diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2015-05-28 07:37:31 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-05-28 18:54:58 +1000 |
| commit | 1d9a2e2849c9864fe75daabf433436341c968e14 (patch) | |
| tree | f6ea74e9078589c23ac77fc0d0f0320a5bc3f11b | |
| parent | 496aeb25bc2d6c434171292e4714771b594bd00e (diff) | |
upstream commit
wrap all moduli-related code in #ifdef WITH_OPENSSL.
based on patch from Reuben Hawkins; bz#2388 feedback and ok dtucker@
Upstream-ID: d80cfc8be3e6ec65b3fac9e87c4466533b31b7cf
| -rw-r--r-- | ssh-keygen.c | 68 |
1 files changed, 36 insertions, 32 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index ff1d31b91..8259d87e7 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keygen.c,v 1.273 2015/05/28 04:40:13 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.274 2015/05/28 07:37:31 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -180,16 +180,18 @@ extern char *__progname; | |||
| 180 | 180 | ||
| 181 | char hostname[NI_MAXHOST]; | 181 | char hostname[NI_MAXHOST]; |
| 182 | 182 | ||
| 183 | #ifdef WITH_OPENSSL | ||
| 183 | /* moduli.c */ | 184 | /* moduli.c */ |
| 184 | int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); | 185 | int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); |
| 185 | int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, | 186 | int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, |
| 186 | unsigned long); | 187 | unsigned long); |
| 188 | #endif | ||
| 187 | 189 | ||
| 188 | static void | 190 | static void |
| 189 | type_bits_valid(int type, const char *name, u_int32_t *bitsp) | 191 | type_bits_valid(int type, const char *name, u_int32_t *bitsp) |
| 190 | { | 192 | { |
| 191 | #ifdef WITH_OPENSSL | 193 | #ifdef WITH_OPENSSL |
| 192 | u_int maxbits, nid; | 194 | u_int maxbits, nid; |
| 193 | #endif | 195 | #endif |
| 194 | 196 | ||
| 195 | if (type == KEY_UNSPEC) | 197 | if (type == KEY_UNSPEC) |
| @@ -2196,9 +2198,11 @@ usage(void) | |||
| 2196 | " ssh-keygen -H [-f known_hosts_file]\n" | 2198 | " ssh-keygen -H [-f known_hosts_file]\n" |
| 2197 | " ssh-keygen -R hostname [-f known_hosts_file]\n" | 2199 | " ssh-keygen -R hostname [-f known_hosts_file]\n" |
| 2198 | " ssh-keygen -r hostname [-f input_keyfile] [-g]\n" | 2200 | " ssh-keygen -r hostname [-f input_keyfile] [-g]\n" |
| 2201 | #ifdef WITH_OPENSSL | ||
| 2199 | " ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n" | 2202 | " ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n" |
| 2200 | " ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n" | 2203 | " ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n" |
| 2201 | " [-j start_line] [-K checkpt] [-W generator]\n" | 2204 | " [-j start_line] [-K checkpt] [-W generator]\n" |
| 2205 | #endif | ||
| 2202 | " ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n" | 2206 | " ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n" |
| 2203 | " [-O option] [-V validity_interval] [-z serial_number] file ...\n" | 2207 | " [-O option] [-V validity_interval] [-z serial_number] file ...\n" |
| 2204 | " ssh-keygen -L [-f input_keyfile]\n" | 2208 | " ssh-keygen -L [-f input_keyfile]\n" |
