- (djm) Merge OpenBSD changes:

- markus@cvs.openbsd.org 2000/11/06 16:04:56 [channels.c channels.h clientloop.c nchan.c serverloop.c] [session.c ssh.c] agent forwarding and -R for ssh2, based on work from jhuuskon@messi.uku.fi - markus@cvs.openbsd.org 2000/11/06 16:13:27 [ssh.c sshconnect.c sshd.c] do not disabled rhosts(rsa) if server port > 1024; from pekkas@netcore.fi - markus@cvs.openbsd.org 2000/11/06 16:16:35 [sshconnect.c] downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net - markus@cvs.openbsd.org 2000/11/09 18:04:40 [auth1.c] typo; from mouring@pconline.com - markus@cvs.openbsd.org 2000/11/12 12:03:28 [ssh-agent.c] off-by-one when removing a key from the agent - markus@cvs.openbsd.org 2000/11/12 12:50:39 [auth-rh-rsa.c auth2.c authfd.c authfd.h] [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h] [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. - (djm) Fix up Makefile and Redhat init script to create RSA host keys - (djm) Change to interim version
author: Damien Miller <djm@mindrot.org> 2000-11-13 22:57:25 +1100
committer: Damien Miller <djm@mindrot.org> 2000-11-13 22:57:25 +1100
commit: 0bc1bd814e3c2b5e92d6f595930051960d17f47f (patch)
tree: 176c7dc2844ecc2c1de0f72d221449556ffa5209 /ssh-keygen.c
parent: 559d383037b0872fcde4e6c40188b649c574be74 (diff)
1 files changed, 58 insertions, 57 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index e050f4051..76edc5301 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.32 2000/10/09 21:30:44 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.33 2000/11/12 19:50:38 markus Exp $");
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -23,7 +23,6 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.32 2000/10/09 21:30:44 markus Exp $");
 #include "xmalloc.h"
 #include "key.h"
 #include "rsa.h"
-#include "dsa.h"
 #include "authfile.h"
 #include "uuencode.h"
@@ -67,7 +66,10 @@ char *identity_comment = NULL;
 int convert_to_ssh2 = 0;
 int convert_from_ssh2 = 0;
 int print_public = 0;
-int dsa_mode = 0;
+/* key type */
+int dsa_mode = 0;               /* compat */
+char *key_type_name = NULL;
 /* argv0 */
 #ifdef HAVE___PROGNAME
@@ -130,12 +132,12 @@ do_convert_to_ssh2(struct passwd *pw)
                perror(identity_file);
                exit(1);
        }
-        k = key_new(KEY_DSA);
+        k = key_new(KEY_UNSPEC);
        if (!try_load_key(identity_file, k)) {
                fprintf(stderr, "load failed\n");
                exit(1);
        }
-        dsa_make_key_blob(k, &blob, &len);
+        key_to_blob(k, &blob, &len);
        fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
        fprintf(stdout,
            "Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n",
@@ -266,7 +268,7 @@ do_convert_from_ssh2(struct passwd *pw)
        }
        k = private ?
