Attachment #1888 for bug #1749

View | Details | Raw Unified | Return to bug 1749
Collapse All | Expand All

Lines 59-67 Link Here

(-)ssh-keygen.1 (-11 / +32 lines)
59	.Op Fl f Ar keyfile	59	.Op Fl f Ar keyfile
60	.Nm ssh-keygen	60	.Nm ssh-keygen
61	.Fl i	61	.Fl i
		62	.Op Fl m Ar key_format
62	.Op Fl f Ar input_keyfile	63	.Op Fl f Ar input_keyfile
63	.Nm ssh-keygen	64	.Nm ssh-keygen
64	.Fl e	65	.Fl e
		66	.Op Fl m Ar key_format
65	.Op Fl f Ar input_keyfile	67	.Op Fl f Ar input_keyfile
66	.Nm ssh-keygen	68	.Nm ssh-keygen
67	.Fl y	69	.Fl y
Lines 215-225 Download the RSA public keys provided by Link Here
215	.Ar pkcs11 .	217	.Ar pkcs11 .
216	.It Fl e	218	.It Fl e
217	This option will read a private or public OpenSSH key file and	219	This option will read a private or public OpenSSH key file and
218	print the key in	220	print to stdout the key in one of the formats specified by the
219	RFC 4716 SSH Public Key File Format	221	.Fl m
220	to stdout.	222	option.
221	This option allows exporting keys for use by several commercial	223	The default export format is
222	SSH implementations.	224	.Dq RFC4716 .
		225	This option allows exporting OpenSSH key for use by other programs, including
		226	several commercial SSH implementations.
223	.It Fl F Ar hostname	227	.It Fl F Ar hostname
224	Search for the specified	228	Search for the specified
225	.Ar hostname	229	.Ar hostname
Lines 270-282 Please see the Link Here
270	section for details.	274	section for details.
271	.It Fl i	275	.It Fl i
272	This option will read an unencrypted private (or public) key file	276	This option will read an unencrypted private (or public) key file
273	in SSH2-compatible format and print an OpenSSH compatible private	277	in the format specified by the
		278	.Fl m
		279	option and print an OpenSSH compatible private
274	(or public) key to stdout.	280	(or public) key to stdout.
275	.Nm	281	This option allows importing keys from other software, including several
276	also reads the	282	commercial SSH implementations.
277	RFC 4716 SSH Public Key File Format.	283	The default import format is
278	This option allows importing keys from several commercial	284	.Dq RFC4716 .
279	SSH implementations.
280	.It Fl L	285	.It Fl L
281	Prints the contents of a certificate.	286	Prints the contents of a certificate.
282	.It Fl l	287	.It Fl l
Lines 288-293 tries to find the matching public key fi Link Here
288	If combined with	293	If combined with
289	.Fl v ,	294	.Fl v ,
290	an ASCII art representation of the key is supplied with the fingerprint.	295	an ASCII art representation of the key is supplied with the fingerprint.
		296	.It Fl m Ar key_format
		297	Specify a key format for the
		298	.Fl i
		299	(import) or
		300	.Fl e
		301	(export) coversion options.
		302	The supported key formats are:
		303	.Dq RFC4716
		304	(RFC4716/SSH2 public or private key),
		305	.Dq PEM
		306	(PEM and ASN.1 encoded public key)
		307	or
		308	.Dq PEM_RAW
		309	(PEM encoded raw key).
		310	The default conversion format is
		311	.Dq RFC4716 .
291	.It Fl M Ar memory	312	.It Fl M Ar memory
292	Specify the amount of memory to use (in megabytes) when generating	313	Specify the amount of memory to use (in megabytes) when generating
293	candidate moduli for DH-GEX.	314	candidate moduli for DH-GEX.




char *certflags_command = NULL;
char *certflags_src_addr = NULL;

/* Conversion to/from various formats */
int convert_to = 0;
int convert_from = 0;
enum {
	FMT_RFC4716,
	FMT_PEM,
	FMT_PEM_RAW
} convert_format = FMT_RFC4716;
int print_public = 0;
int print_generic = 0;

char *key_type_name = NULL;


