Do not prompt for a passphrase if we fail to open a keyfile, and log the
reason the open failed to debug.
bz #1693, found by tj AT castaglia org, ok djm@
+ - djm@cvs.openbsd.org 2010/01/11 10:51:07
+ [ssh-keygen.c]
+ when converting keys, truncate key comments at 72 chars as per RFC4716;
+ bz#1630 reported by tj AT castaglia.org; ok markus@
20100110
- (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c]
-/* $OpenBSD: ssh-keygen.c,v 1.175 2009/08/27 17:33:49 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.176 2010/01/11 10:51:07 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
Key *k;
u_int len;
u_char *blob;
+ char comment[61];
struct stat st;
if (!have_identity)
fprintf(stderr, "key_to_blob failed\n");
exit(1);
}
- fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
- fprintf(stdout,
- "Comment: \"%u-bit %s, converted from OpenSSH by %s@%s\"\n",
+ /* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
+ snprintf(comment, sizeof(comment),
+ "%u-bit %s, converted by %s@%s from OpenSSH",
key_size(k), key_type(k),
pw->pw_name, hostname);
+
+ fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
+ fprintf(stdout, "Comment: \"%s\"\n", comment);
dump_base64(stdout, blob, len);
fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END);
key_free(k);