xref: /freebsd/crypto/openssh/ssh-keygen.c (revision a35f04fba2ebb8f86d4cbdc710c89a094572b08e)
1 /* $OpenBSD: ssh-keygen.c,v 1.292 2016/09/12 03:29:16 dtucker Exp $ */
2 /*
3  * Author: Tatu Ylonen <ylo@cs.hut.fi>
4  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5  *                    All rights reserved
6  * Identity and host key generation and maintenance.
7  *
8  * As far as I am concerned, the code I have written for this software
9  * can be used freely for any purpose.  Any derived versions of this
10  * software must be clearly marked as such, and if the derived work is
11  * incompatible with the protocol description in the RFC file, it must be
12  * called by a name other than "ssh" or "Secure Shell".
13  */
14 
15 #include "includes.h"
16 
17 #include <sys/types.h>
18 #include <sys/socket.h>
19 #include <sys/stat.h>
20 
21 #ifdef WITH_OPENSSL
22 #include <openssl/evp.h>
23 #include <openssl/pem.h>
24 #include "openbsd-compat/openssl-compat.h"
25 #endif
26 
27 #include <errno.h>
28 #include <fcntl.h>
29 #include <netdb.h>
30 #ifdef HAVE_PATHS_H
31 # include <paths.h>
32 #endif
33 #include <pwd.h>
34 #include <stdarg.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <unistd.h>
39 #include <limits.h>
40 
41 #include "xmalloc.h"
42 #include "sshkey.h"
43 #include "rsa.h"
44 #include "authfile.h"
45 #include "uuencode.h"
46 #include "sshbuf.h"
47 #include "pathnames.h"
48 #include "log.h"
49 #include "misc.h"
50 #include "match.h"
51 #include "hostfile.h"
52 #include "dns.h"
53 #include "ssh.h"
54 #include "ssh2.h"
55 #include "ssherr.h"
56 #include "ssh-pkcs11.h"
57 #include "atomicio.h"
58 #include "krl.h"
59 #include "digest.h"
60 
61 #ifdef WITH_OPENSSL
62 # define DEFAULT_KEY_TYPE_NAME "rsa"
63 #else
64 # define DEFAULT_KEY_TYPE_NAME "ed25519"
65 #endif
66 
67 /* Number of bits in the RSA/DSA key.  This value can be set on the command line. */
68 #define DEFAULT_BITS		2048
69 #define DEFAULT_BITS_DSA	1024
70 #define DEFAULT_BITS_ECDSA	256
71 u_int32_t bits = 0;
72 
73 /*
74  * Flag indicating that we just want to change the passphrase.  This can be
75  * set on the command line.
76  */
77 int change_passphrase = 0;
78 
79 /*
80  * Flag indicating that we just want to change the comment.  This can be set
81  * on the command line.
82  */
83 int change_comment = 0;
84 
85 int quiet = 0;
86 
87 int log_level = SYSLOG_LEVEL_INFO;
88 
89 /* Flag indicating that we want to hash a known_hosts file */
90 int hash_hosts = 0;
91 /* Flag indicating that we want lookup a host in known_hosts file */
92 int find_host = 0;
93 /* Flag indicating that we want to delete a host from a known_hosts file */
94 int delete_host = 0;
95 
96 /* Flag indicating that we want to show the contents of a certificate */
97 int show_cert = 0;
98 
99 /* Flag indicating that we just want to see the key fingerprint */
100 int print_fingerprint = 0;
101 int print_bubblebabble = 0;
102 
103 /* Hash algorithm to use for fingerprints. */
104 int fingerprint_hash = SSH_FP_HASH_DEFAULT;
105 
106 /* The identity file name, given on the command line or entered by the user. */
107 char identity_file[1024];
108 int have_identity = 0;
109 
110 /* This is set to the passphrase if given on the command line. */
111 char *identity_passphrase = NULL;
112 
113 /* This is set to the new passphrase if given on the command line. */
114 char *identity_new_passphrase = NULL;
115 
116 /* This is set to the new comment if given on the command line. */
117 char *identity_comment = NULL;
118 
119 /* Path to CA key when certifying keys. */
120 char *ca_key_path = NULL;
121 
122 /* Certificate serial number */
123 unsigned long long cert_serial = 0;
124 
125 /* Key type when certifying */
126 u_int cert_key_type = SSH2_CERT_TYPE_USER;
127 
128 /* "key ID" of signed key */
129 char *cert_key_id = NULL;
130 
131 /* Comma-separated list of principal names for certifying keys */
132 char *cert_principals = NULL;
133 
134 /* Validity period for certificates */
135 u_int64_t cert_valid_from = 0;
136 u_int64_t cert_valid_to = ~0ULL;
137 
138 /* Certificate options */
139 #define CERTOPT_X_FWD	(1)
140 #define CERTOPT_AGENT_FWD	(1<<1)
141 #define CERTOPT_PORT_FWD	(1<<2)
142 #define CERTOPT_PTY		(1<<3)
143 #define CERTOPT_USER_RC	(1<<4)
144 #define CERTOPT_DEFAULT	(CERTOPT_X_FWD|CERTOPT_AGENT_FWD| \
145 			 CERTOPT_PORT_FWD|CERTOPT_PTY|CERTOPT_USER_RC)
146 u_int32_t certflags_flags = CERTOPT_DEFAULT;
147 char *certflags_command = NULL;
148 char *certflags_src_addr = NULL;
149 
150 /* Conversion to/from various formats */
151 int convert_to = 0;
152 int convert_from = 0;
153 enum {
154 	FMT_RFC4716,
155 	FMT_PKCS8,
156 	FMT_PEM
157 } convert_format = FMT_RFC4716;
158 int print_public = 0;
159 int print_generic = 0;
160 
161 char *key_type_name = NULL;
162 
163 /* Load key from this PKCS#11 provider */
164 char *pkcs11provider = NULL;
165 
166 /* Use new OpenSSH private key format when writing SSH2 keys instead of PEM */
167 int use_new_format = 0;
168 
169 /* Cipher for new-format private keys */
170 char *new_format_cipher = NULL;
171 
172 /*
173  * Number of KDF rounds to derive new format keys /
174  * number of primality trials when screening moduli.
175  */
176 int rounds = 0;
177 
178 /* argv0 */
179 extern char *__progname;
180 
181 char hostname[NI_MAXHOST];
182 
183 #ifdef WITH_OPENSSL
184 /* moduli.c */
185 int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
186 int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
187     unsigned long);
188 #endif
189 
190 static void
191 type_bits_valid(int type, const char *name, u_int32_t *bitsp)
192 {
193 #ifdef WITH_OPENSSL
194 	u_int maxbits, nid;
195 #endif
196 
197 	if (type == KEY_UNSPEC)
198 		fatal("unknown key type %s", key_type_name);
199 	if (*bitsp == 0) {
200 #ifdef WITH_OPENSSL
201 		if (type == KEY_DSA)
202 			*bitsp = DEFAULT_BITS_DSA;
203 		else if (type == KEY_ECDSA) {
204 			if (name != NULL &&
205 			    (nid = sshkey_ecdsa_nid_from_name(name)) > 0)
206 				*bitsp = sshkey_curve_nid_to_bits(nid);
207 			if (*bitsp == 0)
208 				*bitsp = DEFAULT_BITS_ECDSA;
209 		} else
210 #endif
211 			*bitsp = DEFAULT_BITS;
212 	}
213 #ifdef WITH_OPENSSL
214 	maxbits = (type == KEY_DSA) ?
215 	    OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
216 	if (*bitsp > maxbits)
217 		fatal("key bits exceeds maximum %d", maxbits);
218 	if (type == KEY_DSA && *bitsp != 1024)
219 		fatal("DSA keys must be 1024 bits");
220 	else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 1024)
221 		fatal("Key must at least be 1024 bits");
222 	else if (type == KEY_ECDSA && sshkey_ecdsa_bits_to_nid(*bitsp) == -1)
223 		fatal("Invalid ECDSA key length - valid lengths are "
224 		    "256, 384 or 521 bits");
225 #endif
226 }
227 
228 static void
229 ask_filename(struct passwd *pw, const char *prompt)
230 {
231 	char buf[1024];
232 	char *name = NULL;
233 
234 	if (key_type_name == NULL)
235 		name = _PATH_SSH_CLIENT_ID_RSA;
236 	else {
237 		switch (sshkey_type_from_name(key_type_name)) {
238 		case KEY_RSA1:
239 			name = _PATH_SSH_CLIENT_IDENTITY;
240 			break;
241 		case KEY_DSA_CERT:
242 		case KEY_DSA:
243 			name = _PATH_SSH_CLIENT_ID_DSA;
244 			break;
245 #ifdef OPENSSL_HAS_ECC
246 		case KEY_ECDSA_CERT:
247 		case KEY_ECDSA:
248 			name = _PATH_SSH_CLIENT_ID_ECDSA;
249 			break;
250 #endif
251 		case KEY_RSA_CERT:
252 		case KEY_RSA:
253 			name = _PATH_SSH_CLIENT_ID_RSA;
254 			break;
255 		case KEY_ED25519:
256 		case KEY_ED25519_CERT:
257 			name = _PATH_SSH_CLIENT_ID_ED25519;
258 			break;
259 		default:
260 			fatal("bad key type");
261 		}
262 	}
263 	snprintf(identity_file, sizeof(identity_file),
264 	    "%s/%s", pw->pw_dir, name);
265 	printf("%s (%s): ", prompt, identity_file);
266 	fflush(stdout);
267 	if (fgets(buf, sizeof(buf), stdin) == NULL)
268 		exit(1);
269 	buf[strcspn(buf, "\n")] = '\0';
270 	if (strcmp(buf, "") != 0)
271 		strlcpy(identity_file, buf, sizeof(identity_file));
272 	have_identity = 1;
273 }
274 
275 static struct sshkey *
276 load_identity(char *filename)
277 {
278 	char *pass;
279 	struct sshkey *prv;
280 	int r;
281 
282 	if ((r = sshkey_load_private(filename, "", &prv, NULL)) == 0)
283 		return prv;
284 	if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
285 		fatal("Load key \"%s\": %s", filename, ssh_err(r));
286 	if (identity_passphrase)
287 		pass = xstrdup(identity_passphrase);
288 	else
289 		pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN);
290 	r = sshkey_load_private(filename, pass, &prv, NULL);
291 	explicit_bzero(pass, strlen(pass));
292 	free(pass);
293 	if (r != 0)
294 		fatal("Load key \"%s\": %s", filename, ssh_err(r));
295 	return prv;
296 }
297 
298 #define SSH_COM_PUBLIC_BEGIN		"---- BEGIN SSH2 PUBLIC KEY ----"
299 #define SSH_COM_PUBLIC_END		"---- END SSH2 PUBLIC KEY ----"
300 #define SSH_COM_PRIVATE_BEGIN		"---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----"
301 #define	SSH_COM_PRIVATE_KEY_MAGIC	0x3f6ff9eb
302 
303 #ifdef WITH_OPENSSL
304 static void
305 do_convert_to_ssh2(struct passwd *pw, struct sshkey *k)
306 {
307 	size_t len;
308 	u_char *blob;
309 	char comment[61];
310 	int r;
311 
312 	if (k->type == KEY_RSA1)
313 		fatal("version 1 keys are not supported");
314 	if ((r = sshkey_to_blob(k, &blob, &len)) != 0)
315 		fatal("key_to_blob failed: %s", ssh_err(r));
316 	/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
317 	snprintf(comment, sizeof(comment),
318 	    "%u-bit %s, converted by %s@%s from OpenSSH",
319 	    sshkey_size(k), sshkey_type(k),
320 	    pw->pw_name, hostname);
321 
322 	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
323 	fprintf(stdout, "Comment: \"%s\"\n", comment);
324 	dump_base64(stdout, blob, len);
325 	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END);
326 	sshkey_free(k);
327 	free(blob);
328 	exit(0);
329 }
330 
331 static void
332 do_convert_to_pkcs8(struct sshkey *k)
333 {
334 	switch (sshkey_type_plain(k->type)) {
335 	case KEY_RSA1:
336 	case KEY_RSA:
337 		if (!PEM_write_RSA_PUBKEY(stdout, k->rsa))
338 			fatal("PEM_write_RSA_PUBKEY failed");
339 		break;
340 	case KEY_DSA:
341 		if (!PEM_write_DSA_PUBKEY(stdout, k->dsa))
342 			fatal("PEM_write_DSA_PUBKEY failed");
343 		break;
344 #ifdef OPENSSL_HAS_ECC
345 	case KEY_ECDSA:
346 		if (!PEM_write_EC_PUBKEY(stdout, k->ecdsa))
347 			fatal("PEM_write_EC_PUBKEY failed");
348 		break;
349 #endif
350 	default:
351 		fatal("%s: unsupported key type %s", __func__, sshkey_type(k));
352 	}
353 	exit(0);
354 }
355 
356 static void
357 do_convert_to_pem(struct sshkey *k)
358 {
359 	switch (sshkey_type_plain(k->type)) {
360 	case KEY_RSA1:
361 	case KEY_RSA:
362 		if (!PEM_write_RSAPublicKey(stdout, k->rsa))
363 			fatal("PEM_write_RSAPublicKey failed");
364 		break;
365 #if notyet /* OpenSSH 0.9.8 lacks this function */
366 	case KEY_DSA:
367 		if (!PEM_write_DSAPublicKey(stdout, k->dsa))
368 			fatal("PEM_write_DSAPublicKey failed");
369 		break;
370 #endif
371 	/* XXX ECDSA? */
372 	default:
373 		fatal("%s: unsupported key type %s", __func__, sshkey_type(k));
374 	}
375 	exit(0);
376 }
377 
378 static void
379 do_convert_to(struct passwd *pw)
380 {
381 	struct sshkey *k;
382 	struct stat st;
383 	int r;
384 
385 	if (!have_identity)
386 		ask_filename(pw, "Enter file in which the key is");
387 	if (stat(identity_file, &st) < 0)
388 		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
389 	if ((r = sshkey_load_public(identity_file, &k, NULL)) != 0)
390 		k = load_identity(identity_file);
391 	switch (convert_format) {
392 	case FMT_RFC4716:
393 		do_convert_to_ssh2(pw, k);
394 		break;
395 	case FMT_PKCS8:
396 		do_convert_to_pkcs8(k);
397 		break;
398 	case FMT_PEM:
399 		do_convert_to_pem(k);
400 		break;
401 	default:
402 		fatal("%s: unknown key format %d", __func__, convert_format);
403 	}
404 	exit(0);
405 }
406 
407 /*
408  * This is almost exactly the bignum1 encoding, but with 32 bit for length
409  * instead of 16.