/* argv0 */
extern char *__progname;


#define	SSH_COM_PRIVATE_KEY_MAGIC	0x3f6ff9eb

static void
do_convert_to_ssh2(struct passwd *pw, Key *k)
{
	Key *k;
	u_int len;
	u_char *blob;
	char comment[61];
	struct stat st;

	if (!have_identity)
		ask_filename(pw, "Enter file in which the key is");
	if (stat(identity_file, &st) < 0) {
		perror(identity_file);
		exit(1);
	}
	if ((k = key_load_public(identity_file, NULL)) == NULL) {
		if ((k = load_identity(identity_file)) == NULL) {
			fprintf(stderr, "load failed\n");
			exit(1);
		}
	}
	if (k->type == KEY_RSA1) {
		fprintf(stderr, "version 1 keys are not supported\n");
		exit(1);
	}
	if (key_to_blob(k, &blob, &len) <= 0) {
		fprintf(stderr, "key_to_blob failed\n");
		exit(1);

}

static void
do_convert_to_pem(Key *k)
{
	switch (key_type_plain(k->type)) {
	case KEY_RSA:
		if (!PEM_write_RSA_PUBKEY(stdout, k->rsa))
			fatal("PEM_write_RSA_PUBKEY failed");
		break;
	case KEY_DSA:
		if (!PEM_write_DSA_PUBKEY(stdout, k->dsa))
			fatal("PEM_write_DSA_PUBKEY failed");
		break;
	default:
		fatal("%s: unsupported key type %s", __func__, key_type(k));
	}
	exit(0);
}

static void
do_convert_to_pem_raw(Key *k)
{
	switch (key_type_plain(k->type)) {
	case KEY_RSA:
		if (!PEM_write_RSAPublicKey(stdout, k->rsa))
			fatal("PEM_write_RSAPublicKey failed");
		break;
#if notyet /* OpenSSH 0.9.8 lacks this function */
	case KEY_DSA:
		if (!PEM_write_DSAPublicKey(stdout, k->dsa))
			fatal("PEM_write_DSAPublicKey failed");
		break;
#endif
	default:
		fatal("%s: unsupported key type %s", __func__, key_type(k));
	}
	exit(0);
}

static void
do_convert_to(struct passwd *pw)
{
	Key *k;
	struct stat st;

	if (!have_identity)
		ask_filename(pw, "Enter file in which the key is");
	if (stat(identity_file, &st) < 0)
		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
	if ((k = key_load_public(identity_file, NULL)) == NULL) {
		if ((k = load_identity(identity_file)) == NULL) {
			fprintf(stderr, "load failed\n");
			exit(1);
		}
	}
	if (k->type == KEY_RSA1) {
		fprintf(stderr, "version 1 keys are not supported\n");
		exit(1);
	}

	switch (convert_format) {
	case FMT_RFC4716:
		do_convert_to_ssh2(pw, k);
		break;
	case FMT_PEM:
		do_convert_to_pem(k);
		break;
	case FMT_PEM_RAW:
		do_convert_to_pem_raw(k);
		break;
	default:
		fatal("%s: unknown key format %d", __func__, convert_format);
	}
	exit(0);
}

static void
buffer_get_bignum_bits(Buffer *b, BIGNUM *value)
{
	u_int bignum_bits = buffer_get_int(b);

}

static void
do_convert_from_ssh2(struct passwd *pw, Key **k, int *private)
{
	Key *k;
	int blen;
	u_int len;
	char line[1024];
	u_char blob[8096];
	char encoded[8096];
	int escaped = 0;
	int escaped = 0, private = 0, ok;
	FILE *fp;

	if (!have_identity)
		ask_filename(pw, "Enter file in which the key is");
	if (stat(identity_file, &st) < 0) {
		perror(identity_file);
		exit(1);
	}
	if ((fp = fopen(identity_file, "r")) == NULL)
		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
	encoded[0] = '\0';

		if (strncmp(line, "----", 4) == 0 ||
		    strstr(line, ": ") != NULL) {
			if (strstr(line, SSH_COM_PRIVATE_BEGIN) != NULL)
				*private = 1;
			if (strstr(line, " END ") != NULL) {
				break;
			}