| @@ -2216,19 +2220,22 @@ int | |||
| 2216 | main(int argc, char **argv) | 2220 | main(int argc, char **argv) |
| 2217 | { | 2221 | { |
| 2218 | char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2; | 2222 | char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2; |
| 2219 | char *checkpoint = NULL; | 2223 | char *rr_hostname = NULL, *ep, *fp, *ra; |
| 2220 | char out_file[PATH_MAX], *rr_hostname = NULL, *ep, *fp, *ra; | ||
| 2221 | struct sshkey *private, *public; | 2224 | struct sshkey *private, *public; |
| 2222 | struct passwd *pw; | 2225 | struct passwd *pw; |
| 2223 | struct stat st; | 2226 | struct stat st; |
| 2224 | int r, opt, type, fd; | 2227 | int r, opt, type, fd; |
| 2228 | int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; | ||
| 2229 | FILE *f; | ||
| 2230 | const char *errstr; | ||
| 2231 | #ifdef WITH_OPENSSL | ||
| 2232 | /* Moduli generation/screening */ | ||
| 2233 | char out_file[PATH_MAX], *checkpoint = NULL; | ||
| 2225 | u_int32_t memory = 0, generator_wanted = 0; | 2234 | u_int32_t memory = 0, generator_wanted = 0; |
| 2226 | int do_gen_candidates = 0, do_screen_candidates = 0; | 2235 | int do_gen_candidates = 0, do_screen_candidates = 0; |
| 2227 | int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; | ||
| 2228 | unsigned long start_lineno = 0, lines_to_process = 0; | 2236 | unsigned long start_lineno = 0, lines_to_process = 0; |
| 2229 | BIGNUM *start = NULL; | 2237 | BIGNUM *start = NULL; |
| 2230 | FILE *f; | 2238 | #endif |
| 2231 | const char *errstr; | ||
| 2232 | 2239 | ||
| 2233 | extern int optind; | 2240 | extern int optind; |
| 2234 | extern char *optarg; | 2241 | extern char *optarg; |
| @@ -2281,12 +2288,6 @@ main(int argc, char **argv) | |||
| 2281 | case 'I': | 2288 | case 'I': |
| 2282 | cert_key_id = optarg; | 2289 | cert_key_id = optarg; |
| 2283 | break; | 2290 | break; |
| 2284 | case 'J': | ||
| 2285 | lines_to_process = strtoul(optarg, NULL, 10); | ||
| 2286 | break; | ||
| 2287 | case 'j': | ||
| 2288 | start_lineno = strtoul(optarg, NULL, 10); | ||
| 2289 | break; | ||
| 2290 | case 'R': | 2291 | case 'R': |
| 2291 | delete_host = 1; | 2292 | delete_host = 1; |
| 2292 | rr_hostname = optarg; | 2293 | rr_hostname = optarg; |
| @@ -2328,8 +2329,8 @@ main(int argc, char **argv) | |||
| 2328 | change_comment = 1; | 2329 | change_comment = 1; |
| 2329 | break; | 2330 | break; |
| 2330 | case 'f': | 2331 | case 'f': |
| 2331 | if (strlcpy(identity_file, optarg, sizeof(identity_file)) >= | 2332 | if (strlcpy(identity_file, optarg, |
| 2332 | sizeof(identity_file)) | 2333 | sizeof(identity_file)) >= sizeof(identity_file)) |
| 2333 | fatal("Identity filename too long"); | 2334 | fatal("Identity filename too long"); |
| 2334 | have_identity = 1; | 2335 | have_identity = 1; |
| 2335 | break; | 2336 | break; |
| @@ -2401,20 +2402,31 @@ main(int argc, char **argv) | |||
| 2401 | case 'r': | 2402 | case 'r': |
| 2402 | rr_hostname = optarg; | 2403 | rr_hostname = optarg; |
| 2403 | break; | 2404 | break; |
| 2404 | case 'W': | ||
