summaryrefslogtreecommitdiff
path: root/ssh-keygen.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-01-23 04:51:02 +0000
committerDamien Miller <djm@mindrot.org>2019-01-23 19:03:05 +1100
commitbe063945e4e7d46b1734d973bf244c350fae172a (patch)
tree636c38761962bb0cd74b809fe896ccba88c18268 /ssh-keygen.c
parent851f80328931975fe68f71af363c4537cb896da2 (diff)
upstream: allow auto-incrementing certificate serial number for certs
signed in a single commandline. OpenBSD-Commit-ID: 39881087641efb8cd83c7ec13b9c98280633f45b
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r--ssh-keygen.c17
1 files changed, 12 insertions, 5 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index ffb92fd94..992491f15 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.325 2019/01/23 04:16:22 djm Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.326 2019/01/23 04:51:02 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1645,7 +1645,8 @@ agent_signer(const struct sshkey *key, u_char **sigp, size_t *lenp,
1645 1645
1646static void 1646static void
1647do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, 1647do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
1648 unsigned long long cert_serial, int argc, char **argv) 1648 unsigned long long cert_serial, int cert_serial_autoinc,
1649 int argc, char **argv)
1649{ 1650{
1650 int r, i, fd, found, agent_fd = -1; 1651 int r, i, fd, found, agent_fd = -1;
1651 u_int n; 1652 u_int n;
@@ -1785,6 +1786,8 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
1785 1786
1786 sshkey_free(public); 1787 sshkey_free(public);
1787 free(out); 1788 free(out);
1789 if (cert_serial_autoinc)
1790 cert_serial++;
1788 } 1791 }
1789#ifdef ENABLE_PKCS11 1792#ifdef ENABLE_PKCS11
1790 pkcs11_terminate(); 1793 pkcs11_terminate();
@@ -2414,7 +2417,7 @@ main(int argc, char **argv)
2414 int find_host = 0, delete_host = 0, hash_hosts = 0; 2417 int find_host = 0, delete_host = 0, hash_hosts = 0;
2415 int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; 2418 int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
2416 int prefer_agent = 0, convert_to = 0, convert_from = 0; 2419 int prefer_agent = 0, convert_to = 0, convert_from = 0;
2417 int print_public = 0, print_generic = 0; 2420 int print_public = 0, print_generic = 0, cert_serial_autoinc = 0;
2418 unsigned long long cert_serial = 0; 2421 unsigned long long cert_serial = 0;
2419 char *identity_comment = NULL, *ca_key_path = NULL; 2422 char *identity_comment = NULL, *ca_key_path = NULL;
2420 u_int bits = 0; 2423 u_int bits = 0;
@@ -2610,6 +2613,10 @@ main(int argc, char **argv)
2610 break; 2613 break;
2611 case 'z': 2614 case 'z':
2612 errno = 0; 2615 errno = 0;
2616 if (*optarg == '+') {
2617 cert_serial_autoinc = 1;
2618 optarg++;
2619 }
2613 cert_serial = strtoull(optarg, &ep, 10); 2620 cert_serial = strtoull(optarg, &ep, 10);
2614 if (*optarg < '0' || *optarg > '9' || *ep != '\0' || 2621 if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
2615 (errno == ERANGE && cert_serial == ULLONG_MAX)) 2622 (errno == ERANGE && cert_serial == ULLONG_MAX))
@@ -2700,8 +2707,8 @@ main(int argc, char **argv)
2700 if (ca_key_path != NULL) { 2707 if (ca_key_path != NULL) {
2701 if (cert_key_id == NULL) 2708 if (cert_key_id == NULL)
2702 fatal("Must specify key id (-I) when certifying"); 2709 fatal("Must specify key id (-I) when certifying");
2703 do_ca_sign(pw, ca_key_path, prefer_agent, cert_serial, 2710 do_ca_sign(pw, ca_key_path, prefer_agent,
2704 argc, argv); 2711 cert_serial, cert_serial_autoinc, argc, argv);
2705 } 2712 }
2706 if (show_cert) 2713 if (show_cert)
2707 do_show_cert(pw); 2714 do_show_cert(pw);
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 05:00:01 +0000