            do_convert_private_ssh2_from_blob(blob, blen) :
-            dsa_key_from_blob(blob, blen);
+            key_from_blob(blob, blen);
        if (k == NULL) {
                fprintf(stderr, "decode blob failed.\n");
                exit(1);
@@ -288,8 +290,6 @@ void
 do_print_public(struct passwd *pw)
 {
        Key *k;
-        int len;
-        unsigned char *blob;
        struct stat st;
        if (!have_identity)
@@ -298,16 +298,14 @@ do_print_public(struct passwd *pw)
                perror(identity_file);
                exit(1);
        }
-        k = key_new(KEY_DSA);
+        k = key_new(KEY_UNSPEC);
        if (!try_load_key(identity_file, k)) {
                fprintf(stderr, "load failed\n");
                exit(1);
        }
-        dsa_make_key_blob(k, &blob, &len);
        if (!key_write(k, stdout))
                fprintf(stderr, "key_write failed");
        key_free(k);
-        xfree(blob);
        fprintf(stdout, "\n");
        exit(0);
 }
@@ -315,12 +313,11 @@ do_print_public(struct passwd *pw)
 void
 do_fingerprint(struct passwd *pw)
 {
-        /* XXX RSA1 only */
        FILE *f;
        Key *public;
        char *comment = NULL, *cp, *ep, line[16*1024];
-        int i, skip = 0, num = 1, invalid = 1;
+        int i, skip = 0, num = 1, invalid = 1, success = 0;
        unsigned int ignore;
        struct stat st;
@@ -330,14 +327,27 @@ do_fingerprint(struct passwd *pw)
                perror(identity_file);
                exit(1);
        }
-        public = key_new(KEY_RSA);
+        public = key_new(KEY_RSA1);
        if (load_public_key(identity_file, public, &comment)) {
-                printf("%d %s %s\n", BN_num_bits(public->rsa->n),
+                success = 1;
-                    key_fingerprint(public), comment);
+        } else {
+                key_free(public);
+                public = key_new(KEY_UNSPEC);
+                if (try_load_public_key(identity_file, public, &comment))
+                        success = 1;
+                else
+                        error("try_load_public_key KEY_UNSPEC failed");
+        }
+        if (success) {
+                printf("%d %s %s\n", key_size(public), key_fingerprint(public), comment);
                key_free(public);
+                xfree(comment);
                exit(0);
        }
+        /* XXX RSA1 only */
+        public = key_new(KEY_RSA1);
        f = fopen(identity_file, "r");
        if (f != NULL) {
                while (fgets(line, sizeof(line), f)) {
@@ -404,7 +414,7 @@ do_change_passphrase(struct passwd *pw)
        struct stat st;
        Key *private;
        Key *public;
-        int type = dsa_mode ? KEY_DSA : KEY_RSA;
+        int type = KEY_RSA1;
        if (!have_identity)
                ask_filename(pw, "Enter file in which the key is");
@@ -412,18 +422,13 @@ do_change_passphrase(struct passwd *pw)
                perror(identity_file);
                exit(1);
        }
+        public = key_new(type);
-        if (type == KEY_RSA) {
+        if (!load_public_key(identity_file, public, NULL)) {
-                /* XXX this works currently only for RSA */
+                type = KEY_UNSPEC;
-                public = key_new(type);
+        } else {
-                if (!load_public_key(identity_file, public, NULL)) {
-                        printf("%s is not a valid key file.\n", identity_file);
-                        exit(1);
-                }
                /* Clear the public key since we are just about to load the whole file. */
                key_free(public);
        }
        /* Try to load the file with empty passphrase. */
        private = key_new(type);
        if (!load_private_key(identity_file, "", private, &comment)) {
@@ -508,13 +513,13 @@ do_change_comment(struct passwd *pw)
         * Try to load the public key from the file the verify that it is
         * readable and of the proper format.
         */
-        public = key_new(KEY_RSA);
+        public = key_new(KEY_RSA1);
