summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ssh-keygen.c247
1 files changed, 94 insertions, 153 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 0518638e0..d3c412283 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.268 2015/03/31 11:06:49 tobias Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.269 2015/04/17 13:19:22 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -187,10 +187,8 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp)
187 int nid; 187 int nid;
188#endif 188#endif
189 189
190 if (type == KEY_UNSPEC) { 190 if (type == KEY_UNSPEC)
191 fprintf(stderr, "unknown key type %s\n", key_type_name); 191 fatal("unknown key type %s", key_type_name);
192 exit(1);
193 }
194 if (*bitsp == 0) { 192 if (*bitsp == 0) {
195#ifdef WITH_OPENSSL 193#ifdef WITH_OPENSSL
196 if (type == KEY_DSA) 194 if (type == KEY_DSA)
@@ -208,10 +206,8 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp)
208#ifdef WITH_OPENSSL 206#ifdef WITH_OPENSSL
209 maxbits = (type == KEY_DSA) ? 207 maxbits = (type == KEY_DSA) ?
210 OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; 208 OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
211 if (*bitsp > maxbits) { 209 if (*bitsp > maxbits)
212 fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); 210 fatal("key bits exceeds maximum %d", maxbits);
213 exit(1);
214 }
215 if (type == KEY_DSA && *bitsp != 1024) 211 if (type == KEY_DSA && *bitsp != 1024)
216 fatal("DSA keys must be 1024 bits"); 212 fatal("DSA keys must be 1024 bits");
217 else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) 213 else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)
@@ -256,13 +252,13 @@ ask_filename(struct passwd *pw, const char *prompt)
256 name = _PATH_SSH_CLIENT_ID_ED25519; 252 name = _PATH_SSH_CLIENT_ID_ED25519;
257 break; 253 break;
258 default: 254 default:
259 fprintf(stderr, "bad key type\n"); 255 fatal("bad key type");
260 exit(1);
261 break;
262 } 256 }
263 } 257 }
264 snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name); 258 snprintf(identity_file, sizeof(identity_file),
265 fprintf(stderr, "%s (%s): ", prompt, identity_file); 259 "%s/%s", pw->pw_dir, name);
260 printf("%s (%s): ", prompt, identity_file);
261 fflush(stdout);
266 if (fgets(buf, sizeof(buf), stdin) == NULL) 262 if (fgets(buf, sizeof(buf), stdin) == NULL)
267 exit(1); 263 exit(1);
268 buf[strcspn(buf, "\n")] = '\0'; 264 buf[strcspn(buf, "\n")] = '\0';
@@ -308,14 +304,10 @@ do_convert_to_ssh2(struct passwd *pw, struct sshkey *k)
308 char comment[61]; 304 char comment[61];
309 int r; 305 int r;
310 306
311 if (k->type == KEY_RSA1) { 307 if (k->type == KEY_RSA1)
312 fprintf(stderr, "version 1 keys are not supported\n"); 308 fatal("version 1 keys are not supported");
313 exit(1); 309 if ((r = sshkey_to_blob(k, &blob, &len)) != 0)
314 } 310 fatal("key_to_blob failed: %s", ssh_err(r));
315 if ((r = sshkey_to_blob(k, &blob, &len)) != 0) {
316 fprintf(stderr, "key_to_blob failed: %s\n", ssh_err(r));
317 exit(1);
318 }
319 /* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ 311 /* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
320 snprintf(comment, sizeof(comment), 312 snprintf(comment, sizeof(comment),
321 "%u-bit %s, converted by %s@%s from OpenSSH", 313 "%u-bit %s, converted by %s@%s from OpenSSH",