		fprintf(stderr, "uudecode failed.\n");
		exit(1);
	}
	*k = *private ?
	    do_convert_private_ssh2_from_blob(blob, blen) :
	    key_from_blob(blob, blen);
	if (*k == NULL) {
		fprintf(stderr, "decode blob failed.\n");
		exit(1);
	}
	fclose(fp);
}

static void
do_convert_from_pem(Key **k, int *private)
{
	EVP_PKEY *pubkey;
	FILE *fp;

	if ((fp = fopen(identity_file, "r")) == NULL)
		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
	if ((pubkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL)) == NULL) {
		fatal("%s: %s is not a recognised public key format", __func__,
		    identity_file);
	}
	fclose(fp);
	switch (EVP_PKEY_type(pubkey->type)) {
	case EVP_PKEY_RSA:
		*k = key_new(KEY_UNSPEC);
		(*k)->type = KEY_RSA;
		(*k)->rsa = EVP_PKEY_get1_RSA(pubkey);
		break;
	case EVP_PKEY_DSA:
		*k = key_new(KEY_UNSPEC);
		(*k)->type = KEY_DSA;
		(*k)->dsa = EVP_PKEY_get1_DSA(pubkey);
		break;
	default:
		fatal("%s: unsupported pubkey type %d", __func__,
		    EVP_PKEY_type(pubkey->type));
	}
	EVP_PKEY_free(pubkey);
	return;
}

static void
do_convert_from_pem_raw(Key **k, int *private)
{
	FILE *fp;
	RSA *rsa;
#ifdef notyet
	DSA *dsa;
#endif

	if ((fp = fopen(identity_file, "r")) == NULL)
		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
	if ((rsa = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL)) != NULL) {
		*k = key_new(KEY_UNSPEC);
		(*k)->type = KEY_RSA;
		(*k)->rsa = rsa;
		fclose(fp);
		return;
	}
#if notyet /* OpenSSH 0.9.8 lacks this function */
	rewind(fp);
	if ((dsa = PEM_read_DSAPublicKey(fp, NULL, NULL, NULL)) != NULL) {
		*k = key_new(KEY_UNSPEC);
		(*k)->type = KEY_DSA;
		(*k)->dsa = dsa;
		fclose(fp);
		return;
	}
#endif
	fatal("%s: unrecognised raw private key format", __func__);
}

static void
do_convert_from(struct passwd *pw)
{
	Key *k = NULL;
	int private = 0, ok;
	struct stat st;

	if (!have_identity)
		ask_filename(pw, "Enter file in which the key is");
	if (stat(identity_file, &st) < 0)
		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));

	switch (convert_format) {
	case FMT_RFC4716:
		do_convert_from_ssh2(pw, &k, &private);
		break;
	case FMT_PEM:
		do_convert_from_pem(&k, &private);
		break;
	case FMT_PEM_RAW:
		do_convert_from_pem_raw(&k, &private);
		break;
	default:
		fatal("%s: unknown key format %d", __func__, convert_format);
	}

	if (!private)
		ok = key_write(k, stdout);
		if (ok)
			fprintf(stdout, " %s\n", identity_file);
	else {
		switch (k->type) {
		case KEY_DSA:
			ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL,
			    NULL, 0, NULL, NULL);
			break;
		case KEY_RSA:
			ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL,
			    NULL, 0, NULL, NULL);
			break;
		default:
			fatal("%s: unsupported key type %s", __func__,
			    key_type(k));
		}
	}

	if (!ok) {
		fprintf(stderr, "key write failed\n");
		exit(1);
	}
	key_free(k);
	if (!private)
		fprintf(stdout, "\n");
	fclose(fp);
	exit(0);
}


