-/* $OpenBSD: ssh-keygen.c,v 1.268 2015/03/31 11:06:49 tobias Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.269 2015/04/17 13:19:22 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
{
u_int maxbits, nid;
- if (type == KEY_UNSPEC) {
- fprintf(stderr, "unknown key type %s\n", key_type_name);
- exit(1);
- }
+ if (type == KEY_UNSPEC)
+ fatal("unknown key type %s", key_type_name);
if (*bitsp == 0) {
if (type == KEY_DSA)
*bitsp = DEFAULT_BITS_DSA;
}
maxbits = (type == KEY_DSA) ?
OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
- if (*bitsp > maxbits) {
- fprintf(stderr, "key bits exceeds maximum %d\n", maxbits);
- exit(1);
- }
+ if (*bitsp > maxbits)
+ fatal("key bits exceeds maximum %d", maxbits);
#ifdef WITH_OPENSSL
if (type == KEY_DSA && *bitsp != 1024)
fatal("DSA keys must be 1024 bits");
name = _PATH_SSH_CLIENT_ID_ED25519;
break;
default:
- fprintf(stderr, "bad key type\n");
- exit(1);
- break;
+ fatal("bad key type");
}
}
- snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name);
- fprintf(stderr, "%s (%s): ", prompt, identity_file);
+ snprintf(identity_file, sizeof(identity_file),
+ "%s/%s", pw->pw_dir, name);
+ printf("%s (%s): ", prompt, identity_file);
+ fflush(stdout);
if (fgets(buf, sizeof(buf), stdin) == NULL)
exit(1);
buf[strcspn(buf, "\n")] = '\0';
char comment[61];
int r;
- if (k->type == KEY_RSA1) {
- fprintf(stderr, "version 1 keys are not supported\n");
- exit(1);
- }
- if ((r = sshkey_to_blob(k, &blob, &len)) != 0) {
- fprintf(stderr, "key_to_blob failed: %s\n", ssh_err(r));
- exit(1);
- }
+ if (k->type == KEY_RSA1)
+ fatal("version 1 keys are not supported");
+ if ((r = sshkey_to_blob(k, &blob, &len)) != 0)
+ fatal("key_to_blob failed: %s", ssh_err(r));
/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
snprintf(comment, sizeof(comment),
"%u-bit %s, converted by %s@%s from OpenSSH",
line[0] = '\0';
while ((c = fgetc(fp)) != EOF) {
- if (pos >= len - 1) {
- fprintf(stderr, "input line too long.\n");
- exit(1);
- }
+ if (pos >= len - 1)
+ fatal("input line too long.");
switch (c) {
case '\r':
c = fgetc(fp);
- if (c != EOF && c != '\n' && ungetc(c, fp) == EOF) {
- fprintf(stderr, "unget: %s\n", strerror(errno));
- exit(1);
- }
+ if (c != EOF && c != '\n' && ungetc(c, fp) == EOF)
+ fatal("unget: %s", strerror(errno));
return pos;
case '\n':
return pos;
(encoded[len-3] == '='))
encoded[len-3] = '\0';
blen = uudecode(encoded, blob, sizeof(blob));
- if (blen < 0) {
- fprintf(stderr, "uudecode failed.\n");
- exit(1);
- }
+ if (blen < 0)
+ fatal("uudecode failed.");
if (*private)
*k = do_convert_private_ssh2_from_blob(blob, blen);
- else if ((r = sshkey_from_blob(blob, blen, k)) != 0) {
- fprintf(stderr, "decode blob failed: %s\n", ssh_err(r));
- exit(1);
- }
+ else if ((r = sshkey_from_blob(blob, blen, k)) != 0)
+ fatal("decode blob failed: %s", ssh_err(r));
fclose(fp);
}
}
}
- if (!ok) {
- fprintf(stderr, "key write failed\n");
- exit(1);
- }
+ if (!ok)
+ fatal("key write failed");
sshkey_free(k);
exit(0);
}
if (!have_identity)
ask_filename(pw, "Enter file in which the key is");
- if (stat(identity_file, &st) < 0) {
- perror(identity_file);
- exit(1);
- }
+ if (stat(identity_file, &st) < 0)
+ fatal("%s: %s", identity_file, strerror(errno));
prv = load_identity(identity_file);
if ((r = sshkey_write(prv, stdout)) != 0)
- fprintf(stderr, "key_write failed: %s", ssh_err(r));
+ error("key_write failed: %s", ssh_err(r));
sshkey_free(prv);
fprintf(stdout, "\n");
exit(0);
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
if (!have_identity)
ask_filename(pw, "Enter file in which the key is");
- if (stat(identity_file, &st) < 0) {
