diff options
| author | Damien Miller <djm@mindrot.org> | 2014-07-02 15:28:02 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-07-02 15:28:02 +1000 |
| commit | 8668706d0f52654fe64c0ca41a96113aeab8d2b8 (patch) | |
| tree | 73e78e1ea3d39206e39870bbe0af17d6c430fb51 /ssh-keygen.c | |
| parent | 2cd7929250cf9e9f658d70dcd452f529ba08c942 (diff) | |
- djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
[auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
[cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
[digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
[hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
[ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
[ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
[ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
[sshconnect2.c sshd.c sshkey.c sshkey.h
[openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
New key API: refactor key-related functions to be more library-like,
existing API is offered as a set of wrappers.
with and ok markus@
Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
Dempsky and Ron Bowes for a detailed review a few months ago.
NB. This commit also removes portable OpenSSH support for OpenSSL
<0.9.8e.
Diffstat (limited to 'ssh-keygen.c')
| -rw-r--r-- | ssh-keygen.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 085f1ec55..e2aa215b2 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keygen.c,v 1.246 2014/04/29 18:01:49 markus Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.247 2014/06/24 01:13:21 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -482,7 +482,9 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) | |||
| 482 | buffer_get_bignum_bits(&b, key->rsa->iqmp); | 482 | buffer_get_bignum_bits(&b, key->rsa->iqmp); |
| 483 | buffer_get_bignum_bits(&b, key->rsa->q); | 483 | buffer_get_bignum_bits(&b, key->rsa->q); |
| 484 | buffer_get_bignum_bits(&b, key->rsa->p); | 484 | buffer_get_bignum_bits(&b, key->rsa->p); |
| 485 | rsa_generate_additional_parameters(key->rsa); | 485 | if (rsa_generate_additional_parameters(key->rsa) != 0) |
| 486 | fatal("%s: rsa_generate_additional_parameters " | ||
| 487 | "error", __func__); | ||
| 486 | break; | 488 | break; |
| 487 | } | 489 | } |
| 488 | rlen = buffer_len(&b); | 490 | rlen = buffer_len(&b); |
| @@ -1637,12 +1639,12 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
| 1637 | public->cert->valid_after = cert_valid_from; | 1639 | public->cert->valid_after = cert_valid_from; |
| 1638 | public->cert->valid_before = cert_valid_to; | 1640 | public->cert->valid_before = cert_valid_to; |
| 1639 | if (v00) { | 1641 | if (v00) { |
| 1640 | prepare_options_buf(&public->cert->critical, | 1642 | prepare_options_buf(public->cert->critical, |
| 1641 | OPTIONS_CRITICAL|OPTIONS_EXTENSIONS); | 1643 | OPTIONS_CRITICAL|OPTIONS_EXTENSIONS); |
| 1642 | } else { | 1644 | } else { |
| 1643 | prepare_options_buf(&public->cert->critical, | 1645 | prepare_options_buf(public->cert->critical, |
| 1644 | OPTIONS_CRITICAL); | 1646 | OPTIONS_CRITICAL); |
| 1645 | prepare_options_buf(&public->cert->extensions, | 1647 | prepare_options_buf(public->cert->extensions, |
| 1646 | OPTIONS_EXTENSIONS); | 1648 | OPTIONS_EXTENSIONS); |
| 1647 | } | 1649 | } |
| 1648 | public->cert->signature_key = key_from_private(ca); | 1650 | public->cert->signature_key = key_from_private(ca); |
| @@ -1913,19 +1915,19 @@ do_show_cert(struct passwd *pw) | |||
| 1913 | printf("\n"); | 1915 | printf("\n"); |
| 1914 | } | 1916 | } |
| 1915 | printf(" Critical Options: "); | 1917 | printf(" Critical Options: "); |
| 1916 | if (buffer_len(&key->cert->critical) == 0) | 1918 | if (buffer_len(key->cert->critical) == 0) |
| 1917 | printf("(none)\n"); | 1919 | printf("(none)\n"); |
| 1918 | else { | 1920 | else { |
| 1919 | printf("\n"); | 1921 | printf("\n"); |
| 1920 | show_options(&key->cert->critical, v00, 1); | 1922 | show_options(key->cert->critical, v00, 1); |
| 1921 | } | 1923 | } |
| 1922 | if (!v00) { | 1924 | if (!v00) { |
| 1923 | printf(" Extensions: "); | 1925 | printf(" Extensions: "); |
| 1924 | if (buffer_len(&key->cert->extensions) == 0) | 1926 | if (buffer_len(key->cert->extensions) == 0) |
| 1925 | printf("(none)\n"); | 1927 | printf("(none)\n"); |
| 1926 | else { | 1928 | else { |
| 1927 | printf("\n"); | 1929 | printf("\n"); |
| 1928 | show_options(&key->cert->extensions, v00, 0); | 1930 | show_options(key->cert->extensions, v00, 0); |
| 1929 | } | 1931 | } |
| 1930 | } | 1932 | } |
| 1931 | exit(0); | 1933 | exit(0); |