410  */
411 static void
412 buffer_get_bignum_bits(struct sshbuf *b, BIGNUM *value)
413 {
414 	u_int bytes, bignum_bits;
415 	int r;
416 
417 	if ((r = sshbuf_get_u32(b, &bignum_bits)) != 0)
418 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
419 	bytes = (bignum_bits + 7) / 8;
420 	if (sshbuf_len(b) < bytes)
421 		fatal("%s: input buffer too small: need %d have %zu",
422 		    __func__, bytes, sshbuf_len(b));
423 	if (BN_bin2bn(sshbuf_ptr(b), bytes, value) == NULL)
424 		fatal("%s: BN_bin2bn failed", __func__);
425 	if ((r = sshbuf_consume(b, bytes)) != 0)
426 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
427 }
428 
429 static struct sshkey *
430 do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
431 {
432 	struct sshbuf *b;
433 	struct sshkey *key = NULL;
434 	char *type, *cipher;
435 	u_char e1, e2, e3, *sig = NULL, data[] = "abcde12345";
436 	int r, rlen, ktype;
437 	u_int magic, i1, i2, i3, i4;
438 	size_t slen;
439 	u_long e;
440 
441 	if ((b = sshbuf_from(blob, blen)) == NULL)
442 		fatal("%s: sshbuf_from failed", __func__);
443 	if ((r = sshbuf_get_u32(b, &magic)) != 0)
444 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
445 
446 	if (magic != SSH_COM_PRIVATE_KEY_MAGIC) {
447 		error("bad magic 0x%x != 0x%x", magic,
448 		    SSH_COM_PRIVATE_KEY_MAGIC);
449 		sshbuf_free(b);
450 		return NULL;
451 	}
452 	if ((r = sshbuf_get_u32(b, &i1)) != 0 ||
453 	    (r = sshbuf_get_cstring(b, &type, NULL)) != 0 ||
454 	    (r = sshbuf_get_cstring(b, &cipher, NULL)) != 0 ||
455 	    (r = sshbuf_get_u32(b, &i2)) != 0 ||
456 	    (r = sshbuf_get_u32(b, &i3)) != 0 ||
457 	    (r = sshbuf_get_u32(b, &i4)) != 0)
458 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
459 	debug("ignore (%d %d %d %d)", i1, i2, i3, i4);
460 	if (strcmp(cipher, "none") != 0) {
461 		error("unsupported cipher %s", cipher);
462 		free(cipher);
463 		sshbuf_free(b);
464 		free(type);
465 		return NULL;
466 	}
467 	free(cipher);
468 
469 	if (strstr(type, "dsa")) {
470 		ktype = KEY_DSA;
471 	} else if (strstr(type, "rsa")) {
472 		ktype = KEY_RSA;
473 	} else {
474 		sshbuf_free(b);
475 		free(type);
476 		return NULL;
477 	}
478 	if ((key = sshkey_new_private(ktype)) == NULL)
479 		fatal("key_new_private failed");
480 	free(type);
481 
482 	switch (key->type) {
483 	case KEY_DSA:
484 		buffer_get_bignum_bits(b, key->dsa->p);
485 		buffer_get_bignum_bits(b, key->dsa->g);
486 		buffer_get_bignum_bits(b, key->dsa->q);
487 		buffer_get_bignum_bits(b, key->dsa->pub_key);
488 		buffer_get_bignum_bits(b, key->dsa->priv_key);
489 		break;
490 	case KEY_RSA:
491 		if ((r = sshbuf_get_u8(b, &e1)) != 0 ||
492 		    (e1 < 30 && (r = sshbuf_get_u8(b, &e2)) != 0) ||
493 		    (e1 < 30 && (r = sshbuf_get_u8(b, &e3)) != 0))
494 			fatal("%s: buffer error: %s", __func__, ssh_err(r));
495 		e = e1;
496 		debug("e %lx", e);
497 		if (e < 30) {
498 			e <<= 8;
499 			e += e2;
500 			debug("e %lx", e);
501 			e <<= 8;
502 			e += e3;
503 			debug("e %lx", e);
504 		}
505 		if (!BN_set_word(key->rsa->e, e)) {
506 			sshbuf_free(b);
507 			sshkey_free(key);
508 			return NULL;
509 		}
510 		buffer_get_bignum_bits(b, key->rsa->d);
511 		buffer_get_bignum_bits(b, key->rsa->n);
512 		buffer_get_bignum_bits(b, key->rsa->iqmp);
513 		buffer_get_bignum_bits(b, key->rsa->q);
514 		buffer_get_bignum_bits(b, key->rsa->p);
515 		if ((r = rsa_generate_additional_parameters(key->rsa)) != 0)
516 			fatal("generate RSA parameters failed: %s", ssh_err(r));
517 		break;
518 	}
519 	rlen = sshbuf_len(b);
520 	if (rlen != 0)
521 		error("do_convert_private_ssh2_from_blob: "
522 		    "remaining bytes in key blob %d", rlen);
523 	sshbuf_free(b);
524 
525 	/* try the key */
526 	if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 ||
527 	    sshkey_verify(key, sig, slen, data, sizeof(data), 0) != 0) {
528 		sshkey_free(key);
529 		free(sig);
530 		return NULL;
531 	}
532 	free(sig);
533 	return key;
534 }
535 
536 static int
537 get_line(FILE *fp, char *line, size_t len)
538 {
539 	int c;
540 	size_t pos = 0;
541 
542 	line[0] = '\0';
543 	while ((c = fgetc(fp)) != EOF) {
544 		if (pos >= len - 1)
545 			fatal("input line too long.");
546 		switch (c) {
547 		case '\r':
548 			c = fgetc(fp);
549 			if (c != EOF && c != '\n' && ungetc(c, fp) == EOF)
550 				fatal("unget: %s", strerror(errno));
551 			return pos;
552 		case '\n':
553 			return pos;
554 		}
555 		line[pos++] = c;
556 		line[pos] = '\0';
557 	}
558 	/* We reached EOF */
559 	return -1;
560 }
561 
562 static void
563 do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private)
564 {
565 	int r, blen, escaped = 0;
566 	u_int len;
567 	char line[1024];
568 	u_char blob[8096];
569 	char encoded[8096];
570 	FILE *fp;
571 
572 	if ((fp = fopen(identity_file, "r")) == NULL)
573 		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
574 	encoded[0] = '\0';
575 	while ((blen = get_line(fp, line, sizeof(line))) != -1) {
576 		if (blen > 0 && line[blen - 1] == '\\')
577 			escaped++;
578 		if (strncmp(line, "----", 4) == 0 ||
579 		    strstr(line, ": ") != NULL) {
580 			if (strstr(line, SSH_COM_PRIVATE_BEGIN) != NULL)
581 				*private = 1;
582 			if (strstr(line, " END ") != NULL) {
583 				break;
584 			}
585 			/* fprintf(stderr, "ignore: %s", line); */
586 			continue;
587 		}
588 		if (escaped) {
589 			escaped--;
590 			/* fprintf(stderr, "escaped: %s", line); */
591 			continue;
592 		}
593 		strlcat(encoded, line, sizeof(encoded));
594 	}
595 	len = strlen(encoded);
596 	if (((len % 4) == 3) &&
597 	    (encoded[len-1] == '=') &&
598 	    (encoded[len-2] == '=') &&
599 	    (encoded[len-3] == '='))
600 		encoded[len-3] = '\0';
601 	blen = uudecode(encoded, blob, sizeof(blob));
602 	if (blen < 0)
603 		fatal("uudecode failed.");
604 	if (*private)
605 		*k = do_convert_private_ssh2_from_blob(blob, blen);
606 	else if ((r = sshkey_from_blob(blob, blen, k)) != 0)
607 		fatal("decode blob failed: %s", ssh_err(r));
608 	fclose(fp);
609 }
610 
611 static void
612 do_convert_from_pkcs8(struct sshkey **k, int *private)
613 {
614 	EVP_PKEY *pubkey;
615 	FILE *fp;
616 
617 	if ((fp = fopen(identity_file, "r")) == NULL)
618 		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
619 	if ((pubkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL)) == NULL) {
620 		fatal("%s: %s is not a recognised public key format", __func__,
621 		    identity_file);
622 	}
623 	fclose(fp);
624 	switch (EVP_PKEY_type(pubkey->type)) {
625 	case EVP_PKEY_RSA:
626 		if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
627 			fatal("sshkey_new failed");
628 		(*k)->type = KEY_RSA;
629 		(*k)->rsa = EVP_PKEY_get1_RSA(pubkey);
630 		break;
631 	case EVP_PKEY_DSA:
632 		if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
633 			fatal("sshkey_new failed");
634 		(*k)->type = KEY_DSA;
635 		(*k)->dsa = EVP_PKEY_get1_DSA(pubkey);
636 		break;
637 #ifdef OPENSSL_HAS_ECC
638 	case EVP_PKEY_EC:
639 		if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
640 			fatal("sshkey_new failed");
641 		(*k)->type = KEY_ECDSA;
642 		(*k)->ecdsa = EVP_PKEY_get1_EC_KEY(pubkey);
643 		(*k)->ecdsa_nid = sshkey_ecdsa_key_to_nid((*k)->ecdsa);
644 		break;
645 #endif
646 	default:
647 		fatal("%s: unsupported pubkey type %d", __func__,
648 		    EVP_PKEY_type(pubkey->type));
649 	}
650 	EVP_PKEY_free(pubkey);
651 	return;
652 }
653 
654 static void
655 do_convert_from_pem(struct sshkey **k, int *private)
656 {
657 	FILE *fp;
658 	RSA *rsa;
659 #ifdef notyet
660 	DSA *dsa;
661 #endif
662 
663 	if ((fp = fopen(identity_file, "r")) == NULL)
664 		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
665 	if ((rsa = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL)) != NULL) {
666 		if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
667 			fatal("sshkey_new failed");
668 		(*k)->type = KEY_RSA;
669 		(*k)->rsa = rsa;
670 		fclose(fp);
671 		return;
672 	}
673 #if notyet /* OpenSSH 0.9.8 lacks this function */
674 	rewind(fp);
675 	if ((dsa = PEM_read_DSAPublicKey(fp, NULL, NULL, NULL)) != NULL) {
676 		if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
677 			fatal("sshkey_new failed");
678 		(*k)->type = KEY_DSA;
679 		(*k)->dsa = dsa;
680 		fclose(fp);
681 		return;
682 	}
683 	/* XXX ECDSA */
684 #endif
685 	fatal("%s: unrecognised raw private key format", __func__);
686 }
687 
688 static void
689 do_convert_from(struct passwd *pw)
690 {
691 	struct sshkey *k = NULL;
692 	int r, private = 0, ok = 0;
693 	struct stat st;
694 
695 	if (!have_identity)
696 		ask_filename(pw, "Enter file in which the key is");
697 	if (stat(identity_file, &st) < 0)
698 		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
699 
700 	switch (convert_format) {
701 	case FMT_RFC4716:
702 		do_convert_from_ssh2(pw, &k, &private);
703 		break;
704 	case FMT_PKCS8:
705 		do_convert_from_pkcs8(&k, &private);
706 		break;
707 	case FMT_PEM:
708 		do_convert_from_pem(&k, &private);
709 		break;
710 	default:
711 		fatal("%s: unknown key format %d", __func__, convert_format);
712 	}
713 
714 	if (!private) {
715 		if ((r = sshkey_write(k, stdout)) == 0)
716 			ok = 1;
717 		if (ok)
718 			fprintf(stdout, "\n");
719 	} else {
720 		switch (k->type) {
721 		case KEY_DSA:
722 			ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL,
723 			    NULL, 0, NULL, NULL);
724 			break;
725 #ifdef OPENSSL_HAS_ECC
726 		case KEY_ECDSA:
727 			ok = PEM_write_ECPrivateKey(stdout, k->ecdsa, NULL,
728 			    NULL, 0, NULL, NULL);
729 			break;
730 #endif
731 		case KEY_RSA:
732 			ok = PEM_write_RSAPrivateKey(stdout, k->rsa, NULL,
733 			    NULL, 0, NULL, NULL);
734 			break;
735 		default:
736 			fatal("%s: unsupported key type %s", __func__,
737 			    sshkey_type(k));
738 		}
739 	}
740 
741 	if (!ok)
742 		fatal("key write failed");
743 	sshkey_free(k);
744 	exit(0);
745 }
746 #endif
747 
748 static void
749 do_print_public(struct passwd *pw)
750 {
751 	struct sshkey *prv;
752 	struct stat st;
753 	int r;
754 
755 	if (!have_identity)
756 		ask_filename(pw, "Enter file in which the key is");
757 	if (stat(identity_file, &st) < 0)
758 		fatal("%s: %s", identity_file, strerror(errno));
759 	prv = load_identity(identity_file);
760 	if ((r = sshkey_write(prv, stdout)) != 0)
761 		error("key_write failed: %s", ssh_err(r));
762 	sshkey_free(prv);
763 	fprintf(stdout, "\n");
764 	exit(0);
765 }
766 
767 static void