@@ -544,17 +536,13 @@ get_line(FILE *fp, char *line, size_t len)
544 536
545 line[0] = '\0'; 537 line[0] = '\0';
546 while ((c = fgetc(fp)) != EOF) { 538 while ((c = fgetc(fp)) != EOF) {
547 if (pos >= len - 1) { 539 if (pos >= len - 1)
548 fprintf(stderr, "input line too long.\n"); 540 fatal("input line too long.");
549 exit(1);
550 }
551 switch (c) { 541 switch (c) {
552 case '\r': 542 case '\r':
553 c = fgetc(fp); 543 c = fgetc(fp);
554 if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) { 544 if (c != EOF && c != '\n' && ungetc(c, fp) == EOF)
555 fprintf(stderr, "unget: %s\n", strerror(errno)); 545 fatal("unget: %s", strerror(errno));
556 exit(1);
557 }
558 return pos; 546 return pos;
559 case '\n': 547 case '\n':
560 return pos; 548 return pos;
@@ -606,16 +594,12 @@ do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private)
606 (encoded[len-3] == '=')) 594 (encoded[len-3] == '='))
607 encoded[len-3] = '\0'; 595 encoded[len-3] = '\0';
608 blen = uudecode(encoded, blob, sizeof(blob)); 596 blen = uudecode(encoded, blob, sizeof(blob));
609 if (blen < 0) { 597 if (blen < 0)
610 fprintf(stderr, "uudecode failed.\n"); 598 fatal("uudecode failed.");
611 exit(1);
612 }
613 if (*private) 599 if (*private)
614 *k = do_convert_private_ssh2_from_blob(blob, blen); 600 *k = do_convert_private_ssh2_from_blob(blob, blen);
615 else if ((r = sshkey_from_blob(blob, blen, k)) != 0) { 601 else if ((r = sshkey_from_blob(blob, blen, k)) != 0)
616 fprintf(stderr, "decode blob failed: %s\n", ssh_err(r)); 602 fatal("decode blob failed: %s", ssh_err(r));
617 exit(1);
618 }
619 fclose(fp); 603 fclose(fp);
620} 604}
621 605
@@ -749,10 +733,8 @@ do_convert_from(struct passwd *pw)
749 } 733 }
750 } 734 }
751 735
752 if (!ok) { 736 if (!ok)
753 fprintf(stderr, "key write failed\n"); 737 fatal("key write failed");
754 exit(1);
755 }
756 sshkey_free(k); 738 sshkey_free(k);
757 exit(0); 739 exit(0);
758} 740}
@@ -767,13 +749,11 @@ do_print_public(struct passwd *pw)
767 749
768 if (!have_identity) 750 if (!have_identity)
769 ask_filename(pw, "Enter file in which the key is"); 751 ask_filename(pw, "Enter file in which the key is");
770 if (stat(identity_file, &st) < 0) { 752 if (stat(identity_file, &st) < 0)
771 perror(identity_file); 753 fatal("%s: %s", identity_file, strerror(errno));
772 exit(1);
773 }
774 prv = load_identity(identity_file); 754 prv = load_identity(identity_file);
775 if ((r = sshkey_write(prv, stdout)) != 0) 755 if ((r = sshkey_write(prv, stdout)) != 0)
776 fprintf(stderr, "key_write failed: %s", ssh_err(r)); 756 error("key_write failed: %s", ssh_err(r));
777 sshkey_free(prv); 757 sshkey_free(prv);
778 fprintf(stdout, "\n"); 758 fprintf(stdout, "\n");
779 exit(0); 759 exit(0);
@@ -838,10 +818,8 @@ do_fingerprint(struct passwd *pw)
838 rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; 818 rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
839 if (!have_identity) 819 if (!have_identity)
840 ask_filename(pw, "Enter file in which the key is"); 820 ask_filename(pw, "Enter file in which the key is");
841 if (stat(identity_file, &st) < 0) { 821 if (stat(identity_file, &st) < 0)
842 perror(identity_file); 822 fatal("%s: %s", identity_file, strerror(errno));
