summaryrefslogtreecommitdiff
path: root/crypto/openssh/ssh-keygen.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssh/ssh-keygen.c')
-rw-r--r--crypto/openssh/ssh-keygen.c349
1 files changed, 159 insertions, 190 deletions
diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c
index a3c2362a284a1..8259d87e73513 100644
--- a/crypto/openssh/ssh-keygen.c
+++ b/crypto/openssh/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.266 2015/02/26 20:45:47 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.274 2015/05/28 07:37:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -58,6 +58,12 @@
#include "krl.h"
#include "digest.h"
+#ifdef WITH_OPENSSL
+# define DEFAULT_KEY_TYPE_NAME "rsa"
+#else
+# define DEFAULT_KEY_TYPE_NAME "ed25519"
+#endif
+
/* Number of bits in the RSA/DSA key. This value can be set on the command line. */
#define DEFAULT_BITS 2048
#define DEFAULT_BITS_DSA 1024
@@ -174,23 +180,22 @@ extern char *__progname;
char hostname[NI_MAXHOST];
+#ifdef WITH_OPENSSL
/* moduli.c */
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
unsigned long);
+#endif
static void
type_bits_valid(int type, const char *name, u_int32_t *bitsp)
{
#ifdef WITH_OPENSSL
- u_int maxbits;
- int nid;
+ u_int maxbits, nid;
#endif
- if (type == KEY_UNSPEC) {
- fprintf(stderr, "unknown key type %s\n", key_type_name);
- exit(1);
- }
+ if (type == KEY_UNSPEC)
+ fatal("unknown key type %s", key_type_name);
if (*bitsp == 0) {
#ifdef WITH_OPENSSL
if (type == KEY_DSA)
@@ -208,10 +213,8 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp)
#ifdef WITH_OPENSSL
maxbits = (type == KEY_DSA) ?
OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
- if (*bitsp > maxbits) {
- fprintf(stderr, "key bits exceeds maximum %d\n", maxbits);
- exit(1);
- }
+ if (*bitsp > maxbits)
+ fatal("key bits exceeds maximum %d", maxbits);
if (type == KEY_DSA && *bitsp != 1024)
fatal("DSA keys must be 1024 bits");
else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)
@@ -256,13 +259,13 @@ ask_filename(struct passwd *pw, const char *prompt)
name = _PATH_SSH_CLIENT_ID_ED25519;
break;
default:
- fprintf(stderr, "bad key type\n");
- exit(1);
- break;
+ fatal("bad key type");
}
}
- snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name);
- fprintf(stderr, "%s (%s): ", prompt, identity_file);
+ snprintf(identity_file, sizeof(identity_file),
+ "%s/%s", pw->pw_dir, name);
+ printf("%s (%s): ", prompt, identity_file);
+ fflush(stdout);
if (fgets(buf, sizeof(buf), stdin) == NULL)
exit(1);
buf[strcspn(buf, "\n")] = '\0';
@@ -308,14 +311,10 @@ do_convert_to_ssh2(struct passwd *pw, struct sshkey *k)
char comment[61];
int r;
- if (k->type == KEY_RSA1) {
- fprintf(stderr, "version 1 keys are not supported\n");
- exit(1);
- }
- if ((r = sshkey_to_blob(k, &blob, &len)) != 0) {
- fprintf(stderr, "key_to_blob failed: %s\n", ssh_err(r));
- exit(1);
- }
+ if (k->type == KEY_RSA1)
+ fatal("version 1 keys are not supported");
+ if ((r = sshkey_to_blob(k, &blob, &len)) != 0)
+ fatal("key_to_blob failed: %s", ssh_err(r));
/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
snprintf(comment, sizeof(comment),
"%u-bit %s, converted by %s@%s from OpenSSH",
@@ -544,17 +543,13 @@ get_line(FILE *fp, char *line, size_t len)
line[0] = '\0';
while ((c = fgetc(fp)) != EOF) {
- if (pos >= len - 1) {
- fprintf(stderr, "input line too long.\n");
- exit(1);
- }
+ if (pos >= len - 1)
+ fatal("input line too long.");
switch (c) {
case '\r':
