X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=cmdgen.c;h=265e5adc1ac9e450927100a6da5a7a2bce7333d5;hb=145ecf611238c4f1e39d89d3eee40319a2c54fe8;hp=4722a8ad7af73b271012d967f810bc0fd224463b;hpb=0fadffe0cbd191c3125834a1445ebe1885a88295;p=PuTTY.git diff --git a/cmdgen.c b/cmdgen.c index 4722a8ad..265e5adc 100644 --- a/cmdgen.c +++ b/cmdgen.c @@ -19,7 +19,7 @@ #ifdef TEST_CMDGEN /* * This section overrides some definitions below for test purposes. - * When compiled with -DTEST_CMDGEN: + * When compiled with -DTEST_CMDGEN (as cgtest.c will do): * * - Calls to get_random_data() are replaced with the diagnostic * function below (I #define the name so that I can still link @@ -37,7 +37,7 @@ * run tests. */ #define get_random_data get_random_data_diagnostic -char *get_random_data(int len) +char *get_random_data(int len, const char *device) { char *buf = snewn(len, char); memset(buf, 'x', len); @@ -52,8 +52,7 @@ int console_get_userpass_input(prompts_t *p, unsigned char *in, int inlen) int ret = 1; for (i = 0; i < p->n_prompts; i++) { if (promptsgot < nprompts) { - assert(strlen(prompts[promptsgot]) < p->prompts[i]->result_len); - strcpy(p->prompts[i]->result, prompts[promptsgot++]); + p->prompts[i]->result = dupstr(prompts[promptsgot++]); } else { promptsgot++; /* track number of requests anyway */ ret = 0; @@ -177,6 +176,8 @@ void help(void) " specify file containing old key passphrase\n" " --new-passphrase file\n" " specify file containing new key passphrase\n" + " --random-device device\n" + " specify device to read entropy from (e.g. /dev/urandom)\n" ); } @@ -222,6 +223,8 @@ static char *readpassphrase(const char *filename) return line; } +#define DEFAULT_RSADSA_BITS 2048 + int main(int argc, char **argv) { char *infile = NULL; @@ -245,6 +248,7 @@ int main(int argc, char **argv) char *old_passphrase = NULL, *new_passphrase = NULL; int load_encrypted; progfn_t progressfn = is_interactive() ? progress_update : no_progress; + const char *random_device = NULL; /* ------------------------------------------------------------------ * Parse the command line to figure out what we've been asked to do. @@ -338,6 +342,16 @@ int main(int argc, char **argv) if (!new_passphrase) errs = TRUE; } + } else if (!strcmp(opt, "-random-device")) { + if (!val && argc > 1) + --argc, val = *++argv; + if (!val) { + errs = TRUE; + fprintf(stderr, "puttygen: option `-%s'" + " expects an argument\n", opt); + } else { + random_device = val; + } } else { errs = TRUE; fprintf(stderr, @@ -488,7 +502,7 @@ int main(int argc, char **argv) bits = 256; break; default: - bits = 2048; + bits = DEFAULT_RSADSA_BITS; break; } } @@ -503,6 +517,19 @@ int main(int argc, char **argv) errs = TRUE; } + if (keytype == RSA2 || keytype == RSA1 || keytype == DSA) { + if (bits < 256) { + fprintf(stderr, "puttygen: cannot generate %s keys shorter than" + " 256 bits\n", (keytype == DSA ? "DSA" : "RSA")); + errs = TRUE; + } else if (bits < DEFAULT_RSADSA_BITS) { + fprintf(stderr, "puttygen: warning: %s keys shorter than" + " %d bits are probably not secure\n", + (keytype == DSA ? "DSA" : "RSA"), DEFAULT_RSADSA_BITS); + /* but this is just a warning, so proceed anyway */ + } + } + if (errs) return 1; @@ -677,7 +704,7 @@ int main(int argc, char **argv) strftime(default_comment, 30, "rsa-key-%Y%m%d", &tm); random_ref(); - entropy = get_random_data(bits / 8); + entropy = get_random_data(bits / 8, random_device); if (!entropy) { fprintf(stderr, "puttygen: failed to collect entropy, " "could not generate key\n"); @@ -1180,7 +1207,7 @@ char *cleanup_fp(char *s) s += strspn(s, " \n\t"); s += strcspn(s, " \n\t"); - return dupprintf("%.*s", s - p, p); + return dupprintf("%.*s", (int)(s - p), p); } char *get_fp(char *filename)