843 exit(1);
844 }
845 if ((r = sshkey_load_public(identity_file, &public, &comment)) != 0) 823 if ((r = sshkey_load_public(identity_file, &public, &comment)) != 0)
846 debug2("Error loading public key \"%s\": %s", 824 debug2("Error loading public key \"%s\": %s",
847 identity_file, ssh_err(r)); 825 identity_file, ssh_err(r));
@@ -933,10 +911,8 @@ do_fingerprint(struct passwd *pw)
933 } 911 }
934 fclose(f); 912 fclose(f);
935 913
936 if (invalid) { 914 if (invalid)
937 printf("%s is not a public key file.\n", identity_file); 915 fatal("%s is not a public key file.", identity_file);
938 exit(1);
939 }
940 exit(0); 916 exit(0);
941} 917}
942 918
@@ -973,7 +949,7 @@ do_gen_all_hostkeys(struct passwd *pw)
973 if (stat(key_types[i].path, &st) == 0) 949 if (stat(key_types[i].path, &st) == 0)
974 continue; 950 continue;
975 if (errno != ENOENT) { 951 if (errno != ENOENT) {
976 printf("Could not stat %s: %s", key_types[i].path, 952 error("Could not stat %s: %s", key_types[i].path,
977 strerror(errno)); 953 strerror(errno));
978 first = 0; 954 first = 0;
979 continue; 955 continue;
@@ -990,8 +966,7 @@ do_gen_all_hostkeys(struct passwd *pw)
990 bits = 0; 966 bits = 0;
991 type_bits_valid(type, NULL, &bits); 967 type_bits_valid(type, NULL, &bits);
992 if ((r = sshkey_generate(type, bits, &private)) != 0) { 968 if ((r = sshkey_generate(type, bits, &private)) != 0) {
993 fprintf(stderr, "key_generate failed: %s\n", 969 error("key_generate failed: %s", ssh_err(r));
994 ssh_err(r));
995 first = 0; 970 first = 0;
996 continue; 971 continue;
997 } 972 }
@@ -1001,8 +976,8 @@ do_gen_all_hostkeys(struct passwd *pw)
1001 hostname); 976 hostname);
1002 if ((r = sshkey_save_private(private, identity_file, "", 977 if ((r = sshkey_save_private(private, identity_file, "",
1003 comment, use_new_format, new_format_cipher, rounds)) != 0) { 978 comment, use_new_format, new_format_cipher, rounds)) != 0) {
1004 printf("Saving key \"%s\" failed: %s\n", identity_file, 979 error("Saving key \"%s\" failed: %s",
1005 ssh_err(r)); 980 identity_file, ssh_err(r));
1006 sshkey_free(private); 981 sshkey_free(private);
1007 sshkey_free(public); 982 sshkey_free(public);
1008 first = 0; 983 first = 0;
@@ -1012,7 +987,7 @@ do_gen_all_hostkeys(struct passwd *pw)
1012 strlcat(identity_file, ".pub", sizeof(identity_file)); 987 strlcat(identity_file, ".pub", sizeof(identity_file));
1013 fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); 988 fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
1014 if (fd == -1) { 989 if (fd == -1) {
1015 printf("Could not save your public key in %s\n", 990 error("Could not save your public key in %s",
1016 identity_file); 991 identity_file);
1017 sshkey_free(public); 992 sshkey_free(public);
1018 first = 0; 993 first = 0;
@@ -1020,14 +995,14 @@ do_gen_all_hostkeys(struct passwd *pw)
1020 } 995 }
1021 f = fdopen(fd, "w"); 996 f = fdopen(fd, "w");
1022 if (f == NULL) { 997 if (f == NULL) {
1023 printf("fdopen %s failed\n", identity_file); 998 error("fdopen %s failed", identity_file);
1024 close(fd); 999 close(fd);
1025 sshkey_free(public); 1000 sshkey_free(public);
1026 first = 0; 1001 first = 0;
1027 continue; 1002 continue;
1028 } 1003 }