#ifdef ENABLE_PKCS11
	fprintf(stderr, "  -D pkcs11   Download public key from pkcs11 token.\n");
#endif
	fprintf(stderr, "  -e          Export OpenSSH to foreign format key file.\n");
	fprintf(stderr, "  -F hostname Find hostname in known hosts file.\n");
	fprintf(stderr, "  -f filename Filename of the key file.\n");
	fprintf(stderr, "  -G file     Generate candidates for DH-GEX moduli.\n");

	fprintf(stderr, "  -H          Hash names in known_hosts file.\n");
	fprintf(stderr, "  -h          Generate host certificate instead of a user certificate.\n");
	fprintf(stderr, "  -I key_id   Key identifier to include in certificate.\n");
	fprintf(stderr, "  -i          Import foreign format to OpenSSH key file.\n");
	fprintf(stderr, "  -L          Print the contents of a certificate.\n");
	fprintf(stderr, "  -l          Show fingerprint of key file.\n");
	fprintf(stderr, "  -m key_fmt  Conversion format for -e/-i (PEM|PEM_RAW|RFC4716).\n");
	fprintf(stderr, "  -M memory   Amount of memory (MB) to use for generating DH-GEX moduli.\n");
	fprintf(stderr, "  -n name,... User/host principal names to include in certificate\n");
	fprintf(stderr, "  -N phrase   Provide new passphrase.\n");

		exit(1);
	}

	while ((opt = getopt(argc, argv, "degiqpclBHLhvxXyF:b:f:t:D:I:P:m:N:n:"
	    "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) {
		switch (opt) {
		case 'b':

		case 'B':
			print_bubblebabble = 1;
			break;
		case 'm':
			if (strcasecmp(optarg, "rfc4716") == 0 ||
			    strcasecmp(optarg, "ssh2") == 0) {
				convert_format = FMT_RFC4716;
				break;
			}
			if (strcasecmp(optarg, "pem") == 0) {
				convert_format = FMT_PEM;
				break;
			}
			if (strcasecmp(optarg, "pem_raw") == 0) {
				convert_format = FMT_PEM_RAW;
				break;
			}
			fatal("Unsupported conversion format \"%s\"", optarg);
		case 'n':
			cert_principals = optarg;
			break;

		case 'e':
		case 'x':
			/* export key */
			convert_to = 1;
			break;
		case 'h':
			cert_key_type = SSH2_CERT_TYPE_HOST;

		case 'i':
		case 'X':
			/* import key */
			convert_from = 1;
			break;
		case 'y':
			print_public = 1;

		do_change_passphrase(pw);
	if (change_comment)
		do_change_comment(pw);
	if (convert_to)
		do_convert_to(pw);
	if (convert_from)
		do_convert_from(pw);
	if (print_public)
		do_print_public(pw);
	if (rr_hostname != NULL) {