768 do_download(struct passwd *pw)
769 {
770 #ifdef ENABLE_PKCS11
771 	struct sshkey **keys = NULL;
772 	int i, nkeys;
773 	enum sshkey_fp_rep rep;
774 	int fptype;
775 	char *fp, *ra;
776 
777 	fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;
778 	rep =    print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
779 
780 	pkcs11_init(0);
781 	nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys);
782 	if (nkeys <= 0)
783 		fatal("cannot read public key from pkcs11");
784 	for (i = 0; i < nkeys; i++) {
785 		if (print_fingerprint) {
786 			fp = sshkey_fingerprint(keys[i], fptype, rep);
787 			ra = sshkey_fingerprint(keys[i], fingerprint_hash,
788 			    SSH_FP_RANDOMART);
789 			if (fp == NULL || ra == NULL)
790 				fatal("%s: sshkey_fingerprint fail", __func__);
791 			printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]),
792 			    fp, sshkey_type(keys[i]));
793 			if (log_level >= SYSLOG_LEVEL_VERBOSE)
794 				printf("%s\n", ra);
795 			free(ra);
796 			free(fp);
797 		} else {
798 			(void) sshkey_write(keys[i], stdout); /* XXX check */
799 			fprintf(stdout, "\n");
800 		}
801 		sshkey_free(keys[i]);
802 	}
803 	free(keys);
804 	pkcs11_terminate();
805 	exit(0);
806 #else
807 	fatal("no pkcs11 support");
808 #endif /* ENABLE_PKCS11 */
809 }
810 
811 static struct sshkey *
812 try_read_key(char **cpp)
813 {
814 	struct sshkey *ret;
815 	int r;
816 
817 	if ((ret = sshkey_new(KEY_RSA1)) == NULL)
818 		fatal("sshkey_new failed");
819 	/* Try RSA1 */
820 	if ((r = sshkey_read(ret, cpp)) == 0)
821 		return ret;
822 	/* Try modern */
823 	sshkey_free(ret);
824 	if ((ret = sshkey_new(KEY_UNSPEC)) == NULL)
825 		fatal("sshkey_new failed");
826 	if ((r = sshkey_read(ret, cpp)) == 0)
827 		return ret;
828 	/* Not a key */
829 	sshkey_free(ret);
830 	return NULL;
831 }
832 
833 static void
834 fingerprint_one_key(const struct sshkey *public, const char *comment)
835 {
836 	char *fp = NULL, *ra = NULL;
837 	enum sshkey_fp_rep rep;
838 	int fptype;
839 
840 	fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;
841 	rep =    print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
842 	fp = sshkey_fingerprint(public, fptype, rep);
843 	ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART);
844 	if (fp == NULL || ra == NULL)
845 		fatal("%s: sshkey_fingerprint failed", __func__);
846 	printf("%u %s %s (%s)\n", sshkey_size(public), fp,
847 	    comment ? comment : "no comment", sshkey_type(public));
848 	if (log_level >= SYSLOG_LEVEL_VERBOSE)
849 		printf("%s\n", ra);
850 	free(ra);
851 	free(fp);
852 }
853 
854 static void
855 fingerprint_private(const char *path)
856 {
857 	struct stat st;
858 	char *comment = NULL;
859 	struct sshkey *public = NULL;
860 	int r;
861 
862 	if (stat(identity_file, &st) < 0)
863 		fatal("%s: %s", path, strerror(errno));
864 	if ((r = sshkey_load_public(path, &public, &comment)) != 0) {
865 		debug("load public \"%s\": %s", path, ssh_err(r));
866 		if ((r = sshkey_load_private(path, NULL,
867 		    &public, &comment)) != 0) {
868 			debug("load private \"%s\": %s", path, ssh_err(r));
869 			fatal("%s is not a key file.", path);
870 		}
871 	}
872 
873 	fingerprint_one_key(public, comment);
874 	sshkey_free(public);
875 	free(comment);
876 }
877 
878 static void
879 do_fingerprint(struct passwd *pw)
880 {
881 	FILE *f;
882 	struct sshkey *public = NULL;
883 	char *comment = NULL, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES];
884 	int i, invalid = 1;
885 	const char *path;
886 	u_long lnum = 0;
887 
888 	if (!have_identity)
889 		ask_filename(pw, "Enter file in which the key is");
890 	path = identity_file;
891 
892 	if (strcmp(identity_file, "-") == 0) {
893 		f = stdin;
894 		path = "(stdin)";
895 	} else if ((f = fopen(path, "r")) == NULL)
896 		fatal("%s: %s: %s", __progname, path, strerror(errno));
897 
898 	while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) {
899 		cp = line;
900 		cp[strcspn(cp, "\n")] = '\0';
901 		/* Trim leading space and comments */
902 		cp = line + strspn(line, " \t");
903 		if (*cp == '#' || *cp == '\0')
904 			continue;
905 
906 		/*
907 		 * Input may be plain keys, private keys, authorized_keys
908 		 * or known_hosts.
909 		 */
910 
911 		/*
912 		 * Try private keys first. Assume a key is private if
913 		 * "SSH PRIVATE KEY" appears on the first line and we're
914 		 * not reading from stdin (XXX support private keys on stdin).
915 		 */
916 		if (lnum == 1 && strcmp(identity_file, "-") != 0 &&
917 		    strstr(cp, "PRIVATE KEY") != NULL) {
918 			fclose(f);
919 			fingerprint_private(path);
920 			exit(0);
921 		}
922 
923 		/*
924 		 * If it's not a private key, then this must be prepared to
925 		 * accept a public key prefixed with a hostname or options.
926 		 * Try a bare key first, otherwise skip the leading stuff.
927 		 */
928 		if ((public = try_read_key(&cp)) == NULL) {
929 			i = strtol(cp, &ep, 10);
930 			if (i == 0 || ep == NULL ||
931 			    (*ep != ' ' && *ep != '\t')) {
932 				int quoted = 0;
933 
934 				comment = cp;
935 				for (; *cp && (quoted || (*cp != ' ' &&
936 				    *cp != '\t')); cp++) {
937 					if (*cp == '\\' && cp[1] == '"')
938 						cp++;	/* Skip both */
939 					else if (*cp == '"')
940 						quoted = !quoted;
941 				}
942 				if (!*cp)
943 					continue;
944 				*cp++ = '\0';
945 			}
946 		}
947 		/* Retry after parsing leading hostname/key options */
948 		if (public == NULL && (public = try_read_key(&cp)) == NULL) {
949 			debug("%s:%lu: not a public key", path, lnum);
950 			continue;
951 		}
952 
953 		/* Find trailing comment, if any */
954 		for (; *cp == ' ' || *cp == '\t'; cp++)
955 			;
956 		if (*cp != '\0' && *cp != '#')
957 			comment = cp;
958 
959 		fingerprint_one_key(public, comment);
960 		sshkey_free(public);
961 		invalid = 0; /* One good key in the file is sufficient */
962 	}
963 	fclose(f);
964 
965 	if (invalid)
966 		fatal("%s is not a public key file.", path);
967 	exit(0);
968 }
969 
970 static void
971 do_gen_all_hostkeys(struct passwd *pw)
972 {
973 	struct {
974 		char *key_type;
975 		char *key_type_display;
976 		char *path;
977 	} key_types[] = {
978 #ifdef WITH_OPENSSL
979 #ifdef WITH_SSH1
980 		{ "rsa1", "RSA1", _PATH_HOST_KEY_FILE },
981 #endif /* WITH_SSH1 */
982 		{ "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE },
983 		{ "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE },
984 #ifdef OPENSSL_HAS_ECC
985 		{ "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
986 #endif /* OPENSSL_HAS_ECC */
987 #endif /* WITH_OPENSSL */
988 		{ "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
989 		{ NULL, NULL, NULL }
990 	};
991 
992 	int first = 0;
993 	struct stat st;
994 	struct sshkey *private, *public;
995 	char comment[1024];
996 	int i, type, fd, r;
997 	FILE *f;
998 
999 	for (i = 0; key_types[i].key_type; i++) {
1000 		if (stat(key_types[i].path, &st) == 0)
1001 			continue;
1002 		if (errno != ENOENT) {
1003 			error("Could not stat %s: %s", key_types[i].path,
1004 			    strerror(errno));
1005 			first = 0;
1006 			continue;
1007 		}
1008 
1009 		if (first == 0) {
1010 			first = 1;
1011 			printf("%s: generating new host keys: ", __progname);
1012 		}
1013 		printf("%s ", key_types[i].key_type_display);
1014 		fflush(stdout);
1015 		type = sshkey_type_from_name(key_types[i].key_type);
1016 		strlcpy(identity_file, key_types[i].path, sizeof(identity_file));
1017 		bits = 0;
1018 		type_bits_valid(type, NULL, &bits);
1019 		if ((r = sshkey_generate(type, bits, &private)) != 0) {
1020 			error("key_generate failed: %s", ssh_err(r));
1021 			first = 0;
1022 			continue;
1023 		}
1024 		if ((r = sshkey_from_private(private, &public)) != 0)
1025 			fatal("sshkey_from_private failed: %s", ssh_err(r));
1026 		snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
1027 		    hostname);
1028 		if ((r = sshkey_save_private(private, identity_file, "",
1029 		    comment, use_new_format, new_format_cipher, rounds)) != 0) {
1030 			error("Saving key \"%s\" failed: %s",
1031 			    identity_file, ssh_err(r));
1032 			sshkey_free(private);
1033 			sshkey_free(public);
1034 			first = 0;
1035 			continue;
1036 		}
1037 		sshkey_free(private);
1038 		strlcat(identity_file, ".pub", sizeof(identity_file));
1039 		fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
1040 		if (fd == -1) {
1041 			error("Could not save your public key in %s",
1042 			    identity_file);
1043 			sshkey_free(public);
1044 			first = 0;
1045 			continue;
1046 		}
1047 		f = fdopen(fd, "w");
1048 		if (f == NULL) {
1049 			error("fdopen %s failed", identity_file);
1050 			close(fd);
1051 			sshkey_free(public);
1052 			first = 0;
1053 			continue;
1054 		}
1055 		if ((r = sshkey_write(public, f)) != 0) {
1056 			error("write key failed: %s", ssh_err(r));
1057 			fclose(f);
1058 			sshkey_free(public);
1059 			first = 0;
1060 			continue;
1061 		}
1062 		fprintf(f, " %s\n", comment);
1063 		fclose(f);
1064 		sshkey_free(public);
1065 
1066 	}
1067 	if (first != 0)
1068 		printf("\n");
1069 }
1070 
1071 struct known_hosts_ctx {
1072 	const char *host;	/* Hostname searched for in find/delete case */
1073 	FILE *out;		/* Output file, stdout for find_hosts case */
1074 	int has_unhashed;	/* When hashing, original had unhashed hosts */
1075 	int found_key;		/* For find/delete, host was found */
1076 	int invalid;		/* File contained invalid items; don't delete */
1077 };
1078 
1079 static int
1080 known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
1081 {
1082 	struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
1083 	char *hashed, *cp, *hosts, *ohosts;
1084 	int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
1085 
1086 	switch (l->status) {
1087 	case HKF_STATUS_OK:
1088 	case HKF_STATUS_MATCHED:
1089 		/*
1090 		 * Don't hash hosts already already hashed, with wildcard
1091 		 * characters or a CA/revocation marker.
1092 		 */
1093 		if ((l->match & HKF_MATCH_HOST_HASHED) != 0 ||
1094 		    has_wild || l->marker != MRK_NONE) {
1095 			fprintf(ctx->out, "%s\n", l->line);
1096 			if (has_wild && !find_host) {
1097 				logit("%s:%ld: ignoring host name "
1098 				    "with wildcard: %.64s", l->path,
1099 				    l->linenum, l->hosts);
1100 			}
1101 			return 0;
1102 		}
1103 		/*
1104 		 * Split any comma-separated hostnames from the host list,
1105 		 * hash and store separately.