1029 if ((r = sshkey_write(public, f)) != 0) { 1004 if ((r = sshkey_write(public, f)) != 0) {
1030 fprintf(stderr, "write key failed: %s\n", ssh_err(r)); 1005 error("write key failed: %s", ssh_err(r));
1031 fclose(f); 1006 fclose(f);
1032 sshkey_free(public); 1007 sshkey_free(public);
1033 first = 0; 1008 first = 0;
@@ -1068,8 +1043,8 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
1068 has_wild || l->marker != MRK_NONE) { 1043 has_wild || l->marker != MRK_NONE) {
1069 fprintf(ctx->out, "%s\n", l->line); 1044 fprintf(ctx->out, "%s\n", l->line);
1070 if (has_wild && !find_host) { 1045 if (has_wild && !find_host) {
1071 fprintf(stderr, "%s:%ld: ignoring host name " 1046 logit("%s:%ld: ignoring host name "
1072 "with wildcard: %.64s\n", l->path, 1047 "with wildcard: %.64s", l->path,
1073 l->linenum, l->hosts); 1048 l->linenum, l->hosts);
1074 } 1049 }
1075 return 0; 1050 return 0;
@@ -1090,7 +1065,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
1090 case HKF_STATUS_INVALID: 1065 case HKF_STATUS_INVALID:
1091 /* Retain invalid lines, but mark file as invalid. */ 1066 /* Retain invalid lines, but mark file as invalid. */
1092 ctx->invalid = 1; 1067 ctx->invalid = 1;
1093 fprintf(stderr, "%s:%ld: invalid line\n", l->path, l->linenum); 1068 logit("%s:%ld: invalid line", l->path, l->linenum);
1094 /* FALLTHROUGH */ 1069 /* FALLTHROUGH */
1095 default: 1070 default:
1096 fprintf(ctx->out, "%s\n", l->line); 1071 fprintf(ctx->out, "%s\n", l->line);
@@ -1140,8 +1115,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
1140 /* Retain non-matching hosts when deleting */ 1115 /* Retain non-matching hosts when deleting */
1141 if (l->status == HKF_STATUS_INVALID) { 1116 if (l->status == HKF_STATUS_INVALID) {
1142 ctx->invalid = 1; 1117 ctx->invalid = 1;
1143 fprintf(stderr, "%s:%ld: invalid line\n", 1118 logit("%s:%ld: invalid line", l->path, l->linenum);
1144 l->path, l->linenum);
1145 } 1119 }
1146 fprintf(ctx->out, "%s\n", l->line); 1120 fprintf(ctx->out, "%s\n", l->line);
1147 } 1121 }
@@ -1199,17 +1173,15 @@ do_known_hosts(struct passwd *pw, const char *name)
1199 fclose(ctx.out); 1173 fclose(ctx.out);
1200 1174
1201 if (ctx.invalid) { 1175 if (ctx.invalid) {
1202 fprintf(stderr, "%s is not a valid known_hosts file.\n", 1176 error("%s is not a valid known_hosts file.", identity_file);
1203 identity_file);
1204 if (inplace) { 1177 if (inplace) {
1205 fprintf(stderr, "Not replacing existing known_hosts " 1178 error("Not replacing existing known_hosts "
1206 "file because of errors\n"); 1179 "file because of errors");
1207 unlink(tmp); 1180 unlink(tmp);
1208 } 1181 }
1209 exit(1); 1182 exit(1);
1210 } else if (delete_host && !ctx.found_key) { 1183 } else if (delete_host && !ctx.found_key) {
1211 fprintf(stderr, "Host %s not found in %s\n", 1184 logit("Host %s not found in %s", name, identity_file);
1212 name, identity_file);
1213 unlink(tmp); 1185 unlink(tmp);
1214 } else if (inplace) { 1186 } else if (inplace) {
1215 /* Backup existing file */ 1187 /* Backup existing file */
@@ -1227,13 +1199,12 @@ do_known_hosts(struct passwd *pw, const char *name)
1227 exit(1); 1199 exit(1);
1228 } 1200 }
1229 1201
1230 fprintf(stderr, "%s updated.\n", identity_file); 1202 printf("%s updated.\n", identity_file);
