diff options
| author | Damien Miller <djm@mindrot.org> | 2014-05-15 14:24:09 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-05-15 14:24:09 +1000 |
| commit | 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 (patch) | |
| tree | ae708c2a25f84a04bcb04f2dbf3e8039e0f692bc /ssh-keygen.c | |
| parent | c5893785564498cea73cb60d2cf199490483e080 (diff) | |
- markus@cvs.openbsd.org 2014/04/29 18:01:49
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
[kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
[roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
make compiling against OpenSSL optional (make OPENSSL=no);
reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
allows us to explore further options; with and ok djm
Diffstat (limited to 'ssh-keygen.c')
| -rw-r--r-- | ssh-keygen.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 85eaf2ef5..085f1ec55 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keygen.c,v 1.245 2014/04/28 03:09:18 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.246 2014/04/29 18:01:49 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -195,6 +195,7 @@ type_bits_valid(int type, u_int32_t *bitsp) | |||
| 195 | fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); | 195 | fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); |
| 196 | exit(1); | 196 | exit(1); |
| 197 | } | 197 | } |
| 198 | #ifdef WITH_OPENSSL | ||
| 198 | if (type == KEY_DSA && *bitsp != 1024) | 199 | if (type == KEY_DSA && *bitsp != 1024) |
| 199 | fatal("DSA keys must be 1024 bits"); | 200 | fatal("DSA keys must be 1024 bits"); |
| 200 | else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) | 201 | else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) |
| @@ -202,6 +203,7 @@ type_bits_valid(int type, u_int32_t *bitsp) | |||
| 202 | else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1) | 203 | else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1) |
| 203 | fatal("Invalid ECDSA key length - valid lengths are " | 204 | fatal("Invalid ECDSA key length - valid lengths are " |
| 204 | "256, 384 or 521 bits"); | 205 | "256, 384 or 521 bits"); |
| 206 | #endif | ||
| 205 | } | 207 | } |
| 206 | 208 | ||
| 207 | static void | 209 | static void |
| @@ -278,6 +280,7 @@ load_identity(char *filename) | |||
| 278 | #define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----" | 280 | #define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----" |
| 279 | #define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb | 281 | #define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb |
| 280 | 282 | ||
| 283 | #ifdef WITH_OPENSSL | ||
| 281 | static void | 284 | static void |
| 282 | do_convert_to_ssh2(struct passwd *pw, Key *k) | 285 | do_convert_to_ssh2(struct passwd *pw, Key *k) |
| 283 | { | 286 | { |
| @@ -711,6 +714,7 @@ do_convert_from(struct passwd *pw) | |||
| 711 | key_free(k); | 714 | key_free(k); |
| 712 | exit(0); | 715 | exit(0); |
| 713 | } | 716 | } |
| 717 | #endif | ||
| 714 | 718 | ||
| 715 | static void | 719 | static void |
| 716 | do_print_public(struct passwd *pw) | 720 | do_print_public(struct passwd *pw) |
| @@ -1589,7 +1593,9 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
| 1589 | } | 1593 | } |
| 1590 | } | 1594 | } |
| 1591 | 1595 | ||
| 1596 | #ifdef ENABLE_PKCS11 | ||
| 1592 | pkcs11_init(1); | 1597 | pkcs11_init(1); |
| 1598 | #endif | ||
| 1593 | tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); | 1599 | tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); |
| 1594 | if (pkcs11provider != NULL) { | 1600 | if (pkcs11provider != NULL) { |
| 1595 | if ((ca = load_pkcs11_key(tmp)) == NULL) | 1601 | if ((ca = load_pkcs11_key(tmp)) == NULL) |
| @@ -1672,7 +1678,9 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
| 1672 | key_free(public); | 1678 | key_free(public); |
| 1673 | free(out); | 1679 | free(out); |
| 1674 | } | 1680 | } |
| 1681 | #ifdef ENABLE_PKCS11 | ||
| 1675 | pkcs11_terminate(); | 1682 | pkcs11_terminate(); |
| 1683 | #endif | ||
| 1676 | exit(0); | 1684 | exit(0); |
| 1677 | } | 1685 | } |
| 1678 | 1686 | ||
| @@ -1923,6 +1931,7 @@ do_show_cert(struct passwd *pw) | |||
| 1923 | exit(0); | 1931 | exit(0); |
| 1924 | } | 1932 | } |
| 1925 | 1933 | ||
| 1934 | #ifdef WITH_OPENSSL | ||
| 1926 | static void | 1935 | static void |
| 1927 | load_krl(const char *path, struct ssh_krl **krlp) | 1936 | load_krl(const char *path, struct ssh_krl **krlp) |
| 1928 | { | 1937 | { |
| @@ -2145,6 +2154,7 @@ do_check_krl(struct passwd *pw, int argc, char **argv) | |||
| 2145 | ssh_krl_free(krl); | 2154 | ssh_krl_free(krl); |
| 2146 | exit(ret); | 2155 | exit(ret); |
| 2147 | } | 2156 | } |
| 2157 | #endif | ||
| 2148 | 2158 | ||
| 2149 | static void | 2159 | static void |
| 2150 | usage(void) | 2160 | usage(void) |
| @@ -2448,6 +2458,7 @@ main(int argc, char **argv) | |||
| 2448 | printf("Cannot use -l with -H or -R.\n"); | 2458 | printf("Cannot use -l with -H or -R.\n"); |
| 2449 | usage(); | 2459 | usage(); |
| 2450 | } | 2460 | } |
| 2461 | #ifdef WITH_OPENSSL | ||
| 2451 | if (gen_krl) { | 2462 | if (gen_krl) { |
| 2452 | do_gen_krl(pw, update_krl, argc, argv); | 2463 | do_gen_krl(pw, update_krl, argc, argv); |
| 2453 | return (0); | 2464 | return (0); |
| @@ -2456,6 +2467,7 @@ main(int argc, char **argv) | |||
| 2456 | do_check_krl(pw, argc, argv); | 2467 | do_check_krl(pw, argc, argv); |
| 2457 | return (0); | 2468 | return (0); |
| 2458 | } | 2469 | } |
| 2470 | #endif | ||
| 2459 | if (ca_key_path != NULL) { | 2471 | if (ca_key_path != NULL) { |
| 2460 | if (cert_key_id == NULL) | 2472 | if (cert_key_id == NULL) |
| 2461 | fatal("Must specify key id (-I) when certifying"); | 2473 | fatal("Must specify key id (-I) when certifying"); |
| @@ -2473,10 +2485,12 @@ main(int argc, char **argv) | |||
| 2473 | do_change_passphrase(pw); | 2485 | do_change_passphrase(pw); |
| 2474 | if (change_comment) | 2486 | if (change_comment) |
| 2475 | do_change_comment(pw); | 2487 | do_change_comment(pw); |
| 2488 | #ifdef WITH_OPENSSL | ||
| 2476 | if (convert_to) | 2489 | if (convert_to) |
| 2477 | do_convert_to(pw); | 2490 | do_convert_to(pw); |
| 2478 | if (convert_from) | 2491 | if (convert_from) |
| 2479 | do_convert_from(pw); | 2492 | do_convert_from(pw); |
| 2493 | #endif | ||
| 2480 | if (print_public) | 2494 | if (print_public) |
| 2481 | do_print_public(pw); | 2495 | do_print_public(pw); |
| 2482 | if (rr_hostname != NULL) { | 2496 | if (rr_hostname != NULL) { |