c = fgetc(fp);
- if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) {
- fprintf(stderr, "unget: %s\n", strerror(errno));
- exit(1);
- }
+ if (c != EOF && c != '\n' && ungetc(c, fp) == EOF)
+ fatal("unget: %s", strerror(errno));
return pos;
case '\n':
return pos;
@@ -606,16 +601,12 @@ do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private)
(encoded[len-3] == '='))
encoded[len-3] = '\0';
blen = uudecode(encoded, blob, sizeof(blob));
- if (blen < 0) {
- fprintf(stderr, "uudecode failed.\n");
- exit(1);
- }
+ if (blen < 0)
+ fatal("uudecode failed.");
if (*private)
*k = do_convert_private_ssh2_from_blob(blob, blen);
- else if ((r = sshkey_from_blob(blob, blen, k)) != 0) {
- fprintf(stderr, "decode blob failed: %s\n", ssh_err(r));
- exit(1);
- }
+ else if ((r = sshkey_from_blob(blob, blen, k)) != 0)
+ fatal("decode blob failed: %s", ssh_err(r));
fclose(fp);
}
@@ -749,10 +740,8 @@ do_convert_from(struct passwd *pw)
}
}
- if (!ok) {
- fprintf(stderr, "key write failed\n");
- exit(1);
- }
+ if (!ok)
+ fatal("key write failed");
sshkey_free(k);
exit(0);
}
@@ -767,13 +756,11 @@ do_print_public(struct passwd *pw)
if (!have_identity)
ask_filename(pw, "Enter file in which the key is");
- if (stat(identity_file, &st) < 0) {
- perror(identity_file);
- exit(1);
- }
+ if (stat(identity_file, &st) < 0)
+ fatal("%s: %s", identity_file, strerror(errno));
prv = load_identity(identity_file);
if ((r = sshkey_write(prv, stdout)) != 0)
- fprintf(stderr, "key_write failed: %s", ssh_err(r));
+ error("key_write failed: %s", ssh_err(r));
sshkey_free(prv);
fprintf(stdout, "\n");
exit(0);
@@ -838,10 +825,8 @@ do_fingerprint(struct passwd *pw)
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
if (!have_identity)
ask_filename(pw, "Enter file in which the key is");
- if (stat(identity_file, &st) < 0) {
- perror(identity_file);
- exit(1);
- }
+ if (stat(identity_file, &st) < 0)
+ fatal("%s: %s", identity_file, strerror(errno));
if ((r = sshkey_load_public(identity_file, &public, &comment)) != 0)
debug2("Error loading public key \"%s\": %s",
identity_file, ssh_err(r));
@@ -933,10 +918,8 @@ do_fingerprint(struct passwd *pw)
}
fclose(f);
- if (invalid) {
- printf("%s is not a public key file.\n", identity_file);
- exit(1);
- }
+ if (invalid)
+ fatal("%s is not a public key file.", identity_file);
exit(0);
}
@@ -948,12 +931,16 @@ do_gen_all_hostkeys(struct passwd *pw)
char *key_type_display;
char *path;
} key_types[] = {
+#ifdef WITH_OPENSSL
+#ifdef WITH_SSH1
{ "rsa1", "RSA1", _PATH_HOST_KEY_FILE },
+#endif /* WITH_SSH1 */
{ "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE },
{ "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE },
#ifdef OPENSSL_HAS_ECC
{ "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
{ "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
{ NULL, NULL, NULL }
};
@@ -969,7 +956,7 @@ do_gen_all_hostkeys(struct passwd *pw)
if (stat(key_types[i].path, &st) == 0)
continue;
if (errno != ENOENT) {
- printf("Could not stat %s: %s", key_types[i].path,
+ error("Could not stat %s: %s", key_types[i].path,
strerror(errno));
first = 0;
continue;
@@ -986,8 +973,7 @@ do_gen_all_hostkeys(struct passwd *pw)
bits = 0;
type_bits_valid(type, NULL, &bits);
if ((r = sshkey_generate(type, bits, &private)) != 0) {
- fprintf(stderr, "key_generate failed: %s\n",
- ssh_err(r));
+ error("key_generate failed: %s", ssh_err(r));
first = 0;
continue;
}