1106 		 */
1107 		ohosts = hosts = xstrdup(l->hosts);
1108 		while ((cp = strsep(&hosts, ",")) != NULL && *cp != '\0') {
1109 			if ((hashed = host_hash(cp, NULL, 0)) == NULL)
1110 				fatal("hash_host failed");
1111 			fprintf(ctx->out, "%s %s\n", hashed, l->rawkey);
1112 			ctx->has_unhashed = 1;
1113 		}
1114 		free(ohosts);
1115 		return 0;
1116 	case HKF_STATUS_INVALID:
1117 		/* Retain invalid lines, but mark file as invalid. */
1118 		ctx->invalid = 1;
1119 		logit("%s:%ld: invalid line", l->path, l->linenum);
1120 		/* FALLTHROUGH */
1121 	default:
1122 		fprintf(ctx->out, "%s\n", l->line);
1123 		return 0;
1124 	}
1125 	/* NOTREACHED */
1126 	return -1;
1127 }
1128 
1129 static int
1130 known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
1131 {
1132 	struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
1133 	enum sshkey_fp_rep rep;
1134 	int fptype;
1135 	char *fp;
1136 
1137 	fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;
1138 	rep =    print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
1139 
1140 	if (l->status == HKF_STATUS_MATCHED) {
1141 		if (delete_host) {
1142 			if (l->marker != MRK_NONE) {
1143 				/* Don't remove CA and revocation lines */
1144 				fprintf(ctx->out, "%s\n", l->line);
1145 			} else {
1146 				/*
1147 				 * Hostname matches and has no CA/revoke
1148 				 * marker, delete it by *not* writing the
1149 				 * line to ctx->out.
1150 				 */
1151 				ctx->found_key = 1;
1152 				if (!quiet)
1153 					printf("# Host %s found: line %ld\n",
1154 					    ctx->host, l->linenum);
1155 			}
1156 			return 0;
1157 		} else if (find_host) {
1158 			ctx->found_key = 1;
1159 			if (!quiet) {
1160 				printf("# Host %s found: line %ld %s\n",
1161 				    ctx->host,
1162 				    l->linenum, l->marker == MRK_CA ? "CA" :
1163 				    (l->marker == MRK_REVOKE ? "REVOKED" : ""));
1164 			}
1165 			if (hash_hosts)
1166 				known_hosts_hash(l, ctx);
1167 			else if (print_fingerprint) {
1168 				fp = sshkey_fingerprint(l->key, fptype, rep);
1169 				printf("%s %s %s %s\n", ctx->host,
1170 				    sshkey_type(l->key), fp, l->comment);
1171 				free(fp);
1172 			} else
1173 				fprintf(ctx->out, "%s\n", l->line);
1174 			return 0;
1175 		}
1176 	} else if (delete_host) {
1177 		/* Retain non-matching hosts when deleting */
1178 		if (l->status == HKF_STATUS_INVALID) {
1179 			ctx->invalid = 1;
1180 			logit("%s:%ld: invalid line", l->path, l->linenum);
1181 		}
1182 		fprintf(ctx->out, "%s\n", l->line);
1183 	}
1184 	return 0;
1185 }
1186 
1187 static void
1188 do_known_hosts(struct passwd *pw, const char *name)
1189 {
1190 	char *cp, tmp[PATH_MAX], old[PATH_MAX];
1191 	int r, fd, oerrno, inplace = 0;
1192 	struct known_hosts_ctx ctx;
1193 	u_int foreach_options;
1194 
1195 	if (!have_identity) {
1196 		cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
1197 		if (strlcpy(identity_file, cp, sizeof(identity_file)) >=
1198 		    sizeof(identity_file))
1199 			fatal("Specified known hosts path too long");
1200 		free(cp);
1201 		have_identity = 1;
1202 	}
1203 
1204 	memset(&ctx, 0, sizeof(ctx));
1205 	ctx.out = stdout;
1206 	ctx.host = name;
1207 
1208 	/*
1209 	 * Find hosts goes to stdout, hash and deletions happen in-place
1210 	 * A corner case is ssh-keygen -HF foo, which should go to stdout
1211 	 */
1212 	if (!find_host && (hash_hosts || delete_host)) {
1213 		if (strlcpy(tmp, identity_file, sizeof(tmp)) >= sizeof(tmp) ||
1214 		    strlcat(tmp, ".XXXXXXXXXX", sizeof(tmp)) >= sizeof(tmp) ||
1215 		    strlcpy(old, identity_file, sizeof(old)) >= sizeof(old) ||
1216 		    strlcat(old, ".old", sizeof(old)) >= sizeof(old))
1217 			fatal("known_hosts path too long");
1218 		umask(077);
1219 		if ((fd = mkstemp(tmp)) == -1)
1220 			fatal("mkstemp: %s", strerror(errno));
1221 		if ((ctx.out = fdopen(fd, "w")) == NULL) {
1222 			oerrno = errno;
1223 			unlink(tmp);
1224 			fatal("fdopen: %s", strerror(oerrno));
1225 		}
1226 		inplace = 1;
1227 	}
1228 
1229 	/* XXX support identity_file == "-" for stdin */
1230 	foreach_options = find_host ? HKF_WANT_MATCH : 0;
1231 	foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0;
1232 	if ((r = hostkeys_foreach(identity_file,
1233 	    hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx,
1234 	    name, NULL, foreach_options)) != 0) {
1235 		if (inplace)
1236 			unlink(tmp);
1237 		fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));
1238 	}
1239 
1240 	if (inplace)
1241 		fclose(ctx.out);
1242 
1243 	if (ctx.invalid) {
1244 		error("%s is not a valid known_hosts file.", identity_file);
1245 		if (inplace) {
1246 			error("Not replacing existing known_hosts "
1247 			    "file because of errors");
1248 			unlink(tmp);
1249 		}
1250 		exit(1);
1251 	} else if (delete_host && !ctx.found_key) {
1252 		logit("Host %s not found in %s", name, identity_file);
1253 		if (inplace)
1254 			unlink(tmp);
1255 	} else if (inplace) {
1256 		/* Backup existing file */
1257 		if (unlink(old) == -1 && errno != ENOENT)
1258 			fatal("unlink %.100s: %s", old, strerror(errno));
1259 		if (link(identity_file, old) == -1)
1260 			fatal("link %.100s to %.100s: %s", identity_file, old,
1261 			    strerror(errno));
1262 		/* Move new one into place */
1263 		if (rename(tmp, identity_file) == -1) {
1264 			error("rename\"%s\" to \"%s\": %s", tmp, identity_file,
1265 			    strerror(errno));
1266 			unlink(tmp);
1267 			unlink(old);
1268 			exit(1);
1269 		}
1270 
1271 		printf("%s updated.\n", identity_file);
1272 		printf("Original contents retained as %s\n", old);
1273 		if (ctx.has_unhashed) {
1274 			logit("WARNING: %s contains unhashed entries", old);
1275 			logit("Delete this file to ensure privacy "
1276 			    "of hostnames");
1277 		}
1278 	}
1279 
1280 	exit (find_host && !ctx.found_key);
1281 }
1282 
1283 /*
1284  * Perform changing a passphrase.  The argument is the passwd structure
1285  * for the current user.
1286  */
1287 static void
1288 do_change_passphrase(struct passwd *pw)
1289 {
1290 	char *comment;
1291 	char *old_passphrase, *passphrase1, *passphrase2;
1292 	struct stat st;
1293 	struct sshkey *private;
1294 	int r;
1295 
1296 	if (!have_identity)
1297 		ask_filename(pw, "Enter file in which the key is");
1298 	if (stat(identity_file, &st) < 0)
1299 		fatal("%s: %s", identity_file, strerror(errno));
1300 	/* Try to load the file with empty passphrase. */
1301 	r = sshkey_load_private(identity_file, "", &private, &comment);
1302 	if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) {
1303 		if (identity_passphrase)
1304 			old_passphrase = xstrdup(identity_passphrase);
1305 		else
1306 			old_passphrase =
1307 			    read_passphrase("Enter old passphrase: ",
1308 			    RP_ALLOW_STDIN);
1309 		r = sshkey_load_private(identity_file, old_passphrase,
1310 		    &private, &comment);
1311 		explicit_bzero(old_passphrase, strlen(old_passphrase));
1312 		free(old_passphrase);
1313 		if (r != 0)
1314 			goto badkey;
1315 	} else if (r != 0) {
1316  badkey:
1317 		fatal("Failed to load key %s: %s", identity_file, ssh_err(r));
1318 	}
1319 	if (comment)
1320 		printf("Key has comment '%s'\n", comment);
1321 
1322 	/* Ask the new passphrase (twice). */
1323 	if (identity_new_passphrase) {
1324 		passphrase1 = xstrdup(identity_new_passphrase);
1325 		passphrase2 = NULL;
1326 	} else {
1327 		passphrase1 =
1328 			read_passphrase("Enter new passphrase (empty for no "
1329 			    "passphrase): ", RP_ALLOW_STDIN);
1330 		passphrase2 = read_passphrase("Enter same passphrase again: ",
1331 		    RP_ALLOW_STDIN);
1332 
1333 		/* Verify that they are the same. */
1334 		if (strcmp(passphrase1, passphrase2) != 0) {
1335 			explicit_bzero(passphrase1, strlen(passphrase1));
1336 			explicit_bzero(passphrase2, strlen(passphrase2));
1337 			free(passphrase1);
1338 			free(passphrase2);
1339 			printf("Pass phrases do not match.  Try again.\n");
1340 			exit(1);
1341 		}
1342 		/* Destroy the other copy. */
1343 		explicit_bzero(passphrase2, strlen(passphrase2));
1344 		free(passphrase2);
1345 	}
1346 
1347 	/* Save the file using the new passphrase. */
1348 	if ((r = sshkey_save_private(private, identity_file, passphrase1,
1349 	    comment, use_new_format, new_format_cipher, rounds)) != 0) {
1350 		error("Saving key \"%s\" failed: %s.",
1351 		    identity_file, ssh_err(r));
1352 		explicit_bzero(passphrase1, strlen(passphrase1));
1353 		free(passphrase1);
1354 		sshkey_free(private);
1355 		free(comment);
1356 		exit(1);
1357 	}
1358 	/* Destroy the passphrase and the copy of the key in memory. */
1359 	explicit_bzero(passphrase1, strlen(passphrase1));
1360 	free(passphrase1);
1361 	sshkey_free(private);		 /* Destroys contents */
1362 	free(comment);
1363 
1364 	printf("Your identification has been saved with the new passphrase.\n");
1365 	exit(0);
1366 }
1367 
1368 /*
1369  * Print the SSHFP RR.
1370  */
1371 static int
1372 do_print_resource_record(struct passwd *pw, char *fname, char *hname)
1373 {
1374 	struct sshkey *public;
1375 	char *comment = NULL;
1376 	struct stat st;
1377 	int r;
1378 
1379 	if (fname == NULL)
1380 		fatal("%s: no filename", __func__);
1381 	if (stat(fname, &st) < 0) {
1382 		if (errno == ENOENT)
1383 			return 0;
1384 		fatal("%s: %s", fname, strerror(errno));
1385 	}
1386 	if ((r = sshkey_load_public(fname, &public, &comment)) != 0)
1387 		fatal("Failed to read v2 public key from \"%s\": %s.",
1388 		    fname, ssh_err(r));
1389 	export_dns_rr(hname, public, stdout, print_generic);
1390 	sshkey_free(public);
1391 	free(comment);
1392 	return 1;
1393 }
1394 
1395 /*
1396  * Change the comment of a private key file.