- perror(identity_file);
- exit(1);
- }
+ if (stat(identity_file, &st) < 0)
+ fatal("%s: %s", identity_file, strerror(errno));
if ((r = sshkey_load_public(identity_file, &public, &comment)) != 0)
debug2("Error loading public key \"%s\": %s",
identity_file, ssh_err(r));
}
fclose(f);
- if (invalid) {
- printf("%s is not a public key file.\n", identity_file);
- exit(1);
- }
+ if (invalid)
+ fatal("%s is not a public key file.", identity_file);
exit(0);
}
if (stat(key_types[i].path, &st) == 0)
continue;
if (errno != ENOENT) {
- printf("Could not stat %s: %s", key_types[i].path,
+ error("Could not stat %s: %s", key_types[i].path,
strerror(errno));
first = 0;
continue;
bits = 0;
type_bits_valid(type, NULL, &bits);
if ((r = sshkey_generate(type, bits, &private)) != 0) {
- fprintf(stderr, "key_generate failed: %s\n",
- ssh_err(r));
+ error("key_generate failed: %s", ssh_err(r));
first = 0;
continue;
}
hostname);
if ((r = sshkey_save_private(private, identity_file, "",
comment, use_new_format, new_format_cipher, rounds)) != 0) {
- printf("Saving key \"%s\" failed: %s\n", identity_file,
- ssh_err(r));
+ error("Saving key \"%s\" failed: %s",
+ identity_file, ssh_err(r));
sshkey_free(private);
sshkey_free(public);
first = 0;
strlcat(identity_file, ".pub", sizeof(identity_file));
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (fd == -1) {
- printf("Could not save your public key in %s\n",
+ error("Could not save your public key in %s",
identity_file);
sshkey_free(public);
first = 0;
}
f = fdopen(fd, "w");
if (f == NULL) {
- printf("fdopen %s failed\n", identity_file);
+ error("fdopen %s failed", identity_file);
close(fd);
sshkey_free(public);
first = 0;
continue;
}
if ((r = sshkey_write(public, f)) != 0) {
- fprintf(stderr, "write key failed: %s\n", ssh_err(r));
+ error("write key failed: %s", ssh_err(r));
fclose(f);
sshkey_free(public);
first = 0;
has_wild || l->marker != MRK_NONE) {
fprintf(ctx->out, "%s\n", l->line);
if (has_wild && !find_host) {
- fprintf(stderr, "%s:%ld: ignoring host name "
- "with wildcard: %.64s\n", l->path,
+ logit("%s:%ld: ignoring host name "
+ "with wildcard: %.64s", l->path,
l->linenum, l->hosts);
}
return 0;
case HKF_STATUS_INVALID:
/* Retain invalid lines, but mark file as invalid. */
ctx->invalid = 1;
- fprintf(stderr, "%s:%ld: invalid line\n", l->path, l->linenum);
+ logit("%s:%ld: invalid line", l->path, l->linenum);
/* FALLTHROUGH */
default:
fprintf(ctx->out, "%s\n", l->line);
/* Retain non-matching hosts when deleting */
if (l->status == HKF_STATUS_INVALID) {
ctx->invalid = 1;
- fprintf(stderr, "%s:%ld: invalid line\n",
- l->path, l->linenum);
+ logit("%s:%ld: invalid line", l->path, l->linenum);
}
fprintf(ctx->out, "%s\n", l->line);
}
fclose(ctx.out);
if (ctx.invalid) {
- fprintf(stderr, "%s is not a valid known_hosts file.\n",
- identity_file);
+ error("%s is not a valid known_hosts file.", identity_file);
if (inplace) {
- fprintf(stderr, "Not replacing existing known_hosts "
- "file because of errors\n");
+ error("Not replacing existing known_hosts "
+ "file because of errors");
unlink(tmp);
}
exit(1);
} else if (delete_host && !ctx.found_key) {
- fprintf(stderr, "Host %s not found in %s\n",
- name, identity_file);
+ logit("Host %s not found in %s", name, identity_file);
unlink(tmp);
} else if (inplace) {
/* Backup existing file */
exit(1);
}
- fprintf(stderr, "%s updated.\n", identity_file);
- fprintf(stderr, "Original contents retained as %s\n", old);
+ printf("%s updated.\n", identity_file);
+ printf("Original contents retained as %s\n", old);
if (ctx.has_unhashed) {
- fprintf(stderr, "WARNING: %s contains unhashed "
- "entries\n", old);