@@ -997,8 +983,8 @@ do_gen_all_hostkeys(struct passwd *pw)
hostname);
if ((r = sshkey_save_private(private, identity_file, "",
comment, use_new_format, new_format_cipher, rounds)) != 0) {
- printf("Saving key \"%s\" failed: %s\n", identity_file,
- ssh_err(r));
+ error("Saving key \"%s\" failed: %s",
+ identity_file, ssh_err(r));
sshkey_free(private);
sshkey_free(public);
first = 0;
@@ -1008,7 +994,7 @@ do_gen_all_hostkeys(struct passwd *pw)
strlcat(identity_file, ".pub", sizeof(identity_file));
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (fd == -1) {
- printf("Could not save your public key in %s\n",
+ error("Could not save your public key in %s",
identity_file);
sshkey_free(public);
first = 0;
@@ -1016,14 +1002,14 @@ do_gen_all_hostkeys(struct passwd *pw)
}
f = fdopen(fd, "w");
if (f == NULL) {
- printf("fdopen %s failed\n", identity_file);
+ error("fdopen %s failed", identity_file);
close(fd);
sshkey_free(public);
first = 0;
continue;
}
if ((r = sshkey_write(public, f)) != 0) {
- fprintf(stderr, "write key failed: %s\n", ssh_err(r));
+ error("write key failed: %s", ssh_err(r));
fclose(f);
sshkey_free(public);
first = 0;
@@ -1064,8 +1050,8 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
has_wild || l->marker != MRK_NONE) {
fprintf(ctx->out, "%s\n", l->line);
if (has_wild && !find_host) {
- fprintf(stderr, "%s:%ld: ignoring host name "
- "with wildcard: %.64s\n", l->path,
+ logit("%s:%ld: ignoring host name "
+ "with wildcard: %.64s", l->path,
l->linenum, l->hosts);
}
return 0;
@@ -1086,7 +1072,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
case HKF_STATUS_INVALID:
/* Retain invalid lines, but mark file as invalid. */
ctx->invalid = 1;
- fprintf(stderr, "%s:%ld: invalid line\n", l->path, l->linenum);
+ logit("%s:%ld: invalid line", l->path, l->linenum);
/* FALLTHROUGH */
default:
fprintf(ctx->out, "%s\n", l->line);
@@ -1100,6 +1086,12 @@ static int
known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
{
struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
+ enum sshkey_fp_rep rep;
+ int fptype;
+ char *fp;
+
+ fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;
+ rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
if (l->status == HKF_STATUS_MATCHED) {
if (delete_host) {
@@ -1128,7 +1120,12 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
}
if (hash_hosts)
known_hosts_hash(l, ctx);
- else
+ else if (print_fingerprint) {
+ fp = sshkey_fingerprint(l->key, fptype, rep);
+ printf("%s %s %s %s\n", ctx->host,
+ sshkey_type(l->key), fp, l->comment);
+ free(fp);
+ } else
fprintf(ctx->out, "%s\n", l->line);
return 0;
}
@@ -1136,8 +1133,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
/* Retain non-matching hosts when deleting */
if (l->status == HKF_STATUS_INVALID) {
ctx->invalid = 1;
- fprintf(stderr, "%s:%ld: invalid line\n",
- l->path, l->linenum);
+ logit("%s:%ld: invalid line", l->path, l->linenum);
}
fprintf(ctx->out, "%s\n", l->line);
}
@@ -1150,6 +1146,7 @@ do_known_hosts(struct passwd *pw, const char *name)
char *cp, tmp[PATH_MAX], old[PATH_MAX];
int r, fd, oerrno, inplace = 0;
struct known_hosts_ctx ctx;
+ u_int foreach_options;
if (!have_identity) {
cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
@@ -1186,26 +1183,26 @@ do_known_hosts(struct passwd *pw, const char *name)
}
/* XXX support identity_file == "-" for stdin */
+ foreach_options = find_host ? HKF_WANT_MATCH : 0;
+ foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0;
