NULL) {
1251 		unsigned int n = 0;
1252 
1253 		if (have_identity) {
1254 			n = do_print_resource_record(pw,
1255 			    identity_file, rr_hostname);
1256 			if (n == 0) {
1257 				perror(identity_file);
1258 				exit(1);
1259 			}
1260 			exit(0);
1261 		} else {
1262 
1263 			n += do_print_resource_record(pw,
1264 			    _PATH_HOST_RSA_KEY_FILE, rr_hostname);
1265 			n += do_print_resource_record(pw,
1266 			    _PATH_HOST_DSA_KEY_FILE, rr_hostname);
1267 
1268 			if (n == 0)
1269 				fatal("no keys found.");
1270 			exit(0);
1271 		}
1272 	}
1273 	if (reader_id != NULL) {
1274 #ifdef SMARTCARD
1275 		if (download)
1276 			do_download(pw, reader_id);
1277 		else
1278 			do_upload(pw, reader_id);
1279 #else /* SMARTCARD */
1280 		fatal("no support for smartcards.");
1281 #endif /* SMARTCARD */
1282 	}
1283 
1284 	if (do_gen_candidates) {
1285 		FILE *out = fopen(out_file, "w");
1286 
1287 		if (out == NULL) {
1288 			error("Couldn't open modulus candidate file \"%s\": %s",
1289 			    out_file, strerror(errno));
1290 			return (1);
1291 		}
1292 		if (bits == 0)
1293 			bits = DEFAULT_BITS;
1294 		if (gen_candidates(out, memory, bits, start) != 0)
1295 			fatal("modulus candidate generation failed");
1296 
1297 		return (0);
1298 	}
1299 
1300 	if (do_screen_candidates) {
1301 		FILE *in;
1302 		FILE *out = fopen(out_file, "w");
1303 
1304 		if (have_identity && strcmp(identity_file, "-") != 0) {
1305 			if ((in = fopen(identity_file, "r")) == NULL) {
1306 				fatal("Couldn't open modulus candidate "
1307 				    "file \"%s\": %s", identity_file,
1308 				    strerror(errno));
1309 			}
1310 		} else
1311 			in = stdin;
1312 
1313 		if (out == NULL) {
1314 			fatal("Couldn't open moduli file \"%s\": %s",
1315 			    out_file, strerror(errno));
1316 		}
1317 		if (prime_test(in, out, trials, generator_wanted) != 0)
1318 			fatal("modulus screening failed");
1319 		return (0);
1320 	}
1321 
1322 	arc4random_stir();
1323 
1324 	if (key_type_name == NULL)
1325 		key_type_name = "rsa";
1326 
1327 	type = key_type_from_name(key_type_name);
1328 	if (type == KEY_UNSPEC) {
1329 		fprintf(stderr, "unknown key type %s\n", key_type_name);
1330 		exit(1);
1331 	}
1332 	if (bits == 0)
1333 		bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS;
1334 	if (type == KEY_DSA && bits != 1024)
1335 		fatal("DSA keys must be 1024 bits");
1336 	if (!quiet)
1337 		printf("Generating public/private %s key pair.\n", key_type_name);
1338 	private = key_generate(type, bits);
1339 	if (private == NULL) {
1340 		fprintf(stderr, "key_generate failed");
1341 		exit(1);
1342 	}
1343 	public  = key_from_private(private);
1344 
1345 	if (!have_identity)
1346 		ask_filename(pw, "Enter file in which to save the key");
1347 
1348 	/* Create ~/.ssh directory if it doesn't already exist. */
1349 	snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);
1350 	if (strstr(identity_file, dotsshdir) != NULL &&
1351 	    stat(dotsshdir, &st) < 0) {
1352 		if (mkdir(dotsshdir, 0700) < 0)
1353 			error("Could not create directory '%s'.", dotsshdir);
1354 		else if (!quiet)
1355 			printf("Created directory '%s'.\n", dotsshdir);
1356 	}
1357 	/* If the file already exists, ask the user to confirm. */
1358 	if (stat(identity_file, &st) >= 0) {
1359 		char yesno[3];
1360 		printf("%s already exists.\n", identity_file);
1361 		printf("Overwrite (y/n)? ");
1362 		fflush(stdout);
1363 		if (fgets(yesno, sizeof(yesno), stdin) == NULL)
1364 			exit(1);
1365 		if (yesno[0] != 'y' && yesno[0] != 'Y')
1366 			exit(1);
1367 	}
1368 	/* Ask for a passphrase (twice). */
1369 	if (identity_passphrase)
1370 		passphrase1 = xstrdup(identity_passphrase);
1371 	else if (identity_new_passphrase)
1372 		passphrase1 = xstrdup(identity_new_passphrase);
1373 	else {
1374 passphrase_again:
1375 		passphrase1 =
1376 			read_passphrase("Enter passphrase (empty for no "
1377 			    "passphrase): ", RP_ALLOW_STDIN);
1378 		passphrase2 = read_passphrase("Enter same passphrase again: ",
1379 		    RP_ALLOW_STDIN);
1380 		if (strcmp(passphrase1, passphrase2) != 0) {
1381 			/*
1382 			 * The passphrases do not match.  Clear them and
1383 			 * retry.
1384 			 */
1385 			memset(passphrase1, 0, strlen(passphrase1));
1386 			memset(passphrase2, 0, strlen(passphrase2));
1387 			xfree(passphrase1);
1388 			xfree(passphrase2);
1389 			printf("Passphrases do not match.  Try again.\n");
1390 			goto passphrase_again;
1391 		}
1392 		/* Clear the other copy of the passphrase. */
1393 		memset(passphrase2, 0, strlen(passphrase2));
1394 		xfree(passphrase2);
1395 	}
1396 
1397 	if (identity_comment) {
1398 		strlcpy(comment, identity_comment, sizeof(comment));
1399 	} else {
1400 		/* Create default commend field for the passphrase. */
1401 		snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname);
1402 	}
1403 
1404 	/* Save the key with the given passphrase and comment. */
1405 	if (!key_save_private(private, identity_file, passphrase1, comment)) {
1406 		printf("Saving the key failed: %s.\n", identity_file);
1407 		memset(passphrase1, 0, strlen(passphrase1));
1408 		xfree(passphrase1);
1409 		exit(1);
1410 	}
1411 	/* Clear the passphrase. */
1412 	memset(passphrase1, 0, strlen(passphrase1));
1413 	xfree(passphrase1);
1414 
1415 	/* Clear the private key and the random number generator. */
1416 	key_free(private);
1417 	arc4random_stir();
1418 
1419 	if (!quiet)
1420 		printf("Your identification has been saved in %s.\n", identity_file);
1421 
1422 	strlcat(identity_file, ".pub", sizeof(identity_file));
1423 	fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
1424 	if (fd == -1) {
1425 		printf("Could not save your public key in %s\n", identity_file);
1426 		exit(1);
1427 	}
1428 	f = fdopen(fd, "w");
1429 	if (f == NULL) {
1430 		printf("fdopen %s failed", identity_file);
1431 		exit(1);
1432 	}
1433 	if (!key_write(public, f))
1434 		fprintf(stderr, "write key failed");
1435 	fprintf(f, " %s\n", comment);
1436 	fclose(f);
1437 
1438 	if (!quiet) {
1439 		char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX);
1440 		printf("Your public key has been saved in %s.\n",
1441 		    identity_file);
1442 		printf("The key fingerprint is:\n");
1443 		printf("%s %s\n", fp, comment);
1444 		xfree(fp);
1445 	}
1446 
1447 	key_free(public);
1448 	exit(0);
1449 }
1450