- fprintf(stderr, "Delete this file to ensure privacy "
- "of hostnames\n");
+ logit("WARNING: %s contains unhashed entries", old);
+ logit("Delete this file to ensure privacy "
+ "of hostnames");
}
}
if (!have_identity)
ask_filename(pw, "Enter file in which the key is");
- if (stat(identity_file, &st) < 0) {
- perror(identity_file);
- exit(1);
- }
+ if (stat(identity_file, &st) < 0)
+ fatal("%s: %s", identity_file, strerror(errno));
/* Try to load the file with empty passphrase. */
r = sshkey_load_private(identity_file, "", &private, &comment);
if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) {
goto badkey;
} else if (r != 0) {
badkey:
- fprintf(stderr, "Failed to load key \"%s\": %s\n",
- identity_file, ssh_err(r));
- exit(1);
+ fatal("Failed to load key %s: %s", identity_file, ssh_err(r));
}
if (comment)
printf("Key has comment '%s'\n", comment);
/* Save the file using the new passphrase. */
if ((r = sshkey_save_private(private, identity_file, passphrase1,
comment, use_new_format, new_format_cipher, rounds)) != 0) {
- printf("Saving key \"%s\" failed: %s.\n",
+ error("Saving key \"%s\" failed: %s.",
identity_file, ssh_err(r));
explicit_bzero(passphrase1, strlen(passphrase1));
free(passphrase1);
if (stat(fname, &st) < 0) {
if (errno == ENOENT)
return 0;
- perror(fname);
- exit(1);
+ fatal("%s: %s", fname, strerror(errno));
}
- if ((r = sshkey_load_public(fname, &public, &comment)) != 0) {
- printf("Failed to read v2 public key from \"%s\": %s.\n",
+ if ((r = sshkey_load_public(fname, &public, &comment)) != 0)
+ fatal("Failed to read v2 public key from \"%s\": %s.",
fname, ssh_err(r));
- exit(1);
- }
export_dns_rr(hname, public, stdout, print_generic);
sshkey_free(public);
free(comment);
if (!have_identity)
ask_filename(pw, "Enter file in which the key is");
- if (stat(identity_file, &st) < 0) {
- perror(identity_file);
- exit(1);
- }
+ if (stat(identity_file, &st) < 0)
+ fatal("%s: %s", identity_file, strerror(errno));
if ((r = sshkey_load_private(identity_file, "",
&private, &comment)) == 0)
passphrase = xstrdup("");
- else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) {
- printf("Cannot load private key \"%s\": %s.\n",
+ else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+ fatal("Cannot load private key \"%s\": %s.",
identity_file, ssh_err(r));
- exit(1);
- } else {
+ else {
if (identity_passphrase)
passphrase = xstrdup(identity_passphrase);
else if (identity_new_passphrase)
&private, &comment)) != 0) {
explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
- printf("Cannot load private key \"%s\": %s.\n",
+ fatal("Cannot load private key \"%s\": %s.",
identity_file, ssh_err(r));
- exit(1);
}
}
+ /* XXX what about new-format keys? */
if (private->type != KEY_RSA1) {
- fprintf(stderr, "Comments are only supported for RSA1 keys.\n");
+ error("Comments are only supported for RSA1 keys.");
explicit_bzero(passphrase, strlen(passphrase));
sshkey_free(private);
exit(1);
/* Save the file using the new passphrase. */
if ((r = sshkey_save_private(private, identity_file, passphrase,
new_comment, use_new_format, new_format_cipher, rounds)) != 0) {
- printf("Saving key \"%s\" failed: %s\n",
+ error("Saving key \"%s\" failed: %s",
identity_file, ssh_err(r));
explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
strlcat(identity_file, ".pub", sizeof(identity_file));
fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
- if (fd == -1) {
- printf("Could not save your public key in %s\n", identity_file);
- exit(1);
- }
+ if (fd == -1)
+ fatal("Could not save your public key in %s", identity_file);
f = fdopen(fd, "w");
- if (f == NULL) {