if ((r = hostkeys_foreach(identity_file,
hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx,
- name, NULL, find_host ? HKF_WANT_MATCH : 0)) != 0)
+ name, NULL, foreach_options)) != 0)
fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));
if (inplace)
fclose(ctx.out);
if (ctx.invalid) {
- fprintf(stderr, "%s is not a valid known_hosts file.\n",
- identity_file);
+ error("%s is not a valid known_hosts file.", identity_file);
if (inplace) {
- fprintf(stderr, "Not replacing existing known_hosts "
- "file because of errors\n");
+ error("Not replacing existing known_hosts "
+ "file because of errors");
unlink(tmp);
}
exit(1);
} else if (delete_host && !ctx.found_key) {
- fprintf(stderr, "Host %s not found in %s\n",
- name, identity_file);
+ logit("Host %s not found in %s", name, identity_file);
unlink(tmp);
} else if (inplace) {
/* Backup existing file */
@@ -1223,13 +1220,12 @@ do_known_hosts(struct passwd *pw, const char *name)
exit(1);
}
- fprintf(stderr, "%s updated.\n", identity_file);
- fprintf(stderr, "Original contents retained as %s\n", old);
+ printf("%s updated.\n", identity_file);
+ printf("Original contents retained as %s\n", old);
if (ctx.has_unhashed) {
- fprintf(stderr, "WARNING: %s contains unhashed "
- "entries\n", old);
- fprintf(stderr, "Delete this file to ensure privacy "
- "of hostnames\n");
+ logit("WARNING: %s contains unhashed entries", old);
+ logit("Delete this file to ensure privacy "
+ "of hostnames");
}
}
@@ -1251,10 +1247,8 @@ do_change_passphrase(struct passwd *pw)
if (!have_identity)
ask_filename(pw, "Enter file in which the key is");
- if (stat(identity_file, &st) < 0) {
- perror(identity_file);
- exit(1);
- }
+ if (stat(identity_file, &st) < 0)
+ fatal("%s: %s", identity_file, strerror(errno));
/* Try to load the file with empty passphrase. */
r = sshkey_load_private(identity_file, "", &private, &comment);
if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) {
@@ -1272,9 +1266,7 @@ do_change_passphrase(struct passwd *pw)
goto badkey;
} else if (r != 0) {
badkey:
- fprintf(stderr, "Failed to load key \"%s\": %s\n",
- identity_file, ssh_err(r));
- exit(1);
+ fatal("Failed to load key %s: %s", identity_file, ssh_err(r));
}
if (comment)
printf("Key has comment '%s'\n", comment);
@@ -1307,7 +1299,7 @@ do_change_passphrase(struct passwd *pw)
/* Save the file using the new passphrase. */
if ((r = sshkey_save_private(private, identity_file, passphrase1,
comment, use_new_format, new_format_cipher, rounds)) != 0) {
- printf("Saving key \"%s\" failed: %s.\n",
+ error("Saving key \"%s\" failed: %s.",
identity_file, ssh_err(r));
explicit_bzero(passphrase1, strlen(passphrase1));
free(passphrase1);
@@ -1341,14 +1333,11 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname)
if (stat(fname, &st) < 0) {
if (errno == ENOENT)
return 0;
- perror(fname);
- exit(1);
+ fatal("%s: %s", fname, strerror(errno));
}
- if ((r = sshkey_load_public(fname, &public, &comment)) != 0) {
- printf("Failed to read v2 public key from \"%s\": %s.\n",
+ if ((r = sshkey_load_public(fname, &public, &comment)) != 0)
+ fatal("Failed to read v2 public key from \"%s\": %s.",
fname, ssh_err(r));
- exit(1);
- }
export_dns_rr(hname, public, stdout, print_generic);
sshkey_free(public);
free(comment);
@@ -1370,18 +1359,15 @@ do_change_comment(struct passwd *pw)
if (!have_identity)
ask_filename(pw, "Enter file in which the key is");
- if (stat(identity_file, &st) < 0) {