1397  */
1398 static void
1399 do_change_comment(struct passwd *pw)
1400 {
1401 	char new_comment[1024], *comment, *passphrase;
1402 	struct sshkey *private;
1403 	struct sshkey *public;
1404 	struct stat st;
1405 	FILE *f;
1406 	int r, fd;
1407 
1408 	if (!have_identity)
1409 		ask_filename(pw, "Enter file in which the key is");
1410 	if (stat(identity_file, &st) < 0)
1411 		fatal("%s: %s", identity_file, strerror(errno));
1412 	if ((r = sshkey_load_private(identity_file, "",
1413 	    &private, &comment)) == 0)
1414 		passphrase = xstrdup("");
1415 	else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
1416 		fatal("Cannot load private key \"%s\": %s.",
1417 		    identity_file, ssh_err(r));
1418 	else {
1419 		if (identity_passphrase)
1420 			passphrase = xstrdup(identity_passphrase);
1421 		else if (identity_new_passphrase)
1422 			passphrase = xstrdup(identity_new_passphrase);
1423 		else
1424 			passphrase = read_passphrase("Enter passphrase: ",
1425 			    RP_ALLOW_STDIN);
1426 		/* Try to load using the passphrase. */
1427 		if ((r = sshkey_load_private(identity_file, passphrase,
1428 		    &private, &comment)) != 0) {
1429 			explicit_bzero(passphrase, strlen(passphrase));
1430 			free(passphrase);
1431 			fatal("Cannot load private key \"%s\": %s.",
1432 			    identity_file, ssh_err(r));
1433 		}
1434 	}
1435 
1436 	if (private->type != KEY_RSA1 && private->type != KEY_ED25519 &&
1437 	    !use_new_format) {
1438 		error("Comments are only supported for RSA1 or keys stored in "
1439 		    "the new format (-o).");
1440 		explicit_bzero(passphrase, strlen(passphrase));
1441 		sshkey_free(private);
1442 		exit(1);
1443 	}
1444 	printf("Key now has comment '%s'\n", comment);
1445 
1446 	if (identity_comment) {
1447 		strlcpy(new_comment, identity_comment, sizeof(new_comment));
1448 	} else {
1449 		printf("Enter new comment: ");
1450 		fflush(stdout);
1451 		if (!fgets(new_comment, sizeof(new_comment), stdin)) {
1452 			explicit_bzero(passphrase, strlen(passphrase));
1453 			sshkey_free(private);
1454 			exit(1);
1455 		}
1456 		new_comment[strcspn(new_comment, "\n")] = '\0';
1457 	}
1458 
1459 	/* Save the file using the new passphrase. */
1460 	if ((r = sshkey_save_private(private, identity_file, passphrase,
1461 	    new_comment, use_new_format, new_format_cipher, rounds)) != 0) {
1462 		error("Saving key \"%s\" failed: %s",
1463 		    identity_file, ssh_err(r));
1464 		explicit_bzero(passphrase, strlen(passphrase));
1465 		free(passphrase);
1466 		sshkey_free(private);
1467 		free(comment);
1468 		exit(1);
1469 	}
1470 	explicit_bzero(passphrase, strlen(passphrase));
1471 	free(passphrase);
1472 	if ((r = sshkey_from_private(private, &public)) != 0)
1473 		fatal("key_from_private failed: %s", ssh_err(r));
1474 	sshkey_free(private);
1475 
1476 	strlcat(identity_file, ".pub", sizeof(identity_file));
1477 	fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
1478 	if (fd == -1)
1479 		fatal("Could not save your public key in %s", identity_file);
1480 	f = fdopen(fd, "w");
1481 	if (f == NULL)
1482 		fatal("fdopen %s failed: %s", identity_file, strerror(errno));
1483 	if ((r = sshkey_write(public, f)) != 0)
1484 		fatal("write key failed: %s", ssh_err(r));
1485 	sshkey_free(public);
1486 	fprintf(f, " %s\n", new_comment);
1487 	fclose(f);
1488 
1489 	free(comment);
1490 
1491 	printf("The comment in your key file has been changed.\n");
1492 	exit(0);
1493 }
1494 
1495 static void
1496 add_flag_option(struct sshbuf *c, const char *name)
1497 {
1498 	int r;
1499 
1500 	debug3("%s: %s", __func__, name);
1501 	if ((r = sshbuf_put_cstring(c, name)) != 0 ||
1502 	    (r = sshbuf_put_string(c, NULL, 0)) != 0)
1503 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
1504 }
1505 
1506 static void
1507 add_string_option(struct sshbuf *c, const char *name, const char *value)
1508 {
1509 	struct sshbuf *b;
1510 	int r;
1511 
1512 	debug3("%s: %s=%s", __func__, name, value);
1513 	if ((b = sshbuf_new()) == NULL)
1514 		fatal("%s: sshbuf_new failed", __func__);
1515 	if ((r = sshbuf_put_cstring(b, value)) != 0 ||
1516 	    (r = sshbuf_put_cstring(c, name)) != 0 ||
1517 	    (r = sshbuf_put_stringb(c, b)) != 0)
1518 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
1519 
1520 	sshbuf_free(b);
1521 }
1522 
1523 #define OPTIONS_CRITICAL	1
1524 #define OPTIONS_EXTENSIONS	2
1525 static void
1526 prepare_options_buf(struct sshbuf *c, int which)
1527 {
1528 	sshbuf_reset(c);
1529 	if ((which & OPTIONS_CRITICAL) != 0 &&
1530 	    certflags_command != NULL)
1531 		add_string_option(c, "force-command", certflags_command);
1532 	if ((which & OPTIONS_EXTENSIONS) != 0 &&
1533 	    (certflags_flags & CERTOPT_X_FWD) != 0)
1534 		add_flag_option(c, "permit-X11-forwarding");
1535 	if ((which & OPTIONS_EXTENSIONS) != 0 &&
1536 	    (certflags_flags & CERTOPT_AGENT_FWD) != 0)
1537 		add_flag_option(c, "permit-agent-forwarding");
1538 	if ((which & OPTIONS_EXTENSIONS) != 0 &&
1539 	    (certflags_flags & CERTOPT_PORT_FWD) != 0)
1540 		add_flag_option(c, "permit-port-forwarding");
1541 	if ((which & OPTIONS_EXTENSIONS) != 0 &&
1542 	    (certflags_flags & CERTOPT_PTY) != 0)
1543 		add_flag_option(c, "permit-pty");
1544 	if ((which & OPTIONS_EXTENSIONS) != 0 &&
1545 	    (certflags_flags & CERTOPT_USER_RC) != 0)
1546 		add_flag_option(c, "permit-user-rc");
1547 	if ((which & OPTIONS_CRITICAL) != 0 &&
1548 	    certflags_src_addr != NULL)
1549 		add_string_option(c, "source-address", certflags_src_addr);
1550 }
1551 
1552 static struct sshkey *
1553 load_pkcs11_key(char *path)
1554 {
1555 #ifdef ENABLE_PKCS11
1556 	struct sshkey **keys = NULL, *public, *private = NULL;
1557 	int r, i, nkeys;
1558 
1559 	if ((r = sshkey_load_public(path, &public, NULL)) != 0)
1560 		fatal("Couldn't load CA public key \"%s\": %s",
1561 		    path, ssh_err(r));
1562 
1563 	nkeys = pkcs11_add_provider(pkcs11provider, identity_passphrase, &keys);
1564 	debug3("%s: %d keys", __func__, nkeys);
1565 	if (nkeys <= 0)
1566 		fatal("cannot read public key from pkcs11");
1567 	for (i = 0; i < nkeys; i++) {
1568 		if (sshkey_equal_public(public, keys[i])) {
1569 			private = keys[i];
1570 			continue;
1571 		}
1572 		sshkey_free(keys[i]);
1573 	}
1574 	free(keys);
1575 	sshkey_free(public);
1576 	return private;
1577 #else
1578 	fatal("no pkcs11 support");
1579 #endif /* ENABLE_PKCS11 */
1580 }
1581 
1582 static void
1583 do_ca_sign(struct passwd *pw, int argc, char **argv)
1584 {
1585 	int r, i, fd;
1586 	u_int n;
1587 	struct sshkey *ca, *public;
1588 	char valid[64], *otmp, *tmp, *cp, *out, *comment, **plist = NULL;
1589 	FILE *f;
1590 
1591 #ifdef ENABLE_PKCS11
1592 	pkcs11_init(1);
1593 #endif
1594 	tmp = tilde_expand_filename(ca_key_path, pw->pw_uid);
1595 	if (pkcs11provider != NULL) {
1596 		if ((ca = load_pkcs11_key(tmp)) == NULL)
1597 			fatal("No PKCS#11 key matching %s found", ca_key_path);
1598 	} else
1599 		ca = load_identity(tmp);
1600 	free(tmp);
1601 
1602 	if (key_type_name != NULL &&
1603 	    sshkey_type_from_name(key_type_name) != ca->type)  {
1604 		fatal("CA key type %s doesn't match specified %s",
1605 		    sshkey_ssh_name(ca), key_type_name);
1606 	}
1607 
1608 	for (i = 0; i < argc; i++) {
1609 		/* Split list of principals */
1610 		n = 0;
1611 		if (cert_principals != NULL) {
1612 			otmp = tmp = xstrdup(cert_principals);
1613 			plist = NULL;
1614 			for (; (cp = strsep(&tmp, ",")) != NULL; n++) {
1615 				plist = xreallocarray(plist, n + 1, sizeof(*plist));
1616 				if (*(plist[n] = xstrdup(cp)) == '\0')
1617 					fatal("Empty principal name");
1618 			}
1619 			free(otmp);
1620 		}
1621 
1622 		tmp = tilde_expand_filename(argv[i], pw->pw_uid);
1623 		if ((r = sshkey_load_public(tmp, &public, &comment)) != 0)
1624 			fatal("%s: unable to open \"%s\": %s",
1625 			    __func__, tmp, ssh_err(r));
1626 		if (public->type != KEY_RSA && public->type != KEY_DSA &&
1627 		    public->type != KEY_ECDSA && public->type != KEY_ED25519)
1628 			fatal("%s: key \"%s\" type %s cannot be certified",
1629 			    __func__, tmp, sshkey_type(public));
1630 
1631 		/* Prepare certificate to sign */
1632 		if ((r = sshkey_to_certified(public)) != 0)
1633 			fatal("Could not upgrade key %s to certificate: %s",
1634 			    tmp, ssh_err(r));
1635 		public->cert->type = cert_key_type;
1636 		public->cert->serial = (u_int64_t)cert_serial;
1637 		public->cert->key_id = xstrdup(cert_key_id);
1638 		public->cert->nprincipals = n;
1639 		public->cert->principals = plist;
1640 		public->cert->valid_after = cert_valid_from;
1641 		public->cert->valid_before = cert_valid_to;
1642 		prepare_options_buf(public->cert->critical, OPTIONS_CRITICAL);
1643 		prepare_options_buf(public->cert->extensions,
1644 		    OPTIONS_EXTENSIONS);
1645 		if ((r = sshkey_from_private(ca,
1646 		    &public->cert->signature_key)) != 0)
1647 			fatal("key_from_private (ca key): %s", ssh_err(r));
1648 
1649 		if ((r = sshkey_certify(public, ca, key_type_name)) != 0)
1650 			fatal("Couldn't certify key %s: %s", tmp, ssh_err(r));
1651 
1652 		if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0)
1653 			*cp = '\0';
1654 		xasprintf(&out, "%s-cert.pub", tmp);
1655 		free(tmp);
1656 
1657 		if ((fd = open(out, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
1658 			fatal("Could not open \"%s\" for writing: %s", out,
1659 			    strerror(errno));
1660 		if ((f = fdopen(fd, "w")) == NULL)
1661 			fatal("%s: fdopen: %s", __func__, strerror(errno));
1662 		if ((r = sshkey_write(public, f)) != 0)
1663 			fatal("Could not write certified key to %s: %s",
1664 			    out, ssh_err(r));
1665 		fprintf(f, " %s\n", comment);
1666 		fclose(f);
1667 
1668 		if (!quiet) {
1669 			sshkey_format_cert_validity(public->cert,
1670 			    valid, sizeof(valid));
1671 			logit("Signed %s key %s: id \"%s\" serial %llu%s%s "
1672 			    "valid %s", sshkey_cert_type(public),
1673 			    out, public->cert->key_id,
1674 			    (unsigned long long)public->cert->serial,
1675 			    cert_principals != NULL ? " for " : "",
1676 			    cert_principals != NULL ? cert_principals : "",
1677 			    valid);
1678 		}
1679 
1680 		sshkey_free(public);
1681 		free(out);
1682 	}
1683 #ifdef ENABLE_PKCS11
1684 	pkcs11_terminate();
1685 #endif
1686 	exit(0);
1687 }
1688 
1689 static u_int64_t
1690 parse_relative_time(const char *s, time_t now)
1691 {
1692 	int64_t mul, secs;
1693 
1694 	mul = *s == '-' ? -1 : 1;
1695 
1696 	if ((secs = convtime(s + 1)) == -1)
1697 		fatal("Invalid relative certificate time %s", s);
1698 	if (mul == -1 && secs > now)
1699 		fatal("Certificate time %s cannot be represented", s);
1700 	return now + (u_int64_t)(secs * mul);
1701 }
1702 
1703 static u_int64_t
1704 parse_absolute_time(const char *s)
1705 {
1706 	struct tm tm;
1707 	time_t tt;
1708 	char buf[32], *fmt;
1709 
1710 	/*
1711 	 * POSIX strptime says "The application shall ensure that there
1712 	 * is white-space or other non-alphanumeric characters between
1713 	 * any two conversion specifications" so arrange things this way.
1714 	 */
1715 	switch (strlen(s)) {
1716 	case 8:
1717 		fmt = "%Y-%m-%d";
1718 		snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2s", s, s + 4, s + 6);
1719 		break;
1720 	case 14:
1721 		fmt = "%Y-%m-%dT%H:%M:%S";
1722 		snprintf(buf, sizeof(buf), "%.4s-%.2s-%.2sT%.2s:%.2s:%.2s",
1723 		    s, s + 4, s + 6, s + 8, s + 10, s + 12);
1724 		break;
1725 	default:
1726 		fatal("Invalid certificate time format %s", s);
1727 	}
1728 
1729 	memset(&tm, 0, sizeof(tm));
1730 	if (strptime(buf, fmt, &tm) == NULL)
1731 		fatal("Invalid certificate time %s", s);
1732 	if ((tt = mktime(&tm)) < 0)
1733 		fatal("Certificate time %s cannot be represented", s);
1734 	return (u_int64_t)tt;
1735 }
1736 
1737 static void
1738 parse_cert_times(char *timespec)
1739 {
1740 	char *from, *to;
1741 	time_t now = time(NULL);
1742 	int64_t secs;
1743 
1744 	/* +timespec relative to now */
1745 	if (*timespec == '+' && strchr(timespec, ':') == NULL) {
1746 		if ((secs = convtime(timespec + 1)) == -1)
1747 			fatal("Invalid relative certificate life %s", timespec);
1748 		cert_valid_to = now + secs;
1749 		/*
1750 		 * Backdate certificate one minute to avoid problems on hosts
1751 		 * with poorly-synchronised clocks.