Return to bug 1749

Lines 125-138 u_int32_t certflags_flags = CERTOPT_DEFA Link Here

(-)ssh-keygen.c (-52 / +227 lines)
125	char *certflags_command = NULL;	125	char *certflags_command = NULL;
126	char *certflags_src_addr = NULL;	126	char *certflags_src_addr = NULL;
127		127
128	/* Dump public key file in format used by real and the original SSH 2 */	128	/* Conversion to/from various formats */
129	int convert_to_ssh2 = 0;	129	int convert_to = 0;
130	int convert_from_ssh2 = 0;	130	int convert_from = 0;
		131	enum {
		132	FMT_RFC4716,
		133	FMT_PEM,
		134	FMT_PEM_RAW
		135	} convert_format = FMT_RFC4716;
131	int print_public = 0;	136	int print_public = 0;
132	int print_generic = 0;	137	int print_generic = 0;
133		138
134	char *key_type_name = NULL;	139	char *key_type_name = NULL;
135		140
		141
136	/* argv0 */	142	/* argv0 */
137	extern char *__progname;	143	extern char *__progname;
138		144
Lines 207-236 load_identity(char *filename) Link Here
207	#define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb	213	#define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb
208		214
209	static void	215	static void
210	do_convert_to_ssh2(struct passwd *pw)	216	do_convert_to_ssh2(struct passwd pw, Key k)
211	{	217	{
212	Key *k;
213	u_int len;	218	u_int len;
214	u_char *blob;	219	u_char *blob;
215	char comment[61];	220	char comment[61];
216	struct stat st;
217		221
218	if (!have_identity)
219	ask_filename(pw, "Enter file in which the key is");
220	if (stat(identity_file, &st) < 0) {
221	perror(identity_file);
222	exit(1);
223	}
224	if ((k = key_load_public(identity_file, NULL)) == NULL) {
225	if ((k = load_identity(identity_file)) == NULL) {
226	fprintf(stderr, "load failed\n");
227	exit(1);
228	}
229	}
230	if (k->type == KEY_RSA1) {
231	fprintf(stderr, "version 1 keys are not supported\n");
232	exit(1);
233	}
234	if (key_to_blob(k, &blob, &len) <= 0) {	222	if (key_to_blob(k, &blob, &len) <= 0) {
235	fprintf(stderr, "key_to_blob failed\n");	223	fprintf(stderr, "key_to_blob failed\n");
236	exit(1);	224	exit(1);
Lines 251-256 do_convert_to_ssh2(struct passwd *pw) Link Here
251	}	239	}
252		240
253	static void	241	static void
		242	do_convert_to_pem(Key *k)
		243	{
		244	switch (key_type_plain(k->type)) {
		245	case KEY_RSA:
		246	if (!PEM_write_RSA_PUBKEY(stdout, k->rsa))
		247	fatal("PEM_write_RSA_PUBKEY failed");
		248	break;
		249	case KEY_DSA:
		250	if (!PEM_write_DSA_PUBKEY(stdout, k->dsa))
		251	fatal("PEM_write_DSA_PUBKEY failed");
		252	break;
		253	default:
		254	fatal("%s: unsupported key type %s", __func__, key_type(k));
		255	}
		256	exit(0);
		257	}
		258
		259	static void
		260	do_convert_to_pem_raw(Key *k)
		261	{
		262	switch (key_type_plain(k->type)) {
		263	case KEY_RSA:
		264	if (!PEM_write_RSAPublicKey(stdout, k->rsa))
		265	fatal("PEM_write_RSAPublicKey failed");
		266	break;
		267	#if notyet /* OpenSSH 0.9.8 lacks this function */
		268	case KEY_DSA:
		269	if (!PEM_write_DSAPublicKey(stdout, k->dsa))
		270	fatal("PEM_write_DSAPublicKey failed");
		271	break;
		272	#endif
		273	default:
		274	fatal("%s: unsupported key type %s", __func__, key_type(k));
		275	}
		276	exit(0);
		277	}
		278
		279	static void
		280	do_convert_to(struct passwd *pw)
		281	{
		282	Key *k;
		283	struct stat st;
		284
		285	if (!have_identity)
		286	ask_filename(pw, "Enter file in which the key is");
		287	if (stat(identity_file, &st) < 0)
		288	fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
		289	if ((k = key_load_public(identity_file, NULL)) == NULL) {
		290	if ((k = load_identity(identity_file)) == NULL) {
		291	fprintf(stderr, "load failed\n");
