===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.281
retrieving revision 1.288
diff -u -r1.281 -r1.288
--- src/usr.bin/ssh/ssh-keygen.c	2015/11/19 01:08:55	1.281
+++ src/usr.bin/ssh/ssh-keygen.c	2016/02/15 09:47:49	1.288
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.281 2015/11/19 01:08:55 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -514,7 +514,7 @@
 	sshbuf_free(b);
 
 	/* try the key */
-	if (sshkey_sign(key, &sig, &slen, data, sizeof(data), 0) != 0 ||
+	if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 ||
 	    sshkey_verify(key, sig, slen, data, sizeof(data), 0) != 0) {
 		sshkey_free(key);
 		free(sig);
@@ -867,7 +867,7 @@
 {
 	FILE *f;
 	struct sshkey *public = NULL;
-	char *comment = NULL, *cp, *ep, line[16*1024];
+	char *comment = NULL, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES];
 	int i, invalid = 1;
 	const char *path;
 	long int lnum = 0;
@@ -1216,8 +1216,11 @@
 	foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0;
 	if ((r = hostkeys_foreach(identity_file,
 	    hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx,
-	    name, NULL, foreach_options)) != 0)
+	    name, NULL, foreach_options)) != 0) {
+		if (inplace)
+			unlink(tmp);
 		fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));
+	}
 
 	if (inplace)
 		fclose(ctx.out);
@@ -1414,9 +1417,11 @@
 			    identity_file, ssh_err(r));
 		}
 	}
-	/* XXX what about new-format keys? */
-	if (private->type != KEY_RSA1) {
-		error("Comments are only supported for RSA1 keys.");
+
+	if (private->type != KEY_RSA1 && private->type != KEY_ED25519 &&
+	    !use_new_format) {
+		error("Comments are only supported for RSA1 or keys stored in "
+		    "the new format (-o).");
 		explicit_bzero(passphrase, strlen(passphrase));
 		sshkey_free(private);
 		exit(1);
@@ -1640,10 +1645,10 @@
 		fclose(f);
 
 		if (!quiet) {
-			sshkey_format_cert_validity(public->cert, 
+			sshkey_format_cert_validity(public->cert,
 			    valid, sizeof(valid));
 			logit("Signed %s key %s: id \"%s\" serial %llu%s%s "
-			    "valid %s", sshkey_cert_type(public), 
+			    "valid %s", sshkey_cert_type(public),
 			    out, public->cert->key_id,
 			    (unsigned long long)public->cert->serial,
 			    cert_principals != NULL ? " for " : "",
@@ -1682,7 +1687,7 @@
 	char buf[32], *fmt;
 
 	/*
-	 * POSIX strptime says "The application shall ensure that there 
+	 * POSIX strptime says "The application shall ensure that there
 	 * is white-space or other non-alphanumeric characters between
 	 * any two conversion specifications" so arrange things this way.
 	 */
@@ -1898,7 +1903,7 @@
 	struct stat st;
 	int r, is_stdin = 0, ok = 0;
 	FILE *f;
-	char *cp, line[2048];
+	char *cp, line[SSH_MAX_PUBKEY_BYTES];
 	const char *path;
 	long int lnum = 0;
 
@@ -2147,8 +2152,7 @@
 	close(fd);
 	sshbuf_free(kbuf);
 	ssh_krl_free(krl);
-	if (ca != NULL)
-		sshkey_free(ca);
+	sshkey_free(ca);
 }
 
 static void
@@ -2244,6 +2248,7 @@
 	extern int optind;
 	extern char *optarg;
 
+	ssh_malloc_init();	/* must be called before any mallocs */
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();