        if (!load_public_key(identity_file, public, NULL)) {
                printf("%s is not a valid key file.\n", identity_file);
                exit(1);
        }
-        private = key_new(KEY_RSA);
+        private = key_new(KEY_RSA1);
        if (load_private_key(identity_file, "", private, &comment))
                passphrase = xstrdup("");
        else {
@@ -583,7 +588,7 @@ do_change_comment(struct passwd *pw)
 void
 usage(void)
 {
-        printf("Usage: %s [-lpqxXydc] [-b bits] [-f file] [-C comment] [-N new-pass] [-P pass]\n", __progname);
+        printf("Usage: %s [-lpqxXyc] [-t type] [-b bits] [-f file] [-C comment] [-N new-pass] [-P pass]\n", __progname);
        exit(1);
 }
@@ -598,8 +603,10 @@ main(int ac, char **av)
        int opt;
        struct stat st;
        FILE *f;
+        int type = KEY_RSA1;
        Key *private;
        Key *public;
        extern int optind;
        extern char *optarg;
@@ -618,7 +625,7 @@ main(int ac, char **av)
                exit(1);
        }
-        while ((opt = getopt(ac, av, "dqpclRxXyb:f:P:N:C:")) != EOF) {
+        while ((opt = getopt(ac, av, "dqpclRxXyb:f:t:P:N:C:")) != EOF) {
                switch (opt) {
                case 'b':
                        bits = atoi(optarg);
@@ -662,10 +669,8 @@ main(int ac, char **av)
                        break;
                case 'R':
-                        if (rsa_alive() == 0)
+                        /* unused */
-                                exit(1);
+                        exit(0);
-                        else
-                                exit(0);
                        break;
                case 'x':
@@ -681,9 +686,15 @@ main(int ac, char **av)
                        break;
                case 'd':
+                        key_type_name = "dsa";
                        dsa_mode = 1;
                        break;
+                case 't':
+                        key_type_name = optarg;
+                        dsa_mode = (strcmp(optarg, "dsa") == 0);
+                        break;
                case '?':
                default:
                        usage();
@@ -697,13 +708,6 @@ main(int ac, char **av)
                printf("Can only have one of -p and -c.\n");
                usage();
        }
-        /* check if RSA support is needed and exists */
-        if (dsa_mode == 0 && rsa_alive() == 0) {
-                fprintf(stderr,
-                        "%s: no RSA support in libssl and libcrypto.  See ssl(8).\n",
-                        __progname);
-                exit(1);
-        }
        if (print_fingerprint)
                do_fingerprint(pw);
        if (change_passphrase)
@@ -719,22 +723,21 @@ main(int ac, char **av)
        arc4random_stir();
-        if (dsa_mode != 0) {
+        if (key_type_name != NULL) {
-                if (!quiet)
+                type = key_type_from_name(key_type_name);
-                        printf("Generating DSA parameter and key.\n");
+                if (type == KEY_UNSPEC) {
-                public = private = dsa_generate_key(bits);
+                        fprintf(stderr, "unknown key type %s", key_type_name);
-                if (private == NULL) {
-                        fprintf(stderr, "dsa_generate_keys failed");
                        exit(1);
                }
-        } else {
-                if (quiet)
-                        rsa_set_verbose(0);
-                /* Generate the rsa key pair. */
-                public = key_new(KEY_RSA);
-                private = key_new(KEY_RSA);
-                rsa_generate_key(private->rsa, public->rsa, bits);
        }
+        if (!quiet)
+                printf("Generating public/private key pair.\n");
+        private = key_generate(type, bits);
+        if (private == NULL) {
+                fprintf(stderr, "key_generate failed");
+                exit(1);
+        }
+        public  = key_from_private(private);
        if (!have_identity)