		292	exit(1);
		293	}
		294	}
		295	if (k->type == KEY_RSA1) {
		296	fprintf(stderr, "version 1 keys are not supported\n");
		297	exit(1);
		298	}
		299
		300	switch (convert_format) {
		301	case FMT_RFC4716:
		302	do_convert_to_ssh2(pw, k);
		303	break;
		304	case FMT_PEM:
		305	do_convert_to_pem(k);
306	break;
307	case FMT_PEM_RAW:
308	do_convert_to_pem_raw(k);
309	break;
310	default:
311	fatal("%s: unknown key format %d", __func__, convert_format);
312	}
313	exit(0);
314	}
315
316	static void
254	buffer_get_bignum_bits(Buffer b, BIGNUM value)	317	buffer_get_bignum_bits(Buffer b, BIGNUM value)
255	{	318	{
256	u_int bignum_bits = buffer_get_int(b);	319	u_int bignum_bits = buffer_get_int(b);
Lines 388-411 get_line(FILE fp, char line, size_t le Link Here
388	}	451	}
389		452
390	static void	453	static void
391	do_convert_from_ssh2(struct passwd *pw)	454	do_convert_from_ssh2(struct passwd pw, Key k, int private)
392	{	455	{
393	Key *k;
394	int blen;	456	int blen;
395	u_int len;	457	u_int len;
396	char line[1024];	458	char line[1024];
397	u_char blob[8096];	459	u_char blob[8096];
398	char encoded[8096];	460	char encoded[8096];
399	struct stat st;	461	int escaped = 0;
400	int escaped = 0, private = 0, ok;
401	FILE *fp;	462	FILE *fp;
402		463
403	if (!have_identity)
404	ask_filename(pw, "Enter file in which the key is");
405	if (stat(identity_file, &st) < 0) {
406	perror(identity_file);
407	exit(1);
408	}
409	if ((fp = fopen(identity_file, "r")) == NULL)	464	if ((fp = fopen(identity_file, "r")) == NULL)
410	fatal("%s: %s: %s", __progname, identity_file, strerror(errno));	465	fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
411	encoded[0] = '\0';	466	encoded[0] = '\0';
Lines 415-421 do_convert_from_ssh2(struct passwd *pw) Link Here
415	if (strncmp(line, "----", 4) == 0 \|\|	470	if (strncmp(line, "----", 4) == 0 \|\|
416	strstr(line, ": ") != NULL) {	471	strstr(line, ": ") != NULL) {
417	if (strstr(line, SSH_COM_PRIVATE_BEGIN) != NULL)	472	if (strstr(line, SSH_COM_PRIVATE_BEGIN) != NULL)
418	private = 1;	473	*private = 1;
419	if (strstr(line, " END ") != NULL) {	474	if (strstr(line, " END ") != NULL) {
420	break;	475	break;
421	}	476	}
Lines 440-465 do_convert_from_ssh2(struct passwd *pw) Link Here
440	fprintf(stderr, "uudecode failed.\n");	495	fprintf(stderr, "uudecode failed.\n");
441	exit(1);	496	exit(1);
442	}	497	}
443	k = private ?	498	k = private ?
444	do_convert_private_ssh2_from_blob(blob, blen) :	499	do_convert_private_ssh2_from_blob(blob, blen) :
445	key_from_blob(blob, blen);	500	key_from_blob(blob, blen);
446	if (k == NULL) {	501	if (*k == NULL) {
447	fprintf(stderr, "decode blob failed.\n");	502	fprintf(stderr, "decode blob failed.\n");
448	exit(1);	503	exit(1);
449	}	504	}
450	ok = private ?	505	fclose(fp);
451	(k->type == KEY_DSA ?	506	}
452	PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL) :	507
453	PEM_write_RSAPrivateKey(stdout, k->rsa, NULL, NULL, 0, NULL, NULL)) :	508	static void
454	key_write(k, stdout);	509	do_convert_from_pem(Key *k, int private)
		510	{
		511	EVP_PKEY *pubkey;
		512	FILE *fp;
		513
		514	if ((fp = fopen(identity_file, "r")) == NULL)
		515	fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
		516	if ((pubkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL)) == NULL) {
		517	fatal("%s: %s is not a recognised public key format", __func__,
		518	identity_file);
		519	}
		520	fclose(fp);
		521	switch (EVP_PKEY_type(pubkey->type)) {
		522	case EVP_PKEY_RSA:
		523	*k = key_new(KEY_UNSPEC);
		524	(*k)->type = KEY_RSA;
		525	(*k)->rsa = EVP_PKEY_get1_RSA(pubkey);
		526	break;