1752 		 */
1753 		cert_valid_from = ((now - 59)/ 60) * 60;
1754 		return;
1755 	}
1756 
1757 	/*
1758 	 * from:to, where
1759 	 * from := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS
1760 	 *   to := [+-]timespec | YYYYMMDD | YYYYMMDDHHMMSS
1761 	 */
1762 	from = xstrdup(timespec);
1763 	to = strchr(from, ':');
1764 	if (to == NULL || from == to || *(to + 1) == '\0')
1765 		fatal("Invalid certificate life specification %s", timespec);
1766 	*to++ = '\0';
1767 
1768 	if (*from == '-' || *from == '+')
1769 		cert_valid_from = parse_relative_time(from, now);
1770 	else
1771 		cert_valid_from = parse_absolute_time(from);
1772 
1773 	if (*to == '-' || *to == '+')
1774 		cert_valid_to = parse_relative_time(to, now);
1775 	else
1776 		cert_valid_to = parse_absolute_time(to);
1777 
1778 	if (cert_valid_to <= cert_valid_from)
1779 		fatal("Empty certificate validity interval");
1780 	free(from);
1781 }
1782 
1783 static void
1784 add_cert_option(char *opt)
1785 {
1786 	char *val;
1787 
1788 	if (strcasecmp(opt, "clear") == 0)
1789 		certflags_flags = 0;
1790 	else if (strcasecmp(opt, "no-x11-forwarding") == 0)
1791 		certflags_flags &= ~CERTOPT_X_FWD;
1792 	else if (strcasecmp(opt, "permit-x11-forwarding") == 0)
1793 		certflags_flags |= CERTOPT_X_FWD;
1794 	else if (strcasecmp(opt, "no-agent-forwarding") == 0)
1795 		certflags_flags &= ~CERTOPT_AGENT_FWD;
1796 	else if (strcasecmp(opt, "permit-agent-forwarding") == 0)
1797 		certflags_flags |= CERTOPT_AGENT_FWD;
1798 	else if (strcasecmp(opt, "no-port-forwarding") == 0)
1799 		certflags_flags &= ~CERTOPT_PORT_FWD;
1800 	else if (strcasecmp(opt, "permit-port-forwarding") == 0)
1801 		certflags_flags |= CERTOPT_PORT_FWD;
1802 	else if (strcasecmp(opt, "no-pty") == 0)
1803 		certflags_flags &= ~CERTOPT_PTY;
1804 	else if (strcasecmp(opt, "permit-pty") == 0)
1805 		certflags_flags |= CERTOPT_PTY;
1806 	else if (strcasecmp(opt, "no-user-rc") == 0)
1807 		certflags_flags &= ~CERTOPT_USER_RC;
1808 	else if (strcasecmp(opt, "permit-user-rc") == 0)
1809 		certflags_flags |= CERTOPT_USER_RC;
1810 	else if (strncasecmp(opt, "force-command=", 14) == 0) {
1811 		val = opt + 14;
1812 		if (*val == '\0')
1813 			fatal("Empty force-command option");
1814 		if (certflags_command != NULL)
1815 			fatal("force-command already specified");
1816 		certflags_command = xstrdup(val);
1817 	} else if (strncasecmp(opt, "source-address=", 15) == 0) {
1818 		val = opt + 15;
1819 		if (*val == '\0')
1820 			fatal("Empty source-address option");
1821 		if (certflags_src_addr != NULL)
1822 			fatal("source-address already specified");
1823 		if (addr_match_cidr_list(NULL, val) != 0)
1824 			fatal("Invalid source-address list");
1825 		certflags_src_addr = xstrdup(val);
1826 	} else
1827 		fatal("Unsupported certificate option \"%s\"", opt);
1828 }
1829 
1830 static void
1831 show_options(struct sshbuf *optbuf, int in_critical)
1832 {
1833 	char *name, *arg;
1834 	struct sshbuf *options, *option = NULL;
1835 	int r;
1836 
1837 	if ((options = sshbuf_fromb(optbuf)) == NULL)
1838 		fatal("%s: sshbuf_fromb failed", __func__);
1839 	while (sshbuf_len(options) != 0) {
1840 		sshbuf_free(option);
1841 		option = NULL;
1842 		if ((r = sshbuf_get_cstring(options, &name, NULL)) != 0 ||
1843 		    (r = sshbuf_froms(options, &option)) != 0)
1844 			fatal("%s: buffer error: %s", __func__, ssh_err(r));
1845 		printf("                %s", name);
1846 		if (!in_critical &&
1847 		    (strcmp(name, "permit-X11-forwarding") == 0 ||
1848 		    strcmp(name, "permit-agent-forwarding") == 0 ||
1849 		    strcmp(name, "permit-port-forwarding") == 0 ||
1850 		    strcmp(name, "permit-pty") == 0 ||
1851 		    strcmp(name, "permit-user-rc") == 0))
1852 			printf("\n");
1853 		else if (in_critical &&
1854 		    (strcmp(name, "force-command") == 0 ||
1855 		    strcmp(name, "source-address") == 0)) {
1856 			if ((r = sshbuf_get_cstring(option, &arg, NULL)) != 0)
1857 				fatal("%s: buffer error: %s",
1858 				    __func__, ssh_err(r));
1859 			printf(" %s\n", arg);
1860 			free(arg);
1861 		} else {
1862 			printf(" UNKNOWN OPTION (len %zu)\n",
1863 			    sshbuf_len(option));
1864 			sshbuf_reset(option);
1865 		}
1866 		free(name);
1867 		if (sshbuf_len(option) != 0)
1868 			fatal("Option corrupt: extra data at end");
1869 	}
1870 	sshbuf_free(option);
1871 	sshbuf_free(options);
1872 }
1873 
1874 static void
1875 print_cert(struct sshkey *key)
1876 {
1877 	char valid[64], *key_fp, *ca_fp;
1878 	u_int i;
1879 
1880 	key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT);
1881 	ca_fp = sshkey_fingerprint(key->cert->signature_key,
1882 	    fingerprint_hash, SSH_FP_DEFAULT);
1883 	if (key_fp == NULL || ca_fp == NULL)
1884 		fatal("%s: sshkey_fingerprint fail", __func__);
1885 	sshkey_format_cert_validity(key->cert, valid, sizeof(valid));
1886 
1887 	printf("        Type: %s %s certificate\n", sshkey_ssh_name(key),
1888 	    sshkey_cert_type(key));
1889 	printf("        Public key: %s %s\n", sshkey_type(key), key_fp);
1890 	printf("        Signing CA: %s %s\n",
1891 	    sshkey_type(key->cert->signature_key), ca_fp);
1892 	printf("        Key ID: \"%s\"\n", key->cert->key_id);
1893 	printf("        Serial: %llu\n", (unsigned long long)key->cert->serial);
1894 	printf("        Valid: %s\n", valid);
1895 	printf("        Principals: ");
1896 	if (key->cert->nprincipals == 0)
1897 		printf("(none)\n");
1898 	else {
1899 		for (i = 0; i < key->cert->nprincipals; i++)
1900 			printf("\n                %s",
1901 			    key->cert->principals[i]);
1902 		printf("\n");
1903 	}
1904 	printf("        Critical Options: ");
1905 	if (sshbuf_len(key->cert->critical) == 0)
1906 		printf("(none)\n");
1907 	else {
1908 		printf("\n");
1909 		show_options(key->cert->critical, 1);
1910 	}
1911 	printf("        Extensions: ");
1912 	if (sshbuf_len(key->cert->extensions) == 0)
1913 		printf("(none)\n");
1914 	else {
1915 		printf("\n");
1916 		show_options(key->cert->extensions, 0);
1917 	}
1918 }
1919 
1920 static void
1921 do_show_cert(struct passwd *pw)
1922 {
1923 	struct sshkey *key = NULL;
1924 	struct stat st;
1925 	int r, is_stdin = 0, ok = 0;
1926 	FILE *f;
1927 	char *cp, line[SSH_MAX_PUBKEY_BYTES];
1928 	const char *path;
1929 	u_long lnum = 0;
1930 
1931 	if (!have_identity)
1932 		ask_filename(pw, "Enter file in which the key is");
1933 	if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) < 0)
1934 		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
1935 
1936 	path = identity_file;
1937 	if (strcmp(path, "-") == 0) {
1938 		f = stdin;
1939 		path = "(stdin)";
1940 		is_stdin = 1;
1941 	} else if ((f = fopen(identity_file, "r")) == NULL)
1942 		fatal("fopen %s: %s", identity_file, strerror(errno));
1943 
1944 	while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) {
1945 		sshkey_free(key);
1946 		key = NULL;
1947 		/* Trim leading space and comments */
1948 		cp = line + strspn(line, " \t");
1949 		if (*cp == '#' || *cp == '\0')
1950 			continue;
1951 		if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
1952 			fatal("key_new");
1953 		if ((r = sshkey_read(key, &cp)) != 0) {
1954 			error("%s:%lu: invalid key: %s", path,
1955 			    lnum, ssh_err(r));
1956 			continue;
1957 		}
1958 		if (!sshkey_is_cert(key)) {
1959 			error("%s:%lu is not a certificate", path, lnum);
1960 			continue;
1961 		}
1962 		ok = 1;
1963 		if (!is_stdin && lnum == 1)
1964 			printf("%s:\n", path);
1965 		else
1966 			printf("%s:%lu:\n", path, lnum);
1967 		print_cert(key);
1968 	}
1969 	sshkey_free(key);
1970 	fclose(f);
1971 	exit(ok ? 0 : 1);
1972 }
1973 
1974 static void
1975 load_krl(const char *path, struct ssh_krl **krlp)
1976 {
1977 	struct sshbuf *krlbuf;
1978 	int r, fd;
1979 
1980 	if ((krlbuf = sshbuf_new()) == NULL)
1981 		fatal("sshbuf_new failed");
1982 	if ((fd = open(path, O_RDONLY)) == -1)
1983 		fatal("open %s: %s", path, strerror(errno));
1984 	if ((r = sshkey_load_file(fd, krlbuf)) != 0)
1985 		fatal("Unable to load KRL: %s", ssh_err(r));
1986 	close(fd);
1987 	/* XXX check sigs */
1988 	if ((r = ssh_krl_from_blob(krlbuf, krlp, NULL, 0)) != 0 ||
1989 	    *krlp == NULL)
1990 		fatal("Invalid KRL file: %s", ssh_err(r));
1991 	sshbuf_free(krlbuf);
1992 }
1993 
1994 static void
1995 update_krl_from_file(struct passwd *pw, const char *file, int wild_ca,
1996     const struct sshkey *ca, struct ssh_krl *krl)
1997 {
1998 	struct sshkey *key = NULL;
1999 	u_long lnum = 0;
2000 	char *path, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES];
2001 	unsigned long long serial, serial2;
2002 	int i, was_explicit_key, was_sha1, r;
2003 	FILE *krl_spec;
2004 
2005 	path = tilde_expand_filename(file, pw->pw_uid);
2006 	if (strcmp(path, "-") == 0) {
2007 		krl_spec = stdin;
2008 		free(path);
2009 		path = xstrdup("(standard input)");
2010 	} else if ((krl_spec = fopen(path, "r")) == NULL)
2011 		fatal("fopen %s: %s", path, strerror(errno));
2012 
2013 	if (!quiet)
2014 		printf("Revoking from %s\n", path);
2015 	while (read_keyfile_line(krl_spec, path, line, sizeof(line),
2016 	    &lnum) == 0) {
2017 		was_explicit_key = was_sha1 = 0;
2018 		cp = line + strspn(line, " \t");
2019 		/* Trim trailing space, comments and strip \n */
2020 		for (i = 0, r = -1; cp[i] != '\0'; i++) {
2021 			if (cp[i] == '#' || cp[i] == '\n') {
2022 				cp[i] = '\0';
2023 				break;
2024 			}
2025 			if (cp[i] == ' ' || cp[i] == '\t') {
2026 				/* Remember the start of a span of whitespace */
2027 				if (r == -1)
2028 					r = i;
2029 			} else
2030 				r = -1;
2031 		}
2032 		if (r != -1)
2033 			cp[r] = '\0';
2034 		if (*cp == '\0')
2035 			continue;
2036 		if (strncasecmp(cp, "serial:", 7) == 0) {
2037 			if (ca == NULL && !wild_ca) {
2038 				fatal("revoking certificates by serial number "
2039 				    "requires specification of a CA key");
2040 			}
2041 			cp += 7;
2042 			cp = cp + strspn(cp, " \t");
2043 			errno = 0;
2044 			serial = strtoull(cp, &ep, 0);
2045 			if (*cp == '\0' || (*ep != '\0' && *ep != '-'))
2046 				fatal("%s:%lu: invalid serial \"%s\"",
2047 				    path, lnum, cp);
2048 			if (errno == ERANGE && serial == ULLONG_MAX)
2049 				fatal("%s:%lu: serial out of range",
2050 				    path, lnum);
2051 			serial2 = serial;
2052 			if (*ep == '-') {
2053 				cp = ep + 1;
2054 				errno = 0;
2055 				serial2 = strtoull(cp, &ep, 0);
2056 				if (*cp == '\0' || *ep != '\0')
2057 					fatal("%s:%lu: invalid serial \"%s\"",
2058 					    path, lnum, cp);
2059 				if (errno == ERANGE && serial2 == ULLONG_MAX)
2060 					fatal("%s:%lu: serial out of range",
2061 					    path, lnum);
2062 				if (serial2 <= serial)
2063 					fatal("%s:%lu: invalid serial range "
2064 					    "%llu:%llu", path, lnum,
2065 					    (unsigned long long)serial,
2066 					    (unsigned long long)serial2);
2067 			}
2068 			if (ssh_krl_revoke_cert_by_serial_range(krl,
2069 			    ca, serial, serial2) != 0) {
2070 				fatal("%s: revoke serial failed",
2071 				    __func__);
2072 			}
2073 		} else if (strncasecmp(cp, "id:", 3) == 0) {
2074 			if (ca == NULL && !wild_ca) {
2075 				fatal("revoking certificates by key ID "
2076 				    "requires specification of a CA key");
2077 			}
2078 			cp += 3;
2079 			cp = cp + strspn(cp, " \t");
2080 			if (ssh_krl_revoke_cert_by_key_id(krl, ca, cp) != 0)
2081 				fatal("%s: revoke key ID failed", __func__);
2082 		} else {
2083 			if (strncasecmp(cp, "key:", 4) == 0) {
2084 				cp += 4;
2085 				cp = cp + strspn(cp, " \t");
2086 				was_explicit_key = 1;
2087 			} else if (strncasecmp(cp, "sha1:", 5) == 0) {
2088 				cp += 5;
2089 				cp = cp + strspn(cp, " \t");
2090 				was_sha1 = 1;
2091 			} else {
2092 				/*
2093 				 * Just try to process the line as a key.