                ask_filename(pw, "Enter file in which to save the key");
@@ -803,9 +806,7 @@ passphrase_again:
        xfree(passphrase1);
        /* Clear the private key and the random number generator. */
-        if (private != public) {
+        key_free(private);
-                key_free(private);
-        }
        arc4random_stir();
        if (!quiet)
author	Damien Miller <djm@mindrot.org>	2000-11-13 22:57:25 +1100
committer	Damien Miller <djm@mindrot.org>	2000-11-13 22:57:25 +1100
commit	0bc1bd814e3c2b5e92d6f595930051960d17f47f (patch)
tree	176c7dc2844ecc2c1de0f72d221449556ffa5209 /ssh-keygen.c
parent	559d383037b0872fcde4e6c40188b649c574be74 (diff)

diff --git a/ssh-keygen.c b/ssh-keygen.c index e050f4051..76edc5301 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
12	*/	12	*/
13		13
14	#include "includes.h"	14	#include "includes.h"
15	RCSID("$OpenBSD: ssh-keygen.c,v 1.32 2000/10/09 21:30:44 markus Exp $");	15	RCSID("$OpenBSD: ssh-keygen.c,v 1.33 2000/11/12 19:50:38 markus Exp $");
16		16
17	#include <openssl/evp.h>	17	#include <openssl/evp.h>
18	#include <openssl/pem.h>	18	#include <openssl/pem.h>
@@ -23,7 +23,6 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.32 2000/10/09 21:30:44 markus Exp $");
23	#include "xmalloc.h"	23	#include "xmalloc.h"
24	#include "key.h"	24	#include "key.h"
25	#include "rsa.h"	25	#include "rsa.h"
26	#include "dsa.h"
27	#include "authfile.h"	26	#include "authfile.h"
28	#include "uuencode.h"	27	#include "uuencode.h"
29		28
@@ -67,7 +66,10 @@ char *identity_comment = NULL;
67	int convert_to_ssh2 = 0;	66	int convert_to_ssh2 = 0;
68	int convert_from_ssh2 = 0;	67	int convert_from_ssh2 = 0;
69	int print_public = 0;	68	int print_public = 0;
70	int dsa_mode = 0;	69
		70	/* key type */
		71	int dsa_mode = 0; /* compat */
		72	char *key_type_name = NULL;
71		73
72	/* argv0 */	74	/* argv0 */
73	#ifdef HAVE___PROGNAME	75	#ifdef HAVE___PROGNAME
@@ -130,12 +132,12 @@ do_convert_to_ssh2(struct passwd *pw)
130	perror(identity_file);	132	perror(identity_file);
131	exit(1);	133	exit(1);
132	}	134	}
133	k = key_new(KEY_DSA);	135	k = key_new(KEY_UNSPEC);
134	if (!try_load_key(identity_file, k)) {	136	if (!try_load_key(identity_file, k)) {
135	fprintf(stderr, "load failed\n");	137	fprintf(stderr, "load failed\n");
136	exit(1);	138	exit(1);
137	}	139	}
138	dsa_make_key_blob(k, &blob, &len);	140	key_to_blob(k, &blob, &len);
139	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);	141	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
140	fprintf(stdout,	142	fprintf(stdout,
141	"Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n",	143	"Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n",
@@ -266,7 +268,7 @@ do_convert_from_ssh2(struct passwd *pw)
266	}	268	}
267	k = private ?	269	k = private ?
268	do_convert_private_ssh2_from_blob(blob, blen) :	270	do_convert_private_ssh2_from_blob(blob, blen) :
269	dsa_key_from_blob(blob, blen);	271	key_from_blob(blob, blen);
270	if (k == NULL) {	272	if (k == NULL) {
271	fprintf(stderr, "decode blob failed.\n");	273	fprintf(stderr, "decode blob failed.\n");
272	exit(1);	274	exit(1);
@@ -288,8 +290,6 @@ void
288	do_print_public(struct passwd *pw)	290	do_print_public(struct passwd *pw)
289	{	291	{
290	Key *k;	292	Key *k;
291	int len;
292	unsigned char *blob;
293	struct stat st;	293	struct stat st;
294		294
295	if (!have_identity)	295	if (!have_identity)
@@ -298,16 +298,14 @@ do_print_public(struct passwd *pw)
298	perror(identity_file);	298	perror(identity_file);
299	exit(1);	299	exit(1);
300	}	300	}
301	k = key_new(KEY_DSA);	301	k = key_new(KEY_UNSPEC);
302	if (!try_load_key(identity_file, k)) {	302	if (!try_load_key(identity_file, k)) {
303	fprintf(stderr, "load failed\n");	303	fprintf(stderr, "load failed\n");
304	exit(1);	304	exit(1);
305	}	305	}
306	dsa_make_key_blob(k, &blob, &len);
307	if (!key_write(k, stdout))	306	if (!key_write(k, stdout))
308	fprintf(stderr, "key_write failed");	307	fprintf(stderr, "key_write failed");
309	key_free(k);	308	key_free(k);
310	xfree(blob);
