don't use errno for key_{load,save}_private; discussion w/ solar@openwall

3 files changed, 24 insertions, 25 deletions

diff --git a/usr.bin/ssh/authfile.c b/usr.bin/ssh/authfile.c
index dec79b5cf59..da6ebeebae2 100644
--- a/usr.bin/ssh/authfile.c
+++ b/usr.bin/ssh/authfile.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.30 2001/03/26 23:12:42 markus Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.31 2001/04/15 16:58:03 markus Exp $");
 
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -140,11 +140,13 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase,
 	buffer_free(&buffer);
 
 	fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
-	if (fd < 0)
+	if (fd < 0) {
+		error("open %s failed: %s.", filename, strerror(errno));
 		return 0;
+	}
 	if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) !=
 	    buffer_len(&encrypted)) {
-		debug("Write to key file %.200s failed: %.100s", filename,
+		error("write to key file %s failed: %s", filename,
 		      strerror(errno));
 		buffer_free(&encrypted);
 		close(fd);
@@ -169,18 +171,17 @@ key_save_private_pem(Key *key, const char *filename, const char *_passphrase,
 	EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL;
 
 	if (len > 0 && len <= 4) {
-		error("passphrase too short: %d bytes", len);
-		errno = 0;
+		error("passphrase too short: have %d bytes, need > 4", len);
 		return 0;
 	}
 	fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
 	if (fd < 0) {
-		debug("open %s failed", filename);
+		error("open %s failed: %s.", filename, strerror(errno));
 		return 0;
 	}
 	fp = fdopen(fd, "w");
 	if (fp == NULL ) {
-		debug("fdopen %s failed", filename);
+		error("fdopen %s failed: %s.", filename, strerror(errno));
 		close(fd);
 		return 0;
 	}
@@ -215,6 +216,7 @@ key_save_private(Key *key, const char *filename, const char *passphrase,
 	default:
 		break;
 	}
+	error("key_save_private: cannot save key type %d", key->type);
 	return 0;
 }
 
@@ -248,7 +250,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
 
 	/* Check that it is at least big enough to contain the ID string. */
 	if (len < sizeof(authfile_id_string)) {
-		debug3("Bad RSA1 key file %.200s.", filename);
+		debug3("No RSA1 key file %.200s.", filename);
 		buffer_free(&buffer);
 		return NULL;
 	}
@@ -258,7 +260,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
 	 */
 	for (i = 0; i < sizeof(authfile_id_string); i++)
 		if (buffer_get_char(&buffer) != authfile_id_string[i]) {
-			debug3("Bad RSA1 key file %.200s.", filename);
+			debug3("No RSA1 key file %.200s.", filename);
 			buffer_free(&buffer);
 			return NULL;
 		}
@@ -334,7 +336,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
 
 	/* Check that it is at least big enough to contain the ID string. */
 	if (len < sizeof(authfile_id_string)) {
-		debug3("Bad RSA1 key file %.200s.", filename);
+		debug3("No RSA1 key file %.200s.", filename);
 		buffer_free(&buffer);
 		close(fd);
 		return NULL;
@@ -345,7 +347,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
 	 */
 	for (i = 0; i < sizeof(authfile_id_string); i++)
 		if (buffer_get_char(&buffer) != authfile_id_string[i]) {
-			debug3("Bad RSA1 key file %.200s.", filename);
+			debug3("No RSA1 key file %.200s.", filename);
 			buffer_free(&buffer);
 			close(fd);
 			return NULL;
@@ -439,13 +441,13 @@ key_load_private_pem(int fd, int type, const char *passphrase,
 
 	fp = fdopen(fd, "r");
 	if (fp == NULL) {
-		error("fdopen failed");
+		error("fdopen failed: %s", strerror(errno));
 		close(fd);
 		return NULL;
 	}
 	pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
 	if (pk == NULL) {
-		debug("PEM_read_PrivateKey failed");
+		error("PEM_read_PrivateKey failed");
 		(void)ERR_get_error();
 	} else if (pk->type == EVP_PKEY_RSA &&
 	     (type == KEY_UNSPEC||type==KEY_RSA)) {
@@ -511,7 +513,7 @@ key_load_private_type(int type, const char *filename, const char *passphrase,
 	if (fd < 0)
 		return NULL;
 	if (!key_perm_ok(fd, filename)) {
-		debug("bad permissions: ignore key: %s", filename);
+		error("bad permissions: ignore key: %s", filename);
 		close(fd);
 		return NULL;
 	}
@@ -545,7 +547,7 @@ key_load_private(const char *filename, const char *passphrase,
 	if (fd < 0)
 		return NULL;
 	if (!key_perm_ok(fd, filename)) {
-		debug("bad permissions: ignore key: %s", filename);
+		error("bad permissions: ignore key: %s", filename);
 		close(fd);
 		return NULL;
 	}
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c
index b19fff91271..d704069afad 100644
--- a/usr.bin/ssh/ssh-keygen.c
+++ b/usr.bin/ssh/ssh-keygen.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.55 2001/04/05 10:42:54 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.56 2001/04/15 16:58:03 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -508,8 +508,7 @@ do_change_passphrase(struct passwd *pw)
 
 	/* Save the file using the new passphrase. */
 	if (!key_save_private(private, identity_file, passphrase1, comment)) {
-		printf("Saving the key failed: %s: %s.\n",
-		       identity_file, strerror(errno));
+		printf("Saving the key failed: %s.\n", identity_file);
 		memset(passphrase1, 0, strlen(passphrase1));
 		xfree(passphrase1);
 		key_free(private);
@@ -587,8 +586,7 @@ do_change_comment(struct passwd *pw)
 
 	/* Save the file using the new passphrase. */
 	if (!key_save_private(private, identity_file, passphrase, new_comment)) {
-		printf("Saving the key failed: %s: %s.\n",
-		       identity_file, strerror(errno));
+		printf("Saving the key failed: %s.\n", identity_file);
 		memset(passphrase, 0, strlen(passphrase));
 		xfree(passphrase);
 		key_free(private);
@@ -830,8 +828,7 @@ passphrase_again:
 
 	/* Save the key with the given passphrase and comment. */
 	if (!key_save_private(private, identity_file, passphrase1, comment)) {
-		printf("Saving the key failed: %s: %s.\n",
-		    identity_file, strerror(errno));
+		printf("Saving the key failed: %s.\n", identity_file);
 		memset(passphrase1, 0, strlen(passphrase1));
 		xfree(passphrase1);
 		exit(1);
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index db39d929e2a..2c7b201f040 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.194 2001/04/15 08:43:47 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.195 2001/04/15 16:58:03 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -685,8 +685,8 @@ main(int ac, char **av)
 		key = key_load_private(options.host_key_files[i], "", NULL);
 		sensitive_data.host_keys[i] = key;
 		if (key == NULL) {
-			error("Could not load host key: %.200s: %.100s",
-			    options.host_key_files[i], strerror(errno));
+			error("Could not load host key: %s",
+			    options.host_key_files[i]);
 			sensitive_data.host_keys[i] = NULL;
 			continue;
 		}