X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=cmdgen.c;h=f1cf977086512d82a516b9868756475feb0bd1ef;hb=51732faeb913527f3373e3c77bf66ca414e5bab6;hp=4e83336c9f496e6c6dc6dfee80a457c52c5b5f01;hpb=435b29da88d14be9ea66d44c6d47268c5f3c3e9e;p=PuTTY.git diff --git a/cmdgen.c b/cmdgen.c index 4e83336c..f1cf9770 100644 --- a/cmdgen.c +++ b/cmdgen.c @@ -19,7 +19,7 @@ #ifdef TEST_CMDGEN /* * This section overrides some definitions below for test purposes. - * When compiled with -DTEST_CMDGEN: + * When compiled with -DTEST_CMDGEN (as cgtest.c will do): * * - Calls to get_random_data() are replaced with the diagnostic * function below (I #define the name so that I can still link @@ -52,8 +52,7 @@ int console_get_userpass_input(prompts_t *p, unsigned char *in, int inlen) int ret = 1; for (i = 0; i < p->n_prompts; i++) { if (promptsgot < nprompts) { - assert(strlen(prompts[promptsgot]) < p->prompts[i]->result_len); - strcpy(p->prompts[i]->result, prompts[promptsgot++]); + p->prompts[i]->result = dupstr(prompts[promptsgot++]); } else { promptsgot++; /* track number of requests anyway */ ret = 0; @@ -130,12 +129,14 @@ void sk_cleanup(void) void showversion(void) { - printf("puttygen: %s\n", ver); + char *buildinfo_text = buildinfo("\n"); + printf("puttygen: %s\n%s\n", ver, buildinfo_text); + sfree(buildinfo_text); } void usage(int standalone) { - fprintf(stderr, + fprintf(standalone ? stderr : stdout, "Usage: puttygen ( keyfile | -t type [ -b bits ] )\n" " [ -C comment ] [ -P ] [ -q ]\n" " [ -o output-keyfile ] [ -O type | -l | -L" @@ -151,35 +152,35 @@ void help(void) * Help message is an extended version of the usage message. So * start with that, plus a version heading. */ - showversion(); + printf("PuTTYgen: key generator and converter for the PuTTY tools\n" + "%s\n", ver); usage(FALSE); - fprintf(stderr, - " -t specify key type when generating (ed25519, ecdsa, rsa, " + printf(" -t specify key type when generating (ed25519, ecdsa, rsa, " "dsa, rsa1)\n" - " -b specify number of bits when generating key\n" - " -C change or specify key comment\n" - " -P change key passphrase\n" - " -q quiet: do not display progress bar\n" - " -O specify output type:\n" - " private output PuTTY private key format\n" - " private-openssh export OpenSSH private key\n" - " private-openssh-new export OpenSSH private key " - "(force new file format)\n" - " private-sshcom export ssh.com private key\n" - " public RFC 4716 / ssh.com public key\n" - " public-openssh OpenSSH public key\n" - " fingerprint output the key fingerprint\n" - " -o specify output file\n" - " -l equivalent to `-O fingerprint'\n" - " -L equivalent to `-O public-openssh'\n" - " -p equivalent to `-O public'\n" - " --old-passphrase file\n" - " specify file containing old key passphrase\n" - " --new-passphrase file\n" - " specify file containing new key passphrase\n" - " --random-device device\n" - " specify device to read entropy from (e.g. /dev/urandom)\n" - ); + " -b specify number of bits when generating key\n" + " -C change or specify key comment\n" + " -P change key passphrase\n" + " -q quiet: do not display progress bar\n" + " -O specify output type:\n" + " private output PuTTY private key format\n" + " private-openssh export OpenSSH private key\n" + " private-openssh-new export OpenSSH private key " + "(force new format)\n" + " private-sshcom export ssh.com private key\n" + " public RFC 4716 / ssh.com public key\n" + " public-openssh OpenSSH public key\n" + " fingerprint output the key fingerprint\n" + " -o specify output file\n" + " -l equivalent to `-O fingerprint'\n" + " -L equivalent to `-O public-openssh'\n" + " -p equivalent to `-O public'\n" + " --old-passphrase file\n" + " specify file containing old key passphrase\n" + " --new-passphrase file\n" + " specify file containing new key passphrase\n" + " --random-device device\n" + " specify device to read entropy from (e.g. /dev/urandom)\n" + ); } static int move(char *from, char *to) @@ -224,6 +225,8 @@ static char *readpassphrase(const char *filename) return line; } +#define DEFAULT_RSADSA_BITS 2048 + int main(int argc, char **argv) { char *infile = NULL; @@ -501,7 +504,7 @@ int main(int argc, char **argv) bits = 256; break; default: - bits = 2048; + bits = DEFAULT_RSADSA_BITS; break; } } @@ -516,6 +519,19 @@ int main(int argc, char **argv) errs = TRUE; } + if (keytype == RSA2 || keytype == RSA1 || keytype == DSA) { + if (bits < 256) { + fprintf(stderr, "puttygen: cannot generate %s keys shorter than" + " 256 bits\n", (keytype == DSA ? "DSA" : "RSA")); + errs = TRUE; + } else if (bits < DEFAULT_RSADSA_BITS) { + fprintf(stderr, "puttygen: warning: %s keys shorter than" + " %d bits are probably not secure\n", + (keytype == DSA ? "DSA" : "RSA"), DEFAULT_RSADSA_BITS); + /* but this is just a warning, so proceed anyway */ + } + } + if (errs) return 1; @@ -1146,6 +1162,8 @@ void test(int retval, ...) } else { passes++; } + + sfree(argv); } void filecmp(char *file1, char *file2, char *fmt, ...) @@ -1193,7 +1211,7 @@ char *cleanup_fp(char *s) s += strspn(s, " \n\t"); s += strcspn(s, " \n\t"); - return dupprintf("%.*s", s - p, p); + return dupprintf("%.*s", (int)(s - p), p); } char *get_fp(char *filename)