311	fprintf(stdout, "\n");	309	fprintf(stdout, "\n");
312	exit(0);	310	exit(0);
313	}	311	}
@@ -315,12 +313,11 @@ do_print_public(struct passwd *pw)
315	void	313	void
316	do_fingerprint(struct passwd *pw)	314	do_fingerprint(struct passwd *pw)
317	{	315	{
318	/* XXX RSA1 only */
319		316
320	FILE *f;	317	FILE *f;
321	Key *public;	318	Key *public;
322	char comment = NULL, cp, ep, line[161024];	319	char comment = NULL, cp, ep, line[161024];
323	int i, skip = 0, num = 1, invalid = 1;	320	int i, skip = 0, num = 1, invalid = 1, success = 0;
324	unsigned int ignore;	321	unsigned int ignore;
325	struct stat st;	322	struct stat st;
326		323
@@ -330,14 +327,27 @@ do_fingerprint(struct passwd *pw)
330	perror(identity_file);	327	perror(identity_file);
331	exit(1);	328	exit(1);
332	}	329	}
333	public = key_new(KEY_RSA);	330	public = key_new(KEY_RSA1);
334	if (load_public_key(identity_file, public, &comment)) {	331	if (load_public_key(identity_file, public, &comment)) {
335	printf("%d %s %s\n", BN_num_bits(public->rsa->n),	332	success = 1;
336	key_fingerprint(public), comment);	333	} else {
		334	key_free(public);
		335	public = key_new(KEY_UNSPEC);
		336	if (try_load_public_key(identity_file, public, &comment))
		337	success = 1;
		338	else
		339	error("try_load_public_key KEY_UNSPEC failed");
		340	}
		341	if (success) {
		342	printf("%d %s %s\n", key_size(public), key_fingerprint(public), comment);
337	key_free(public);	343	key_free(public);
		344	xfree(comment);
338	exit(0);	345	exit(0);
339	}	346	}
340		347
		348	/* XXX RSA1 only */
		349
		350	public = key_new(KEY_RSA1);
341	f = fopen(identity_file, "r");	351	f = fopen(identity_file, "r");
342	if (f != NULL) {	352	if (f != NULL) {
343	while (fgets(line, sizeof(line), f)) {	353	while (fgets(line, sizeof(line), f)) {
@@ -404,7 +414,7 @@ do_change_passphrase(struct passwd *pw)
404	struct stat st;	414	struct stat st;
405	Key *private;	415	Key *private;
406	Key *public;	416	Key *public;
407	int type = dsa_mode ? KEY_DSA : KEY_RSA;	417	int type = KEY_RSA1;
408		418
409	if (!have_identity)	419	if (!have_identity)
410	ask_filename(pw, "Enter file in which the key is");	420	ask_filename(pw, "Enter file in which the key is");
@@ -412,18 +422,13 @@ do_change_passphrase(struct passwd *pw)
412	perror(identity_file);	422	perror(identity_file);
413	exit(1);	423	exit(1);
414	}	424	}
415		425	public = key_new(type);
416	if (type == KEY_RSA) {	426	if (!load_public_key(identity_file, public, NULL)) {
417	/* XXX this works currently only for RSA */	427	type = KEY_UNSPEC;
418	public = key_new(type);	428	} else {
419	if (!load_public_key(identity_file, public, NULL)) {
420	printf("%s is not a valid key file.\n", identity_file);
421	exit(1);
422	}
423	/* Clear the public key since we are just about to load the whole file. */	429	/* Clear the public key since we are just about to load the whole file. */
424	key_free(public);	430	key_free(public);
425	}	431	}
426
427	/* Try to load the file with empty passphrase. */	432	/* Try to load the file with empty passphrase. */
428	private = key_new(type);	433	private = key_new(type);
429	if (!load_private_key(identity_file, "", private, &comment)) {	434	if (!load_private_key(identity_file, "", private, &comment)) {
@@ -508,13 +513,13 @@ do_change_comment(struct passwd *pw)
508	* Try to load the public key from the file the verify that it is	513	* Try to load the public key from the file the verify that it is
509	* readable and of the proper format.	514	* readable and of the proper format.
510	*/	515	*/
511	public = key_new(KEY_RSA);	516	public = key_new(KEY_RSA1);
512	if (!load_public_key(identity_file, public, NULL)) {	517	if (!load_public_key(identity_file, public, NULL)) {
513	printf("%s is not a valid key file.\n", identity_file);	518	printf("%s is not a valid key file.\n", identity_file);
514	exit(1);	519	exit(1);
515	}	520	}
516		521
517	private = key_new(KEY_RSA);	522	private = key_new(KEY_RSA1);
518	if (load_private_key(identity_file, "", private, &comment))	523	if (load_private_key(identity_file, "", private, &comment))