1231 fprintf(stderr, "Original contents retained as %s\n", old); 1203 printf("Original contents retained as %s\n", old);
1232 if (ctx.has_unhashed) { 1204 if (ctx.has_unhashed) {
1233 fprintf(stderr, "WARNING: %s contains unhashed " 1205 logit("WARNING: %s contains unhashed entries", old);
1234 "entries\n", old); 1206 logit("Delete this file to ensure privacy "
1235 fprintf(stderr, "Delete this file to ensure privacy " 1207 "of hostnames");
1236 "of hostnames\n");
1237 } 1208 }
1238 } 1209 }
1239 1210
@@ -1255,10 +1226,8 @@ do_change_passphrase(struct passwd *pw)
1255 1226
1256 if (!have_identity) 1227 if (!have_identity)
1257 ask_filename(pw, "Enter file in which the key is"); 1228 ask_filename(pw, "Enter file in which the key is");
1258 if (stat(identity_file, &st) < 0) { 1229 if (stat(identity_file, &st) < 0)
1259 perror(identity_file); 1230 fatal("%s: %s", identity_file, strerror(errno));
1260 exit(1);
1261 }
1262 /* Try to load the file with empty passphrase. */ 1231 /* Try to load the file with empty passphrase. */
1263 r = sshkey_load_private(identity_file, "", &private, &comment); 1232 r = sshkey_load_private(identity_file, "", &private, &comment);
1264 if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) { 1233 if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) {
@@ -1276,9 +1245,7 @@ do_change_passphrase(struct passwd *pw)
1276 goto badkey; 1245 goto badkey;
1277 } else if (r != 0) { 1246 } else if (r != 0) {
1278 badkey: 1247 badkey:
1279 fprintf(stderr, "Failed to load key \"%s\": %s\n", 1248 fatal("Failed to load key %s: %s", identity_file, ssh_err(r));
1280 identity_file, ssh_err(r));
1281 exit(1);
1282 } 1249 }
1283 if (comment) 1250 if (comment)
1284 printf("Key has comment '%s'\n", comment); 1251 printf("Key has comment '%s'\n", comment);
@@ -1311,7 +1278,7 @@ do_change_passphrase(struct passwd *pw)
1311 /* Save the file using the new passphrase. */ 1278 /* Save the file using the new passphrase. */
1312 if ((r = sshkey_save_private(private, identity_file, passphrase1, 1279 if ((r = sshkey_save_private(private, identity_file, passphrase1,
1313 comment, use_new_format, new_format_cipher, rounds)) != 0) { 1280 comment, use_new_format, new_format_cipher, rounds)) != 0) {
1314 printf("Saving key \"%s\" failed: %s.\n", 1281 error("Saving key \"%s\" failed: %s.",
1315 identity_file, ssh_err(r)); 1282 identity_file, ssh_err(r));
1316 explicit_bzero(passphrase1, strlen(passphrase1)); 1283 explicit_bzero(passphrase1, strlen(passphrase1));
1317 free(passphrase1); 1284 free(passphrase1);
@@ -1345,14 +1312,11 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname)
1345 if (stat(fname, &st) < 0) { 1312 if (stat(fname, &st) < 0) {
1346 if (errno == ENOENT) 1313 if (errno == ENOENT)
1347 return 0; 1314 return 0;
1348 perror(fname); 1315 fatal("%s: %s", fname, strerror(errno));
1349 exit(1);
1350 } 1316 }
1351 if ((r = sshkey_load_public(fname, &public, &comment)) != 0) { 1317 if ((r = sshkey_load_public(fname, &public, &comment)) != 0)
1352 printf("Failed to read v2 public key from \"%s\": %s.\n", 1318 fatal("Failed to read v2 public key from \"%s\": %s.",
1353 fname, ssh_err(r)); 1319 fname, ssh_err(r));
1354 exit(1);
1355 }
1356 export_dns_rr(hname, public, stdout, print_generic); 1320 export_dns_rr(hname, public, stdout, print_generic);