| 2405 | generator_wanted = (u_int32_t)strtonum(optarg, 1, | ||
| 2406 | UINT_MAX, &errstr); | ||
| 2407 | if (errstr) | ||
| 2408 | fatal("Desired generator has bad value: %s (%s)", | ||
| 2409 | optarg, errstr); | ||
| 2410 | break; | ||
| 2411 | case 'a': | 2405 | case 'a': |
| 2412 | rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr); | 2406 | rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr); |
| 2413 | if (errstr) | 2407 | if (errstr) |
| 2414 | fatal("Invalid number: %s (%s)", | 2408 | fatal("Invalid number: %s (%s)", |
| 2415 | optarg, errstr); | 2409 | optarg, errstr); |
| 2416 | break; | 2410 | break; |
| 2411 | case 'V': | ||
| 2412 | parse_cert_times(optarg); | ||
| 2413 | break; | ||
| 2414 | case 'z': | ||
| 2415 | errno = 0; | ||
| 2416 | cert_serial = strtoull(optarg, &ep, 10); | ||
| 2417 | if (*optarg < '0' || *optarg > '9' || *ep != '\0' || | ||
| 2418 | (errno == ERANGE && cert_serial == ULLONG_MAX)) | ||
| 2419 | fatal("Invalid serial number \"%s\"", optarg); | ||
| 2420 | break; | ||
| 2417 | #ifdef WITH_OPENSSL | 2421 | #ifdef WITH_OPENSSL |
| 2422 | /* Moduli generation/screening */ | ||
| 2423 | case 'W': | ||
| 2424 | generator_wanted = (u_int32_t)strtonum(optarg, 1, | ||
| 2425 | UINT_MAX, &errstr); | ||
| 2426 | if (errstr) | ||
| 2427 | fatal("Desired generator has bad value: %s (%s)", | ||
| 2428 | optarg, errstr); | ||
| 2429 | break; | ||
| 2418 | case 'M': | 2430 | case 'M': |
| 2419 | memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr); | 2431 | memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr); |
| 2420 | if (errstr) | 2432 | if (errstr) |
| @@ -2443,16 +2455,6 @@ main(int argc, char **argv) | |||
| 2443 | fatal("Invalid start point."); | 2455 | fatal("Invalid start point."); |
| 2444 | break; | 2456 | break; |
| 2445 | #endif /* WITH_OPENSSL */ | 2457 | #endif /* WITH_OPENSSL */ |
| 2446 | case 'V': | ||
| 2447 | parse_cert_times(optarg); | ||
| 2448 | break; | ||
| 2449 | case 'z': | ||
| 2450 | errno = 0; | ||
| 2451 | cert_serial = strtoull(optarg, &ep, 10); | ||
| 2452 | if (*optarg < '0' || *optarg > '9' || *ep != '\0' || | ||
| 2453 | (errno == ERANGE && cert_serial == ULLONG_MAX)) | ||
| 2454 | fatal("Invalid serial number \"%s\"", optarg); | ||
| 2455 | break; | ||
| 2456 | case '?': | 2458 | case '?': |
| 2457 | default: | 2459 | default: |
| 2458 | usage(); | 2460 | usage(); |
| @@ -2540,6 +2542,7 @@ main(int argc, char **argv) | |||
| 2540 | } | 2542 | } |
| 2541 | } | 2543 | } |
| 2542 | 2544 | ||
| 2545 | #ifdef WITH_OPENSSL | ||
| 2543 | if (do_gen_candidates) { | 2546 | if (do_gen_candidates) { |
| 2544 | FILE *out = fopen(out_file, "w"); | 2547 | FILE *out = fopen(out_file, "w"); |
| 2545 | 2548 | ||
| @@ -2579,6 +2582,7 @@ main(int argc, char **argv) | |||
| 2579 | fatal("modulus screening failed"); | 2582 | fatal("modulus screening failed"); |
| 2580 | return (0); | 2583 | return (0); |
| 2581 | } | 2584 | } |
| 2585 | #endif | ||
| 2582 | 2586 | ||
| 2583 | if (gen_all_hostkeys) { | 2587 | if (gen_all_hostkeys) { |
| 2584 | do_gen_all_hostkeys(pw); | 2588 | do_gen_all_hostkeys(pw); |