2094 				 * Parsing will fail if it isn't.
2095 				 */
2096 			}
2097 			if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
2098 				fatal("key_new");
2099 			if ((r = sshkey_read(key, &cp)) != 0)
2100 				fatal("%s:%lu: invalid key: %s",
2101 				    path, lnum, ssh_err(r));
2102 			if (was_explicit_key)
2103 				r = ssh_krl_revoke_key_explicit(krl, key);
2104 			else if (was_sha1)
2105 				r = ssh_krl_revoke_key_sha1(krl, key);
2106 			else
2107 				r = ssh_krl_revoke_key(krl, key);
2108 			if (r != 0)
2109 				fatal("%s: revoke key failed: %s",
2110 				    __func__, ssh_err(r));
2111 			sshkey_free(key);
2112 		}
2113 	}
2114 	if (strcmp(path, "-") != 0)
2115 		fclose(krl_spec);
2116 	free(path);
2117 }
2118 
2119 static void
2120 do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
2121 {
2122 	struct ssh_krl *krl;
2123 	struct stat sb;
2124 	struct sshkey *ca = NULL;
2125 	int fd, i, r, wild_ca = 0;
2126 	char *tmp;
2127 	struct sshbuf *kbuf;
2128 
2129 	if (*identity_file == '\0')
2130 		fatal("KRL generation requires an output file");
2131 	if (stat(identity_file, &sb) == -1) {
2132 		if (errno != ENOENT)
2133 			fatal("Cannot access KRL \"%s\": %s",
2134 			    identity_file, strerror(errno));
2135 		if (updating)
2136 			fatal("KRL \"%s\" does not exist", identity_file);
2137 	}
2138 	if (ca_key_path != NULL) {
2139 		if (strcasecmp(ca_key_path, "none") == 0)
2140 			wild_ca = 1;
2141 		else {
2142 			tmp = tilde_expand_filename(ca_key_path, pw->pw_uid);
2143 			if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0)
2144 				fatal("Cannot load CA public key %s: %s",
2145 				    tmp, ssh_err(r));
2146 			free(tmp);
2147 		}
2148 	}
2149 
2150 	if (updating)
2151 		load_krl(identity_file, &krl);
2152 	else if ((krl = ssh_krl_init()) == NULL)
2153 		fatal("couldn't create KRL");
2154 
2155 	if (cert_serial != 0)
2156 		ssh_krl_set_version(krl, cert_serial);
2157 	if (identity_comment != NULL)
2158 		ssh_krl_set_comment(krl, identity_comment);
2159 
2160 	for (i = 0; i < argc; i++)
2161 		update_krl_from_file(pw, argv[i], wild_ca, ca, krl);
2162 
2163 	if ((kbuf = sshbuf_new()) == NULL)
2164 		fatal("sshbuf_new failed");
2165 	if (ssh_krl_to_blob(krl, kbuf, NULL, 0) != 0)
2166 		fatal("Couldn't generate KRL");
2167 	if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
2168 		fatal("open %s: %s", identity_file, strerror(errno));
2169 	if (atomicio(vwrite, fd, (void *)sshbuf_ptr(kbuf), sshbuf_len(kbuf)) !=
2170 	    sshbuf_len(kbuf))
2171 		fatal("write %s: %s", identity_file, strerror(errno));
2172 	close(fd);
2173 	sshbuf_free(kbuf);
2174 	ssh_krl_free(krl);
2175 	sshkey_free(ca);
2176 }
2177 
2178 static void
2179 do_check_krl(struct passwd *pw, int argc, char **argv)
2180 {
2181 	int i, r, ret = 0;
2182 	char *comment;
2183 	struct ssh_krl *krl;
2184 	struct sshkey *k;
2185 
2186 	if (*identity_file == '\0')
2187 		fatal("KRL checking requires an input file");
2188 	load_krl(identity_file, &krl);
2189 	for (i = 0; i < argc; i++) {
2190 		if ((r = sshkey_load_public(argv[i], &k, &comment)) != 0)
2191 			fatal("Cannot load public key %s: %s",
2192 			    argv[i], ssh_err(r));
2193 		r = ssh_krl_check_key(krl, k);
2194 		printf("%s%s%s%s: %s\n", argv[i],
2195 		    *comment ? " (" : "", comment, *comment ? ")" : "",
2196 		    r == 0 ? "ok" : "REVOKED");
2197 		if (r != 0)
2198 			ret = 1;
2199 		sshkey_free(k);
2200 		free(comment);
2201 	}
2202 	ssh_krl_free(krl);
2203 	exit(ret);
2204 }
2205 
2206 static void
2207 usage(void)
2208 {
2209 	fprintf(stderr,
2210 	    "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]\n"
2211 	    "                  [-N new_passphrase] [-C comment] [-f output_keyfile]\n"
2212 	    "       ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n"
2213 	    "       ssh-keygen -i [-m key_format] [-f input_keyfile]\n"
2214 	    "       ssh-keygen -e [-m key_format] [-f input_keyfile]\n"
2215 	    "       ssh-keygen -y [-f input_keyfile]\n"
2216 	    "       ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n"
2217 	    "       ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n"
2218 	    "       ssh-keygen -B [-f input_keyfile]\n");
2219 #ifdef ENABLE_PKCS11
2220 	fprintf(stderr,
2221 	    "       ssh-keygen -D pkcs11\n");
2222 #endif
2223 	fprintf(stderr,
2224 	    "       ssh-keygen -F hostname [-f known_hosts_file] [-l]\n"
2225 	    "       ssh-keygen -H [-f known_hosts_file]\n"
2226 	    "       ssh-keygen -R hostname [-f known_hosts_file]\n"
2227 	    "       ssh-keygen -r hostname [-f input_keyfile] [-g]\n"
2228 #ifdef WITH_OPENSSL
2229 	    "       ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n"
2230 	    "       ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n"
2231 	    "                  [-j start_line] [-K checkpt] [-W generator]\n"
2232 #endif
2233 	    "       ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n"
2234 	    "                  [-O option] [-V validity_interval] [-z serial_number] file ...\n"
2235 	    "       ssh-keygen -L [-f input_keyfile]\n"
2236 	    "       ssh-keygen -A\n"
2237 	    "       ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n"
2238 	    "                  file ...\n"
2239 	    "       ssh-keygen -Q -f krl_file file ...\n");
2240 	exit(1);
2241 }
2242 
2243 /*
2244  * Main program for key management.
2245  */
2246 int
2247 main(int argc, char **argv)
2248 {
2249 	char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2;
2250 	char *rr_hostname = NULL, *ep, *fp, *ra;
2251 	struct sshkey *private, *public;
2252 	struct passwd *pw;
2253 	struct stat st;
2254 	int r, opt, type, fd;
2255 	int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
2256 	FILE *f;
2257 	const char *errstr;
2258 #ifdef WITH_OPENSSL
2259 	/* Moduli generation/screening */
2260 	char out_file[PATH_MAX], *checkpoint = NULL;
2261 	u_int32_t memory = 0, generator_wanted = 0;
2262 	int do_gen_candidates = 0, do_screen_candidates = 0;
2263 	unsigned long start_lineno = 0, lines_to_process = 0;
2264 	BIGNUM *start = NULL;
2265 #endif
2266 
2267 	extern int optind;
2268 	extern char *optarg;
2269 
2270 	ssh_malloc_init();	/* must be called before any mallocs */
2271 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
2272 	sanitise_stdfd();
2273 
2274 	__progname = ssh_get_progname(argv[0]);
2275 
2276 #ifdef WITH_OPENSSL
2277 	OpenSSL_add_all_algorithms();
2278 #endif
2279 	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
2280 
2281 	seed_rng();
2282 
2283 	/* we need this for the home * directory.  */
2284 	pw = getpwuid(getuid());
2285 	if (!pw)
2286 		fatal("No user exists for uid %lu", (u_long)getuid());
2287 	if (gethostname(hostname, sizeof(hostname)) < 0)
2288 		fatal("gethostname: %s", strerror(errno));
2289 
2290 	/* Remaining characters: UYdw */
2291 	while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy"
2292 	    "C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Z:"
2293 	    "a:b:f:g:j:m:n:r:s:t:z:")) != -1) {
2294 		switch (opt) {
2295 		case 'A':
2296 			gen_all_hostkeys = 1;
2297 			break;
2298 		case 'b':
2299 			bits = (u_int32_t)strtonum(optarg, 256, 32768, &errstr);
2300 			if (errstr)
2301 				fatal("Bits has bad value %s (%s)",
2302 					optarg, errstr);
2303 			break;
2304 		case 'E':
2305 			fingerprint_hash = ssh_digest_alg_by_name(optarg);
2306 			if (fingerprint_hash == -1)
2307 				fatal("Invalid hash algorithm \"%s\"", optarg);
2308 			break;
2309 		case 'F':
2310 			find_host = 1;
2311 			rr_hostname = optarg;
2312 			break;
2313 		case 'H':
2314 			hash_hosts = 1;
2315 			break;
2316 		case 'I':
2317 			cert_key_id = optarg;
2318 			break;
2319 		case 'R':
2320 			delete_host = 1;
2321 			rr_hostname = optarg;
2322 			break;
2323 		case 'L':
2324 			show_cert = 1;
2325 			break;
2326 		case 'l':
2327 			print_fingerprint = 1;
2328 			break;
2329 		case 'B':
2330 			print_bubblebabble = 1;
2331 			break;
2332 		case 'm':
2333 			if (strcasecmp(optarg, "RFC4716") == 0 ||
2334 			    strcasecmp(optarg, "ssh2") == 0) {
2335 				convert_format = FMT_RFC4716;
2336 				break;
2337 			}
2338 			if (strcasecmp(optarg, "PKCS8") == 0) {
2339 				convert_format = FMT_PKCS8;
2340 				break;
2341 			}
2342 			if (strcasecmp(optarg, "PEM") == 0) {
2343 				convert_format = FMT_PEM;
2344 				break;
2345 			}
2346 			fatal("Unsupported conversion format \"%s\"", optarg);
2347 		case 'n':
2348 			cert_principals = optarg;
2349 			break;
2350 		case 'o':
2351 			use_new_format = 1;
2352 			break;
2353 		case 'p':
2354 			change_passphrase = 1;
2355 			break;
2356 		case 'c':
2357 			change_comment = 1;
2358 			break;
2359 		case 'f':
2360 			if (strlcpy(identity_file, optarg,
2361 			    sizeof(identity_file)) >= sizeof(identity_file))
2362 				fatal("Identity filename too long");
2363 			have_identity = 1;
2364 			break;
2365 		case 'g':
2366 			print_generic = 1;
2367 			break;
2368 		case 'P':
2369 			identity_passphrase = optarg;
2370 			break;
2371 		case 'N':
2372 			identity_new_passphrase = optarg;
2373 			break;
2374 		case 'Q':
2375 			check_krl = 1;
2376 			break;
2377 		case 'O':
2378 			add_cert_option(optarg);
2379 			break;
2380 		case 'Z':
2381 			new_format_cipher = optarg;
2382 			break;
2383 		case 'C':
2384 			identity_comment = optarg;
2385 			break;
2386 		case 'q':
2387 			quiet = 1;
2388 			break;
2389 		case 'e':
2390 		case 'x':
2391 			/* export key */
2392 			convert_to = 1;
2393 			break;
2394 		case 'h':
2395 			cert_key_type = SSH2_CERT_TYPE_HOST;
2396 			certflags_flags = 0;
2397 			break;
2398 		case 'k':
2399 			gen_krl = 1;
2400 			break;
2401 		case 'i':
2402 		case 'X':
2403 			/* import key */
2404 			convert_from = 1;
2405 			break;
2406 		case 'y':
2407 			print_public = 1;
2408 			break;
2409 		case 's':
2410 			ca_key_path = optarg;
2411 			break;
2412 		case 't':
2413 			key_type_name = optarg;
2414 			break;
2415 		case 'D':
2416 			pkcs11provider = optarg;
2417 			break;
2418 		case 'u':
2419 			update_krl = 1;
2420 			break;
2421 		case 'v':
2422 			if (log_level == SYSLOG_LEVEL_INFO)
2423 				log_level = SYSLOG_LEVEL_DEBUG1;
2424 			else {
2425 				if (log_level >= SYSLOG_LEVEL_DEBUG1 &&
2426 				    log_level < SYSLOG_LEVEL_DEBUG3)
2427 					log_level++;
2428 			}
2429 			break;
2430 		case 'r':
2431 			rr_hostname = optarg;
2432 			break;
2433 		case 'a':
2434 			rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr);