- perror(identity_file);
- exit(1);
- }
+ if (stat(identity_file, &st) < 0)
+ fatal("%s: %s", identity_file, strerror(errno));
if ((r = sshkey_load_private(identity_file, "",
&private, &comment)) == 0)
passphrase = xstrdup("");
- else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) {
- printf("Cannot load private key \"%s\": %s.\n",
+ else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+ fatal("Cannot load private key \"%s\": %s.",
identity_file, ssh_err(r));
- exit(1);
- } else {
+ else {
if (identity_passphrase)
passphrase = xstrdup(identity_passphrase);
else if (identity_new_passphrase)
@@ -1394,13 +1380,14 @@ do_change_comment(struct passwd *pw)
&private, &comment)) != 0) {
explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
- printf("Cannot load private key \"%s\": %s.\n",
+ fatal("Cannot load private key \"%s\": %s.",
identity_file, ssh_err(r));
- exit(1);
}
}
+ /* XXX what about new-format keys? */
if (private->type != KEY_RSA1) {
- fprintf(stderr, "Comments are only supported for RSA1 keys.\n");
+ error("Comments are only supported for RSA1 keys.");
+ explicit_bzero(passphrase, strlen(passphrase));
sshkey_free(private);
exit(1);
}
@@ -1422,7 +1409,7 @@ do_change_comment(struct passwd *pw)
/* Save the file using the new passphrase. */
if ((r = sshkey_save_private(private, identity_file, passphrase,
new_comment, use_new_format, new_format_cipher, rounds)) != 0) {
- printf("Saving key \"%s\" failed: %s\n",
+ error("Saving key \"%s\" failed: %s",
identity_file, ssh_err(r));
explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
@@ -1438,17 +1425,13 @@ do_change_comment(struct passwd *pw)
strlcat(identity_file, ".pub", sizeof(identity_file));
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
- if (fd == -1) {
- printf("Could not save your public key in %s\n", identity_file);
- exit(1);
- }
+ if (fd == -1)
+ fatal("Could not save your public key in %s", identity_file);
f = fdopen(fd, "w");
- if (f == NULL) {
- printf("fdopen %s failed\n", identity_file);
- exit(1);
- }
+ if (f == NULL)
+ fatal("fdopen %s failed: %s", identity_file, strerror(errno));
if ((r = sshkey_write(public, f)) != 0)
- fprintf(stderr, "write key failed: %s\n", ssh_err(r));
+ fatal("write key failed: %s", ssh_err(r));
sshkey_free(public);
fprintf(f, " %s\n", new_comment);
fclose(f);
@@ -1608,8 +1591,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
break;
/* FALLTHROUGH */
default:
- fprintf(stderr, "unknown key type %s\n", key_type_name);
- exit(1);
+ fatal("unknown key type %s", key_type_name);
}
}
@@ -1631,7 +1613,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
otmp = tmp = xstrdup(cert_principals);
plist = NULL;
for (; (cp = strsep(&tmp, ",")) != NULL; n++) {
- plist = xrealloc(plist, n + 1, sizeof(*plist));
+ plist = xreallocarray(plist, n + 1, sizeof(*plist));
if (*(plist[n] = xstrdup(cp)) == '\0')
fatal("Empty principal name");
}
@@ -2216,9 +2198,11 @@ usage(void)
" ssh-keygen -H [-f known_hosts_file]\n"
" ssh-keygen -R hostname [-f known_hosts_file]\n"
" ssh-keygen -r hostname [-f input_keyfile] [-g]\n"
+#ifdef WITH_OPENSSL
" ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n"
" ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n"
" [-j start_line] [-K checkpt] [-W generator]\n"
+#endif
" ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n"
" [-O option] [-V validity_interval] [-z serial_number] file ...\n"
" ssh-keygen -L [-f input_keyfile]\n"