1357 sshkey_free(public); 1321 sshkey_free(public);
1358 free(comment); 1322 free(comment);
@@ -1374,18 +1338,15 @@ do_change_comment(struct passwd *pw)
1374 1338
1375 if (!have_identity) 1339 if (!have_identity)
1376 ask_filename(pw, "Enter file in which the key is"); 1340 ask_filename(pw, "Enter file in which the key is");
1377 if (stat(identity_file, &st) < 0) { 1341 if (stat(identity_file, &st) < 0)
1378 perror(identity_file); 1342 fatal("%s: %s", identity_file, strerror(errno));
1379 exit(1);
1380 }
1381 if ((r = sshkey_load_private(identity_file, "", 1343 if ((r = sshkey_load_private(identity_file, "",
1382 &private, &comment)) == 0) 1344 &private, &comment)) == 0)
1383 passphrase = xstrdup(""); 1345 passphrase = xstrdup("");
1384 else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) { 1346 else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
1385 printf("Cannot load private key \"%s\": %s.\n", 1347 fatal("Cannot load private key \"%s\": %s.",
1386 identity_file, ssh_err(r)); 1348 identity_file, ssh_err(r));
1387 exit(1); 1349 else {
1388 } else {
1389 if (identity_passphrase) 1350 if (identity_passphrase)
1390 passphrase = xstrdup(identity_passphrase); 1351 passphrase = xstrdup(identity_passphrase);
1391 else if (identity_new_passphrase) 1352 else if (identity_new_passphrase)
@@ -1398,13 +1359,13 @@ do_change_comment(struct passwd *pw)
1398 &private, &comment)) != 0) { 1359 &private, &comment)) != 0) {
1399 explicit_bzero(passphrase, strlen(passphrase)); 1360 explicit_bzero(passphrase, strlen(passphrase));
1400 free(passphrase); 1361 free(passphrase);
1401 printf("Cannot load private key \"%s\": %s.\n", 1362 fatal("Cannot load private key \"%s\": %s.",
1402 identity_file, ssh_err(r)); 1363 identity_file, ssh_err(r));
1403 exit(1);
1404 } 1364 }
1405 } 1365 }
1366 /* XXX what about new-format keys? */
1406 if (private->type != KEY_RSA1) { 1367 if (private->type != KEY_RSA1) {
1407 fprintf(stderr, "Comments are only supported for RSA1 keys.\n"); 1368 error("Comments are only supported for RSA1 keys.");
1408 explicit_bzero(passphrase, strlen(passphrase)); 1369 explicit_bzero(passphrase, strlen(passphrase));
1409 sshkey_free(private); 1370 sshkey_free(private);
1410 exit(1); 1371 exit(1);
@@ -1427,7 +1388,7 @@ do_change_comment(struct passwd *pw)
1427 /* Save the file using the new passphrase. */ 1388 /* Save the file using the new passphrase. */
1428 if ((r = sshkey_save_private(private, identity_file, passphrase, 1389 if ((r = sshkey_save_private(private, identity_file, passphrase,
1429 new_comment, use_new_format, new_format_cipher, rounds)) != 0) { 1390 new_comment, use_new_format, new_format_cipher, rounds)) != 0) {
1430 printf("Saving key \"%s\" failed: %s\n", 1391 error("Saving key \"%s\" failed: %s",
1431 identity_file, ssh_err(r)); 1392 identity_file, ssh_err(r));
1432 explicit_bzero(passphrase, strlen(passphrase)); 1393 explicit_bzero(passphrase, strlen(passphrase));
1433 free(passphrase); 1394 free(passphrase);
@@ -1443,17 +1404,13 @@ do_change_comment(struct passwd *pw)
1443 1404
1444 strlcat(identity_file, ".pub", sizeof(identity_file)); 1405 strlcat(identity_file, ".pub", sizeof(identity_file));