- printf("fdopen %s failed\n", identity_file);
- exit(1);
- }
+ if (f == NULL)
+ fatal("fdopen %s failed: %s", identity_file, strerror(errno));
if ((r = sshkey_write(public, f)) != 0)
- fprintf(stderr, "write key failed: %s\n", ssh_err(r));
+ fatal("write key failed: %s", ssh_err(r));
sshkey_free(public);
fprintf(f, " %s\n", new_comment);
fclose(f);
break;
/* FALLTHROUGH */
default:
- fprintf(stderr, "unknown key type %s\n", key_type_name);
- exit(1);
+ fatal("unknown key type %s", key_type_name);
}
}
/* we need this for the home * directory. */
pw = getpwuid(getuid());
- if (!pw) {
- printf("No user exists for uid %lu\n", (u_long)getuid());
- exit(1);
- }
- if (gethostname(hostname, sizeof(hostname)) < 0) {
- perror("gethostname");
- exit(1);
- }
+ if (!pw)
+ fatal("No user exists for uid %lu", (u_long)getuid());
+ if (gethostname(hostname, sizeof(hostname)) < 0)
+ fatal("gethostname: %s", strerror(errno));
/* Remaining characters: UYdw */
while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy"
if (ca_key_path != NULL) {
if (argc < 1 && !gen_krl) {
- printf("Too few arguments.\n");
+ error("Too few arguments.");
usage();
}
} else if (argc > 0 && !gen_krl && !check_krl) {
- printf("Too many arguments.\n");
+ error("Too many arguments.");
usage();
}
if (change_passphrase && change_comment) {
- printf("Can only have one of -p and -c.\n");
+ error("Can only have one of -p and -c.");
usage();
}
if (print_fingerprint && (delete_host || hash_hosts)) {
- printf("Cannot use -l with -H or -R.\n");
+ error("Cannot use -l with -H or -R.");
usage();
}
#ifdef WITH_OPENSSL
if (have_identity) {
n = do_print_resource_record(pw,
identity_file, rr_hostname);
- if (n == 0) {
- perror(identity_file);
- exit(1);
- }
+ if (n == 0)
+ fatal("%s: %s", identity_file, strerror(errno));
exit(0);
} else {
if (!quiet)
printf("Generating public/private %s key pair.\n",
key_type_name);
- if ((r = sshkey_generate(type, bits, &private)) != 0) {
- fprintf(stderr, "key_generate failed\n");
- exit(1);
- }
- if ((r = sshkey_from_private(private, &public)) != 0) {
- fprintf(stderr, "key_from_private failed: %s\n", ssh_err(r));
- exit(1);
- }
+ if ((r = sshkey_generate(type, bits, &private)) != 0)
+ fatal("key_generate failed");
+ if ((r = sshkey_from_private(private, &public)) != 0)
+ fatal("key_from_private failed: %s\n", ssh_err(r));
if (!have_identity)
ask_filename(pw, "Enter file in which to save the key");
/* Save the key with the given passphrase and comment. */
if ((r = sshkey_save_private(private, identity_file, passphrase1,
comment, use_new_format, new_format_cipher, rounds)) != 0) {
- printf("Saving key \"%s\" failed: %s\n",
+ error("Saving key \"%s\" failed: %s",
identity_file, ssh_err(r));
explicit_bzero(passphrase1, strlen(passphrase1));
free(passphrase1);
printf("Your identification has been saved in %s.\n", identity_file);
strlcat(identity_file, ".pub", sizeof(identity_file));
- fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
- if (fd == -1) {
- printf("Could not save your public key in %s\n", identity_file);
- exit(1);
- }
- f = fdopen(fd, "w");
- if (f == NULL) {
- printf("fdopen %s failed\n", identity_file);
- exit(1);
- }
+ if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
+ fatal("Unable to save public key to %s: %s",
+ identity_file, strerror(errno));
+ if ((f = fdopen(fd, "w")) == NULL)
+ fatal("fdopen %s failed: %s", identity_file, strerror(errno));
if ((r = sshkey_write(public, f)) != 0)
- fprintf(stderr, "write key failed: %s\n", ssh_err(r));
+ error("write key failed: %s", ssh_err(r));
fprintf(f, " %s\n", comment);
fclose(f);
projects / openbsd / commitdiff