519	passphrase = xstrdup("");	524	passphrase = xstrdup("");
520	else {	525	else {
@@ -583,7 +588,7 @@ do_change_comment(struct passwd *pw)
583	void	588	void
584	usage(void)	589	usage(void)
585	{	590	{
586	printf("Usage: %s [-lpqxXydc] [-b bits] [-f file] [-C comment] [-N new-pass] [-P pass]\n", __progname);	591	printf("Usage: %s [-lpqxXyc] [-t type] [-b bits] [-f file] [-C comment] [-N new-pass] [-P pass]\n", __progname);
587	exit(1);	592	exit(1);
588	}	593	}
589		594
@@ -598,8 +603,10 @@ main(int ac, char **av)
598	int opt;	603	int opt;
599	struct stat st;	604	struct stat st;
600	FILE *f;	605	FILE *f;
		606	int type = KEY_RSA1;
601	Key *private;	607	Key *private;
602	Key *public;	608	Key *public;
		609
603	extern int optind;	610	extern int optind;
604	extern char *optarg;	611	extern char *optarg;
605		612
@@ -618,7 +625,7 @@ main(int ac, char **av)
618	exit(1);	625	exit(1);
619	}	626	}
620		627
621	while ((opt = getopt(ac, av, "dqpclRxXyb:f:P:N:C:")) != EOF) {	628	while ((opt = getopt(ac, av, "dqpclRxXyb:f:t:P:N:C:")) != EOF) {
622	switch (opt) {	629	switch (opt) {
623	case 'b':	630	case 'b':
624	bits = atoi(optarg);	631	bits = atoi(optarg);
@@ -662,10 +669,8 @@ main(int ac, char **av)
662	break;	669	break;
663		670
664	case 'R':	671	case 'R':
665	if (rsa_alive() == 0)	672	/* unused */
666	exit(1);	673	exit(0);
667	else
668	exit(0);
669	break;	674	break;
670		675
671	case 'x':	676	case 'x':
@@ -681,9 +686,15 @@ main(int ac, char **av)
681	break;	686	break;
682		687
683	case 'd':	688	case 'd':
		689	key_type_name = "dsa";
684	dsa_mode = 1;	690	dsa_mode = 1;
685	break;	691	break;
686		692
		693	case 't':
		694	key_type_name = optarg;
		695	dsa_mode = (strcmp(optarg, "dsa") == 0);
		696	break;
		697
687	case '?':	698	case '?':
688	default:	699	default:
689	usage();	700	usage();
@@ -697,13 +708,6 @@ main(int ac, char **av)
697	printf("Can only have one of -p and -c.\n");	708	printf("Can only have one of -p and -c.\n");
698	usage();	709	usage();
699	}	710	}
700	/* check if RSA support is needed and exists */
701	if (dsa_mode == 0 && rsa_alive() == 0) {
702	fprintf(stderr,
703	"%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
704	__progname);
705	exit(1);
706	}
707	if (print_fingerprint)	711	if (print_fingerprint)
708	do_fingerprint(pw);	712	do_fingerprint(pw);
709	if (change_passphrase)	713	if (change_passphrase)
@@ -719,22 +723,21 @@ main(int ac, char **av)
719		723
720	arc4random_stir();	724	arc4random_stir();
721		725
722	if (dsa_mode != 0) {	726	if (key_type_name != NULL) {
723	if (!quiet)	727	type = key_type_from_name(key_type_name);
724	printf("Generating DSA parameter and key.\n");	728	if (type == KEY_UNSPEC) {
725	public = private = dsa_generate_key(bits);	729	fprintf(stderr, "unknown key type %s", key_type_name);
726	if (private == NULL) {
727	fprintf(stderr, "dsa_generate_keys failed");
728	exit(1);	730	exit(1);
729	}	731	}
730	} else {
731	if (quiet)
732	rsa_set_verbose(0);
733	/* Generate the rsa key pair. */
734	public = key_new(KEY_RSA);
735	private = key_new(KEY_RSA);
736	rsa_generate_key(private->rsa, public->rsa, bits);
737	}	732	}
		733	if (!quiet)
		734	printf("Generating public/private key pair.\n");
		735	private = key_generate(type, bits);
		736	if (private == NULL) {
		737	fprintf(stderr, "key_generate failed");
		738	exit(1);
		739	}
		740	public = key_from_private(private);
738		741
739	if (!have_identity)	742	if (!have_identity)
740	ask_filename(pw, "Enter file in which to save the key");	743	ask_filename(pw, "Enter file in which to save the key");
@@ -803,9 +806,7 @@ passphrase_again:
803	xfree(passphrase1);	806	xfree(passphrase1);
804		807
805	/* Clear the private key and the random number generator. */	808	/* Clear the private key and the random number generator. */
806	if (private != public) {	809	key_free(private);
807	key_free(private);
808	}
809	arc4random_stir();	810	arc4random_stir();
810		811
811	if (!quiet)	812	if (!quiet)