@@ -2236,19 +2220,22 @@ int
main(int argc, char **argv)
{
char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2;
- char *checkpoint = NULL;
- char out_file[PATH_MAX], *rr_hostname = NULL, *ep, *fp, *ra;
+ char *rr_hostname = NULL, *ep, *fp, *ra;
struct sshkey *private, *public;
struct passwd *pw;
struct stat st;
int r, opt, type, fd;
+ int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
+ FILE *f;
+ const char *errstr;
+#ifdef WITH_OPENSSL
+ /* Moduli generation/screening */
+ char out_file[PATH_MAX], *checkpoint = NULL;
u_int32_t memory = 0, generator_wanted = 0;
int do_gen_candidates = 0, do_screen_candidates = 0;
- int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
unsigned long start_lineno = 0, lines_to_process = 0;
BIGNUM *start = NULL;
- FILE *f;
- const char *errstr;
+#endif
extern int optind;
extern char *optarg;
@@ -2267,14 +2254,10 @@ main(int argc, char **argv)
/* we need this for the home * directory. */
pw = getpwuid(getuid());
- if (!pw) {
- printf("No user exists for uid %lu\n", (u_long)getuid());
- exit(1);
- }
- if (gethostname(hostname, sizeof(hostname)) < 0) {
- perror("gethostname");
- exit(1);
- }
+ if (!pw)
+ fatal("No user exists for uid %lu", (u_long)getuid());
+ if (gethostname(hostname, sizeof(hostname)) < 0)
+ fatal("gethostname: %s", strerror(errno));
/* Remaining characters: UYdw */
while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy"
@@ -2305,12 +2288,6 @@ main(int argc, char **argv)
case 'I':
cert_key_id = optarg;
break;
- case 'J':
- lines_to_process = strtoul(optarg, NULL, 10);
- break;
- case 'j':
- start_lineno = strtoul(optarg, NULL, 10);
- break;
case 'R':
delete_host = 1;
rr_hostname = optarg;
@@ -2352,8 +2329,8 @@ main(int argc, char **argv)
change_comment = 1;
break;
case 'f':
- if (strlcpy(identity_file, optarg, sizeof(identity_file)) >=
- sizeof(identity_file))
+ if (strlcpy(identity_file, optarg,
+ sizeof(identity_file)) >= sizeof(identity_file))
fatal("Identity filename too long");
have_identity = 1;
break;
@@ -2425,20 +2402,31 @@ main(int argc, char **argv)
case 'r':
rr_hostname = optarg;
break;
- case 'W':
- generator_wanted = (u_int32_t)strtonum(optarg, 1,
- UINT_MAX, &errstr);
- if (errstr)
- fatal("Desired generator has bad value: %s (%s)",
- optarg, errstr);
- break;
case 'a':
rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr);
if (errstr)
fatal("Invalid number: %s (%s)",
optarg, errstr);
break;
+ case 'V':
+ parse_cert_times(optarg);
+ break;
+ case 'z':
+ errno = 0;
+ cert_serial = strtoull(optarg, &ep, 10);
+ if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
+ (errno == ERANGE && cert_serial == ULLONG_MAX))
+ fatal("Invalid serial number \"%s\"", optarg);
+ break;
#ifdef WITH_OPENSSL
+ /* Moduli generation/screening */
+ case 'W':
+ generator_wanted = (u_int32_t)strtonum(optarg, 1,
+ UINT_MAX, &errstr);
+ if (errstr)
+ fatal("Desired generator has bad value: %s (%s)",
+ optarg, errstr);
+ break;
case 'M':
memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr);
if (errstr)
@@ -2467,16 +2455,6 @@ main(int argc, char **argv)
fatal("Invalid start point.");
break;
#endif /* WITH_OPENSSL */
- case 'V':
- parse_cert_times(optarg);
- break;
- case 'z':
- errno = 0;
- cert_serial = strtoull(optarg, &ep, 10);
- if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
- (errno == ERANGE && cert_serial == ULLONG_MAX))
- fatal("Invalid serial number \"%s\"", optarg);
- break;
case '?':