1445 fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); 1406 fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
1446 if (fd == -1) { 1407 if (fd == -1)
1447 printf("Could not save your public key in %s\n", identity_file); 1408 fatal("Could not save your public key in %s", identity_file);
1448 exit(1);
1449 }
1450 f = fdopen(fd, "w"); 1409 f = fdopen(fd, "w");
1451 if (f == NULL) { 1410 if (f == NULL)
1452 printf("fdopen %s failed\n", identity_file); 1411 fatal("fdopen %s failed: %s", identity_file, strerror(errno));
1453 exit(1);
1454 }
1455 if ((r = sshkey_write(public, f)) != 0) 1412 if ((r = sshkey_write(public, f)) != 0)
1456 fprintf(stderr, "write key failed: %s\n", ssh_err(r)); 1413 fatal("write key failed: %s", ssh_err(r));
1457 sshkey_free(public); 1414 sshkey_free(public);
1458 fprintf(f, " %s\n", new_comment); 1415 fprintf(f, " %s\n", new_comment);
1459 fclose(f); 1416 fclose(f);
@@ -1613,8 +1570,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
1613 break; 1570 break;
1614 /* FALLTHROUGH */ 1571 /* FALLTHROUGH */
1615 default: 1572 default:
1616 fprintf(stderr, "unknown key type %s\n", key_type_name); 1573 fatal("unknown key type %s", key_type_name);
1617 exit(1);
1618 } 1574 }
1619 } 1575 }
1620 1576
@@ -2272,14 +2228,10 @@ main(int argc, char **argv)
2272 2228
2273 /* we need this for the home * directory. */ 2229 /* we need this for the home * directory. */
2274 pw = getpwuid(getuid()); 2230 pw = getpwuid(getuid());
2275 if (!pw) { 2231 if (!pw)
2276 printf("No user exists for uid %lu\n", (u_long)getuid()); 2232 fatal("No user exists for uid %lu", (u_long)getuid());
2277 exit(1); 2233 if (gethostname(hostname, sizeof(hostname)) < 0)
2278 } 2234 fatal("gethostname: %s", strerror(errno));
2279 if (gethostname(hostname, sizeof(hostname)) < 0) {
2280 perror("gethostname");
2281 exit(1);
2282 }
2283 2235
2284 /* Remaining characters: UYdw */ 2236 /* Remaining characters: UYdw */
2285 while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy" 2237 while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy"
@@ -2496,19 +2448,19 @@ main(int argc, char **argv)
2496 2448
2497 if (ca_key_path != NULL) { 2449 if (ca_key_path != NULL) {
2498 if (argc < 1 && !gen_krl) { 2450 if (argc < 1 && !gen_krl) {
2499 printf("Too few arguments.\n"); 2451 error("Too few arguments.");
2500 usage(); 2452 usage();
2501 } 2453 }
2502 } else if (argc > 0 && !gen_krl && !check_krl) { 2454 } else if (argc > 0 && !gen_krl && !check_krl) {
2503 printf("Too many arguments.\n"); 2455 error("Too many arguments.");
2504 usage(); 2456 usage();
2505 } 2457 }
2506 if (change_passphrase && change_comment) { 2458 if (change_passphrase && change_comment) {
2507 printf("Can only have one of -p and -c.\n"); 2459 error("Can only have one of -p and -c.");
2508 usage(); 2460 usage();
2509 } 2461 }
2510 if (print_fingerprint && (delete_host || hash_hosts)) { 2462 if (print_fingerprint && (delete_host || hash_hosts)) {
2511 printf("Cannot use -l with -H or -R.\n"); 2463 error("Cannot use -l with -H or -R.");
2512 usage(); 2464 usage();
2513 } 2465 }
2514 if (gen_krl) { 2466 if (gen_krl) {
@@ -2550,10 +2502,8 @@ main(int argc, char **argv)
2550 if (have_identity) { 2502 if (have_identity) {