2435 			if (errstr)
2436 				fatal("Invalid number: %s (%s)",
2437 					optarg, errstr);
2438 			break;
2439 		case 'V':
2440 			parse_cert_times(optarg);
2441 			break;
2442 		case 'z':
2443 			errno = 0;
2444 			cert_serial = strtoull(optarg, &ep, 10);
2445 			if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
2446 			    (errno == ERANGE && cert_serial == ULLONG_MAX))
2447 				fatal("Invalid serial number \"%s\"", optarg);
2448 			break;
2449 #ifdef WITH_OPENSSL
2450 		/* Moduli generation/screening */
2451 		case 'G':
2452 			do_gen_candidates = 1;
2453 			if (strlcpy(out_file, optarg, sizeof(out_file)) >=
2454 			    sizeof(out_file))
2455 				fatal("Output filename too long");
2456 			break;
2457 		case 'J':
2458 			lines_to_process = strtoul(optarg, NULL, 10);
2459 			break;
2460 		case 'j':
2461 			start_lineno = strtoul(optarg, NULL, 10);
2462 			break;
2463 		case 'K':
2464 			if (strlen(optarg) >= PATH_MAX)
2465 				fatal("Checkpoint filename too long");
2466 			checkpoint = xstrdup(optarg);
2467 			break;
2468 		case 'M':
2469 			memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX,
2470 			    &errstr);
2471 			if (errstr)
2472 				fatal("Memory limit is %s: %s", errstr, optarg);
2473 			break;
2474 		case 'S':
2475 			/* XXX - also compare length against bits */
2476 			if (BN_hex2bn(&start, optarg) == 0)
2477 				fatal("Invalid start point.");
2478 			break;
2479 		case 'T':
2480 			do_screen_candidates = 1;
2481 			if (strlcpy(out_file, optarg, sizeof(out_file)) >=
2482 			    sizeof(out_file))
2483 				fatal("Output filename too long");
2484 			break;
2485 		case 'W':
2486 			generator_wanted = (u_int32_t)strtonum(optarg, 1,
2487 			    UINT_MAX, &errstr);
2488 			if (errstr != NULL)
2489 				fatal("Desired generator invalid: %s (%s)",
2490 				    optarg, errstr);
2491 			break;
2492 #endif /* WITH_OPENSSL */
2493 		case '?':
2494 		default:
2495 			usage();
2496 		}
2497 	}
2498 
2499 	/* reinit */
2500 	log_init(argv[0], log_level, SYSLOG_FACILITY_USER, 1);
2501 
2502 	argv += optind;
2503 	argc -= optind;
2504 
2505 	if (ca_key_path != NULL) {
2506 		if (argc < 1 && !gen_krl) {
2507 			error("Too few arguments.");
2508 			usage();
2509 		}
2510 	} else if (argc > 0 && !gen_krl && !check_krl) {
2511 		error("Too many arguments.");
2512 		usage();
2513 	}
2514 	if (change_passphrase && change_comment) {
2515 		error("Can only have one of -p and -c.");
2516 		usage();
2517 	}
2518 	if (print_fingerprint && (delete_host || hash_hosts)) {
2519 		error("Cannot use -l with -H or -R.");
2520 		usage();
2521 	}
2522 	if (gen_krl) {
2523 		do_gen_krl(pw, update_krl, argc, argv);
2524 		return (0);
2525 	}
2526 	if (check_krl) {
2527 		do_check_krl(pw, argc, argv);
2528 		return (0);
2529 	}
2530 	if (ca_key_path != NULL) {
2531 		if (cert_key_id == NULL)
2532 			fatal("Must specify key id (-I) when certifying");
2533 		do_ca_sign(pw, argc, argv);
2534 	}
2535 	if (show_cert)
2536 		do_show_cert(pw);
2537 	if (delete_host || hash_hosts || find_host)
2538 		do_known_hosts(pw, rr_hostname);
2539 	if (pkcs11provider != NULL)
2540 		do_download(pw);
2541 	if (print_fingerprint || print_bubblebabble)
2542 		do_fingerprint(pw);
2543 	if (change_passphrase)
2544 		do_change_passphrase(pw);
2545 	if (change_comment)
2546 		do_change_comment(pw);
2547 #ifdef WITH_OPENSSL
2548 	if (convert_to)
2549 		do_convert_to(pw);
2550 	if (convert_from)
2551 		do_convert_from(pw);
2552 #endif
2553 	if (print_public)
2554 		do_print_public(pw);
2555 	if (rr_hostname != NULL) {
2556 		unsigned int n = 0;
2557 
2558 		if (have_identity) {
2559 			n = do_print_resource_record(pw,
2560 			    identity_file, rr_hostname);
2561 			if (n == 0)
2562 				fatal("%s: %s", identity_file, strerror(errno));
2563 			exit(0);
2564 		} else {
2565 
2566 			n += do_print_resource_record(pw,
2567 			    _PATH_HOST_RSA_KEY_FILE, rr_hostname);
2568 			n += do_print_resource_record(pw,
2569 			    _PATH_HOST_DSA_KEY_FILE, rr_hostname);
2570 			n += do_print_resource_record(pw,
2571 			    _PATH_HOST_ECDSA_KEY_FILE, rr_hostname);
2572 			n += do_print_resource_record(pw,
2573 			    _PATH_HOST_ED25519_KEY_FILE, rr_hostname);
2574 			if (n == 0)
2575 				fatal("no keys found.");
2576 			exit(0);
2577 		}
2578 	}
2579 
2580 #ifdef WITH_OPENSSL
2581 	if (do_gen_candidates) {
2582 		FILE *out = fopen(out_file, "w");
2583 
2584 		if (out == NULL) {
2585 			error("Couldn't open modulus candidate file \"%s\": %s",
2586 			    out_file, strerror(errno));
2587 			return (1);
2588 		}
2589 		if (bits == 0)
2590 			bits = DEFAULT_BITS;
2591 		if (gen_candidates(out, memory, bits, start) != 0)
2592 			fatal("modulus candidate generation failed");
2593 
2594 		return (0);
2595 	}
2596 
2597 	if (do_screen_candidates) {
2598 		FILE *in;
2599 		FILE *out = fopen(out_file, "a");
2600 
2601 		if (have_identity && strcmp(identity_file, "-") != 0) {
2602 			if ((in = fopen(identity_file, "r")) == NULL) {
2603 				fatal("Couldn't open modulus candidate "
2604 				    "file \"%s\": %s", identity_file,
2605 				    strerror(errno));
2606 			}
2607 		} else
2608 			in = stdin;
2609 
2610 		if (out == NULL) {
2611 			fatal("Couldn't open moduli file \"%s\": %s",
2612 			    out_file, strerror(errno));
2613 		}
2614 		if (prime_test(in, out, rounds == 0 ? 100 : rounds,
2615 		    generator_wanted, checkpoint,
2616 		    start_lineno, lines_to_process) != 0)
2617 			fatal("modulus screening failed");
2618 		return (0);
2619 	}
2620 #endif
2621 
2622 	if (gen_all_hostkeys) {
2623 		do_gen_all_hostkeys(pw);
2624 		return (0);
2625 	}
2626 
2627 	if (key_type_name == NULL)
2628 		key_type_name = DEFAULT_KEY_TYPE_NAME;
2629 
2630 	type = sshkey_type_from_name(key_type_name);
2631 	type_bits_valid(type, key_type_name, &bits);
2632 
2633 	if (!quiet)
2634 		printf("Generating public/private %s key pair.\n",
2635 		    key_type_name);
2636 	if ((r = sshkey_generate(type, bits, &private)) != 0)
2637 		fatal("key_generate failed");
2638 	if ((r = sshkey_from_private(private, &public)) != 0)
2639 		fatal("key_from_private failed: %s\n", ssh_err(r));
2640 
2641 	if (!have_identity)
2642 		ask_filename(pw, "Enter file in which to save the key");
2643 
2644 	/* Create ~/.ssh directory if it doesn't already exist. */
2645 	snprintf(dotsshdir, sizeof dotsshdir, "%s/%s",
2646 	    pw->pw_dir, _PATH_SSH_USER_DIR);
2647 	if (strstr(identity_file, dotsshdir) != NULL) {
2648 		if (stat(dotsshdir, &st) < 0) {
2649 			if (errno != ENOENT) {
2650 				error("Could not stat %s: %s", dotsshdir,
2651 				    strerror(errno));
2652 			} else if (mkdir(dotsshdir, 0700) < 0) {
2653 				error("Could not create directory '%s': %s",
2654 				    dotsshdir, strerror(errno));
2655 			} else if (!quiet)
2656 				printf("Created directory '%s'.\n", dotsshdir);
2657 		}
2658 	}
2659 	/* If the file already exists, ask the user to confirm. */
2660 	if (stat(identity_file, &st) >= 0) {
2661 		char yesno[3];
2662 		printf("%s already exists.\n", identity_file);
2663 		printf("Overwrite (y/n)? ");
2664 		fflush(stdout);
2665 		if (fgets(yesno, sizeof(yesno), stdin) == NULL)
2666 			exit(1);
2667 		if (yesno[0] != 'y' && yesno[0] != 'Y')
2668 			exit(1);
2669 	}
2670 	/* Ask for a passphrase (twice). */
2671 	if (identity_passphrase)
2672 		passphrase1 = xstrdup(identity_passphrase);
2673 	else if (identity_new_passphrase)
2674 		passphrase1 = xstrdup(identity_new_passphrase);
2675 	else {
2676 passphrase_again:
2677 		passphrase1 =
2678 			read_passphrase("Enter passphrase (empty for no "
2679 			    "passphrase): ", RP_ALLOW_STDIN);
2680 		passphrase2 = read_passphrase("Enter same passphrase again: ",
2681 		    RP_ALLOW_STDIN);
2682 		if (strcmp(passphrase1, passphrase2) != 0) {
2683 			/*
2684 			 * The passphrases do not match.  Clear them and
2685 			 * retry.
2686 			 */
2687 			explicit_bzero(passphrase1, strlen(passphrase1));
2688 			explicit_bzero(passphrase2, strlen(passphrase2));
2689 			free(passphrase1);
2690 			free(passphrase2);
2691 			printf("Passphrases do not match.  Try again.\n");
2692 			goto passphrase_again;
2693 		}
2694 		/* Clear the other copy of the passphrase. */
2695 		explicit_bzero(passphrase2, strlen(passphrase2));
2696 		free(passphrase2);
2697 	}
2698 
2699 	if (identity_comment) {
2700 		strlcpy(comment, identity_comment, sizeof(comment));
2701 	} else {
2702 		/* Create default comment field for the passphrase. */
2703 		snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, hostname);
2704 	}
2705 
2706 	/* Save the key with the given passphrase and comment. */
2707 	if ((r = sshkey_save_private(private, identity_file, passphrase1,
2708 	    comment, use_new_format, new_format_cipher, rounds)) != 0) {
2709 		error("Saving key \"%s\" failed: %s",
2710 		    identity_file, ssh_err(r));
2711 		explicit_bzero(passphrase1, strlen(passphrase1));
2712 		free(passphrase1);
2713 		exit(1);
2714 	}
2715 	/* Clear the passphrase. */
2716 	explicit_bzero(passphrase1, strlen(passphrase1));
2717 	free(passphrase1);
2718 
2719 	/* Clear the private key and the random number generator. */
2720 	sshkey_free(private);
2721 
2722 	if (!quiet)
2723 		printf("Your identification has been saved in %s.\n", identity_file);
2724 
2725 	strlcat(identity_file, ".pub", sizeof(identity_file));
2726 	if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
2727 		fatal("Unable to save public key to %s: %s",
2728 		    identity_file, strerror(errno));
2729 	if ((f = fdopen(fd, "w")) == NULL)
2730 		fatal("fdopen %s failed: %s", identity_file, strerror(errno));
2731 	if ((r = sshkey_write(public, f)) != 0)
2732 		error("write key failed: %s", ssh_err(r));
2733 	fprintf(f, " %s\n", comment);
2734 	fclose(f);
2735 
2736 	if (!quiet) {
2737 		fp = sshkey_fingerprint(public, fingerprint_hash,
2738 		    SSH_FP_DEFAULT);
2739 		ra = sshkey_fingerprint(public, fingerprint_hash,
2740 		    SSH_FP_RANDOMART);
2741 		if (fp == NULL || ra == NULL)
2742 			fatal("sshkey_fingerprint failed");
2743 		printf("Your public key has been saved in %s.\n",
2744 		    identity_file);
2745 		printf("The key fingerprint is:\n");
2746 		printf("%s %s\n", fp, comment);
2747 		printf("The key's randomart image is:\n");
2748 		printf("%s\n", ra);
2749 		free(ra);
2750 		free(fp);
2751 	}
2752 
2753 	sshkey_free(public);
2754 	exit(0);
2755 }
2756