		527	case EVP_PKEY_DSA:
		528	*k = key_new(KEY_UNSPEC);
		529	(*k)->type = KEY_DSA;
		530	(*k)->dsa = EVP_PKEY_get1_DSA(pubkey);
		531	break;
		532	default:
		533	fatal("%s: unsupported pubkey type %d", __func__,
		534	EVP_PKEY_type(pubkey->type));
		535	}
		536	EVP_PKEY_free(pubkey);
		537	return;
		538	}
		539
		540	static void
		541	do_convert_from_pem_raw(Key *k, int private)
		542	{
		543	FILE *fp;
		544	RSA *rsa;
		545	#ifdef notyet
		546	DSA *dsa;
		547	#endif
		548
		549	if ((fp = fopen(identity_file, "r")) == NULL)
		550	fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
		551	if ((rsa = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL)) != NULL) {
		552	*k = key_new(KEY_UNSPEC);
		553	(*k)->type = KEY_RSA;
		554	(*k)->rsa = rsa;
		555	fclose(fp);
		556	return;
		557	}
		558	#if notyet /* OpenSSH 0.9.8 lacks this function */
		559	rewind(fp);
		560	if ((dsa = PEM_read_DSAPublicKey(fp, NULL, NULL, NULL)) != NULL) {
		561	*k = key_new(KEY_UNSPEC);
		562	(*k)->type = KEY_DSA;
		563	(*k)->dsa = dsa;
		564	fclose(fp);
		565	return;
		566	}
		567	#endif
		568	fatal("%s: unrecognised raw private key format", __func__);
		569	}
		570
		571	static void
		572	do_convert_from(struct passwd *pw)
		573	{
574	Key *k = NULL;
575	int private = 0, ok;
576	struct stat st;
577
578	if (!have_identity)
579	ask_filename(pw, "Enter file in which the key is");
580	if (stat(identity_file, &st) < 0)
581	fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
582
583	switch (convert_format) {
584	case FMT_RFC4716:
585	do_convert_from_ssh2(pw, &k, &private);
586	break;
587	case FMT_PEM:
588	do_convert_from_pem(&k, &private);
589	break;
590	case FMT_PEM_RAW:
591	do_convert_from_pem_raw(&k, &private);
592	break;
593	default:
594	fatal("%s: unknown key format %d", __func__, convert_format);
595	}
596
597	if (!private)
598	ok = key_write(k, stdout);
599	if (ok)
600	fprintf(stdout, " %s\n", identity_file);
601	else {
602	switch (k->type) {
603	case KEY_DSA:
604	ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL,
605	NULL, 0, NULL, NULL);
606	break;
607	case KEY_RSA:
608	ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL,
609	NULL, 0, NULL, NULL);
610	break;
611	default:
612	fatal("%s: unsupported key type %s", __func__,
613	key_type(k));
614	}
615	}
616
455	if (!ok) {	617	if (!ok) {
456	fprintf(stderr, "key write failed\n");	618	fprintf(stderr, "key write failed\n");
457	exit(1);	619	exit(1);
458	}	620	}
459	key_free(k);	621	key_free(k);
460	if (!private)
461	fprintf(stdout, "\n");
462	fclose(fp);
463	exit(0);	622	exit(0);
464	}	623	}
465		624
Lines 1517-1523 usage(void) Link Here
1517	#ifdef ENABLE_PKCS11	1676	#ifdef ENABLE_PKCS11
1518	fprintf(stderr, " -D pkcs11 Download public key from pkcs11 token.\n");	1677	fprintf(stderr, " -D pkcs11 Download public key from pkcs11 token.\n");
1519	#endif	1678	#endif
1520	fprintf(stderr, " -e Convert OpenSSH to RFC 4716 key file.\n");	1679	fprintf(stderr, " -e Export OpenSSH to foreign format key file.\n");
1521	fprintf(stderr, " -F hostname Find hostname in known hosts file.\n");	1680	fprintf(stderr, " -F hostname Find hostname in known hosts file.\n");
1522	fprintf(stderr, " -f filename Filename of the key file.\n");	1681	fprintf(stderr, " -f filename Filename of the key file.\n");
1523	fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n");	1682	fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n");
Lines 1525-1533 usage(void) Link Here
1525	fprintf(stderr, " -H Hash names in known_hosts file.\n");	1684	fprintf(stderr, " -H Hash names in known_hosts file.\n");