2551 n = do_print_resource_record(pw, 2503 n = do_print_resource_record(pw,
2552 identity_file, rr_hostname); 2504 identity_file, rr_hostname);
2553 if (n == 0) { 2505 if (n == 0)
2554 perror(identity_file); 2506 fatal("%s: %s", identity_file, strerror(errno));
2555 exit(1);
2556 }
2557 exit(0); 2507 exit(0);
2558 } else { 2508 } else {
2559 2509
@@ -2625,14 +2575,10 @@ main(int argc, char **argv)
2625 if (!quiet) 2575 if (!quiet)
2626 printf("Generating public/private %s key pair.\n", 2576 printf("Generating public/private %s key pair.\n",
2627 key_type_name); 2577 key_type_name);
2628 if ((r = sshkey_generate(type, bits, &private)) != 0) { 2578 if ((r = sshkey_generate(type, bits, &private)) != 0)
2629 fprintf(stderr, "key_generate failed\n"); 2579 fatal("key_generate failed");
2630 exit(1); 2580 if ((r = sshkey_from_private(private, &public)) != 0)
2631 } 2581 fatal("key_from_private failed: %s\n", ssh_err(r));
2632 if ((r = sshkey_from_private(private, &public)) != 0) {
2633 fprintf(stderr, "key_from_private failed: %s\n", ssh_err(r));
2634 exit(1);
2635 }
2636 2582
2637 if (!have_identity) 2583 if (!have_identity)
2638 ask_filename(pw, "Enter file in which to save the key"); 2584 ask_filename(pw, "Enter file in which to save the key");
@@ -2702,7 +2648,7 @@ passphrase_again:
2702 /* Save the key with the given passphrase and comment. */ 2648 /* Save the key with the given passphrase and comment. */
2703 if ((r = sshkey_save_private(private, identity_file, passphrase1, 2649 if ((r = sshkey_save_private(private, identity_file, passphrase1,
2704 comment, use_new_format, new_format_cipher, rounds)) != 0) { 2650 comment, use_new_format, new_format_cipher, rounds)) != 0) {
2705 printf("Saving key \"%s\" failed: %s\n", 2651 error("Saving key \"%s\" failed: %s",
2706 identity_file, ssh_err(r)); 2652 identity_file, ssh_err(r));
2707 explicit_bzero(passphrase1, strlen(passphrase1)); 2653 explicit_bzero(passphrase1, strlen(passphrase1));
2708 free(passphrase1); 2654 free(passphrase1);
@@ -2719,18 +2665,13 @@ passphrase_again:
2719 printf("Your identification has been saved in %s.\n", identity_file); 2665 printf("Your identification has been saved in %s.\n", identity_file);
2720 2666
2721 strlcat(identity_file, ".pub", sizeof(identity_file)); 2667 strlcat(identity_file, ".pub", sizeof(identity_file));
2722 fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); 2668 if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
2723 if (fd == -1) { 2669 fatal("Unable to save public key to %s: %s",
2724 printf("Could not save your public key in %s\n", identity_file); 2670 identity_file, strerror(errno));
2725 exit(1); 2671 if ((f = fdopen(fd, "w")) == NULL)
2726 } 2672 fatal("fdopen %s failed: %s", identity_file, strerror(errno));
2727 f = fdopen(fd, "w");
2728 if (f == NULL) {
2729 printf("fdopen %s failed\n", identity_file);
2730 exit(1);
2731 }
2732 if ((r = sshkey_write(public, f)) != 0) 2673 if ((r = sshkey_write(public, f)) != 0)
2733 fprintf(stderr, "write key failed: %s\n", ssh_err(r)); 2674 error("write key failed: %s", ssh_err(r));
2734 fprintf(f, " %s\n", comment); 2675 fprintf(f, " %s\n", comment);
2735 fclose(f); 2676 fclose(f);
2736 2677
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 02:23:57 +0000