default:
usage();
@@ -2491,19 +2469,19 @@ main(int argc, char **argv)
if (ca_key_path != NULL) {
if (argc < 1 && !gen_krl) {
- printf("Too few arguments.\n");
+ error("Too few arguments.");
usage();
}
} else if (argc > 0 && !gen_krl && !check_krl) {
- printf("Too many arguments.\n");
+ error("Too many arguments.");
usage();
}
if (change_passphrase && change_comment) {
- printf("Can only have one of -p and -c.\n");
+ error("Can only have one of -p and -c.");
usage();
}
if (print_fingerprint && (delete_host || hash_hosts)) {
- printf("Cannot use -l with -H or -R.\n");
+ error("Cannot use -l with -H or -R.");
usage();
}
if (gen_krl) {
@@ -2545,10 +2523,8 @@ main(int argc, char **argv)
if (have_identity) {
n = do_print_resource_record(pw,
identity_file, rr_hostname);
- if (n == 0) {
- perror(identity_file);
- exit(1);
- }
+ if (n == 0)
+ fatal("%s: %s", identity_file, strerror(errno));
exit(0);
} else {
@@ -2566,6 +2542,7 @@ main(int argc, char **argv)
}
}
+#ifdef WITH_OPENSSL
if (do_gen_candidates) {
FILE *out = fopen(out_file, "w");
@@ -2605,6 +2582,7 @@ main(int argc, char **argv)
fatal("modulus screening failed");
return (0);
}
+#endif
if (gen_all_hostkeys) {
do_gen_all_hostkeys(pw);
@@ -2612,7 +2590,7 @@ main(int argc, char **argv)
}
if (key_type_name == NULL)
- key_type_name = "rsa";
+ key_type_name = DEFAULT_KEY_TYPE_NAME;
type = sshkey_type_from_name(key_type_name);
type_bits_valid(type, key_type_name, &bits);
@@ -2620,14 +2598,10 @@ main(int argc, char **argv)
if (!quiet)
printf("Generating public/private %s key pair.\n",
key_type_name);
- if ((r = sshkey_generate(type, bits, &private)) != 0) {
- fprintf(stderr, "key_generate failed\n");
- exit(1);
- }
- if ((r = sshkey_from_private(private, &public)) != 0) {
- fprintf(stderr, "key_from_private failed: %s\n", ssh_err(r));
- exit(1);
- }
+ if ((r = sshkey_generate(type, bits, &private)) != 0)
+ fatal("key_generate failed");
+ if ((r = sshkey_from_private(private, &public)) != 0)
+ fatal("key_from_private failed: %s\n", ssh_err(r));
if (!have_identity)
ask_filename(pw, "Enter file in which to save the key");
@@ -2697,7 +2671,7 @@ passphrase_again:
/* Save the key with the given passphrase and comment. */
if ((r = sshkey_save_private(private, identity_file, passphrase1,
comment, use_new_format, new_format_cipher, rounds)) != 0) {
- printf("Saving key \"%s\" failed: %s\n",
+ error("Saving key \"%s\" failed: %s",
identity_file, ssh_err(r));
explicit_bzero(passphrase1, strlen(passphrase1));
free(passphrase1);
@@ -2714,18 +2688,13 @@ passphrase_again:
printf("Your identification has been saved in %s.\n", identity_file);
strlcat(identity_file, ".pub", sizeof(identity_file));
- fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
- if (fd == -1) {
- printf("Could not save your public key in %s\n", identity_file);
- exit(1);
- }
- f = fdopen(fd, "w");
- if (f == NULL) {
- printf("fdopen %s failed\n", identity_file);
- exit(1);
- }
+ if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
+ fatal("Unable to save public key to %s: %s",
+ identity_file, strerror(errno));
+ if ((f = fdopen(fd, "w")) == NULL)
+ fatal("fdopen %s failed: %s", identity_file, strerror(errno));
if ((r = sshkey_write(public, f)) != 0)
- fprintf(stderr, "write key failed: %s\n", ssh_err(r));
+ error("write key failed: %s", ssh_err(r));
fprintf(f, " %s\n", comment);
fclose(f);
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-01 22:10:25 +0000