1526	fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n");	1685	fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n");
1527	fprintf(stderr, " -I key_id Key identifier to include in certificate.\n");	1686	fprintf(stderr, " -I key_id Key identifier to include in certificate.\n");
1528	fprintf(stderr, " -i Convert RFC 4716 to OpenSSH key file.\n");	1687	fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n");
1529	fprintf(stderr, " -L Print the contents of a certificate.\n");	1688	fprintf(stderr, " -L Print the contents of a certificate.\n");
1530	fprintf(stderr, " -l Show fingerprint of key file.\n");	1689	fprintf(stderr, " -l Show fingerprint of key file.\n");
		1690	fprintf(stderr, " -m key_fmt Conversion format for -e/-i (PEM\|PEM_RAW\|RFC4716).\n");
1531	fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n");	1691	fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n");
1532	fprintf(stderr, " -n name,... User/host principal names to include in certificate\n");	1692	fprintf(stderr, " -n name,... User/host principal names to include in certificate\n");
1533	fprintf(stderr, " -N phrase Provide new passphrase.\n");	1693	fprintf(stderr, " -N phrase Provide new passphrase.\n");
Lines 1590-1596 main(int argc, char **argv) Link Here
1590	exit(1);	1750	exit(1);
1591	}	1751	}
1592		1752
1593	while ((opt = getopt(argc, argv, "degiqpclBHLhvxXyF:b:f:t:D:I:P:N:n:"	1753	while ((opt = getopt(argc, argv, "degiqpclBHLhvxXyF:b:f:t:D:I:P:m:N:n:"
1594	"O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) {	1754	"O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) {
1595	switch (opt) {	1755	switch (opt) {
1596	case 'b':	1756	case 'b':
Lines 1622-1627 main(int argc, char **argv) Link Here
1622	case 'B':	1782	case 'B':
1623	print_bubblebabble = 1;	1783	print_bubblebabble = 1;
1624	break;	1784	break;
		1785	case 'm':
		1786	if (strcasecmp(optarg, "rfc4716") == 0 \|\|
		1787	strcasecmp(optarg, "ssh2") == 0) {
		1788	convert_format = FMT_RFC4716;
		1789	break;
		1790	}
		1791	if (strcasecmp(optarg, "pem") == 0) {
		1792	convert_format = FMT_PEM;
		1793	break;
		1794	}
		1795	if (strcasecmp(optarg, "pem_raw") == 0) {
		1796	convert_format = FMT_PEM_RAW;
		1797	break;
		1798	}
		1799	fatal("Unsupported conversion format \"%s\"", optarg);
1625	case 'n':	1800	case 'n':
1626	cert_principals = optarg;	1801	cert_principals = optarg;
1627	break;	1802	break;
Lines 1658-1664 main(int argc, char **argv) Link Here
1658	case 'e':	1833	case 'e':
1659	case 'x':	1834	case 'x':
1660	/* export key */	1835	/* export key */
1661	convert_to_ssh2 = 1;	1836	convert_to = 1;
1662	break;	1837	break;
1663	case 'h':	1838	case 'h':
1664	cert_key_type = SSH2_CERT_TYPE_HOST;	1839	cert_key_type = SSH2_CERT_TYPE_HOST;
Lines 1667-1673 main(int argc, char **argv) Link Here
1667	case 'i':	1842	case 'i':
1668	case 'X':	1843	case 'X':
1669	/* import key */	1844	/* import key */
1670	convert_from_ssh2 = 1;	1845	convert_from = 1;
1671	break;	1846	break;
1672	case 'y':	1847	case 'y':
1673	print_public = 1;	1848	print_public = 1;
Lines 1783-1792 main(int argc, char **argv) Link Here
1783	do_change_passphrase(pw);	1958	do_change_passphrase(pw);
1784	if (change_comment)	1959	if (change_comment)
1785	do_change_comment(pw);	1960	do_change_comment(pw);
1786	if (convert_to_ssh2)	1961	if (convert_to)
1787	do_convert_to_ssh2(pw);	1962	do_convert_to(pw);
1788	if (convert_from_ssh2)	1963	if (convert_from)
1789	do_convert_from_ssh2(pw);	1964	do_convert_from(pw);
1790	if (print_public)	1965	if (print_public)
1791	do_print_public(pw);	1966	do_print_public(pw);
1792	if (rr_hostname != NULL) {	1967	if (rr_hostname != NULL) {