summaryrefslogtreecommitdiff
path: root/ssh-keygen.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2012-09-07 00:20:47 +0100
committerColin Watson <cjwatson@debian.org>2012-09-07 00:20:47 +0100
commiteab78da6a54225de06271d9c8da650f04a55ed88 (patch)
treeaa258ca77515939f6d89317ff67fbcb0bca08b24 /ssh-keygen.c
parenta26f5de49df59322fde07f7be91b3e3969c9c238 (diff)
parentc6a2c0334e45419875687d250aed9bea78480f2e (diff)
* New upstream release (http://www.openssh.com/txt/release-6.1).
- Enable pre-auth sandboxing by default for new installs. - Allow "PermitOpen none" to refuse all port-forwarding requests (closes: #543683).
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r--ssh-keygen.c34
1 files changed, 24 insertions, 10 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 5fcd3a159..a223ddc81 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.212 2011/10/16 15:02:41 jmc Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.216 2012/07/06 06:38:03 jmc Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -154,7 +154,8 @@ char hostname[MAXHOSTNAMELEN];
154 154
155/* moduli.c */ 155/* moduli.c */
156int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); 156int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
157int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *); 157int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
158 unsigned long);
158 159
159static void 160static void
160type_bits_valid(int type, u_int32_t *bitsp) 161type_bits_valid(int type, u_int32_t *bitsp)
@@ -265,6 +266,10 @@ do_convert_to_ssh2(struct passwd *pw, Key *k)
265 u_char *blob; 266 u_char *blob;
266 char comment[61]; 267 char comment[61];
267 268
269 if (k->type == KEY_RSA1) {
270 fprintf(stderr, "version 1 keys are not supported\n");
271 exit(1);
272 }
268 if (key_to_blob(k, &blob, &len) <= 0) { 273 if (key_to_blob(k, &blob, &len) <= 0) {
269 fprintf(stderr, "key_to_blob failed\n"); 274 fprintf(stderr, "key_to_blob failed\n");
270 exit(1); 275 exit(1);
@@ -288,6 +293,7 @@ static void
288do_convert_to_pkcs8(Key *k) 293do_convert_to_pkcs8(Key *k)
289{ 294{
290 switch (key_type_plain(k->type)) { 295 switch (key_type_plain(k->type)) {
296 case KEY_RSA1:
291 case KEY_RSA: 297 case KEY_RSA:
292 if (!PEM_write_RSA_PUBKEY(stdout, k->rsa)) 298 if (!PEM_write_RSA_PUBKEY(stdout, k->rsa))
293 fatal("PEM_write_RSA_PUBKEY failed"); 299 fatal("PEM_write_RSA_PUBKEY failed");
@@ -312,6 +318,7 @@ static void
312do_convert_to_pem(Key *k) 318do_convert_to_pem(Key *k)
313{ 319{
314 switch (key_type_plain(k->type)) { 320 switch (key_type_plain(k->type)) {
321 case KEY_RSA1:
315 case KEY_RSA: 322 case KEY_RSA:
316 if (!PEM_write_RSAPublicKey(stdout, k->rsa)) 323 if (!PEM_write_RSAPublicKey(stdout, k->rsa))
317 fatal("PEM_write_RSAPublicKey failed"); 324 fatal("PEM_write_RSAPublicKey failed");
@@ -345,10 +352,6 @@ do_convert_to(struct passwd *pw)
345 exit(1); 352 exit(1);
346 } 353 }
347 } 354 }
348 if (k->type == KEY_RSA1) {
349 fprintf(stderr, "version 1 keys are not supported\n");
350 exit(1);
351 }
352 355
353 switch (convert_format) { 356 switch (convert_format) {
354 case FMT_RFC4716: 357 case FMT_RFC4716:
@@ -1886,6 +1889,8 @@ usage(void)
1886 fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n"); 1889 fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n");
1887 fprintf(stderr, " -I key_id Key identifier to include in certificate.\n"); 1890 fprintf(stderr, " -I key_id Key identifier to include in certificate.\n");
1888 fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n"); 1891 fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n");
1892 fprintf(stderr, " -J number Screen this number of moduli lines.\n");
1893 fprintf(stderr, " -j number Start screening moduli at specified line.\n");
1889 fprintf(stderr, " -K checkpt Write checkpoints to this file.\n"); 1894 fprintf(stderr, " -K checkpt Write checkpoints to this file.\n");
1890 fprintf(stderr, " -L Print the contents of a certificate.\n"); 1895 fprintf(stderr, " -L Print the contents of a certificate.\n");
1891 fprintf(stderr, " -l Show fingerprint of key file.\n"); 1896 fprintf(stderr, " -l Show fingerprint of key file.\n");
@@ -1928,6 +1933,7 @@ main(int argc, char **argv)
1928 u_int32_t memory = 0, generator_wanted = 0, trials = 100; 1933 u_int32_t memory = 0, generator_wanted = 0, trials = 100;
1929 int do_gen_candidates = 0, do_screen_candidates = 0; 1934 int do_gen_candidates = 0, do_screen_candidates = 0;
1930 int gen_all_hostkeys = 0; 1935 int gen_all_hostkeys = 0;
1936 unsigned long start_lineno = 0, lines_to_process = 0;
1931 BIGNUM *start = NULL; 1937 BIGNUM *start = NULL;
1932 FILE *f; 1938 FILE *f;
1933 const char *errstr; 1939 const char *errstr;
@@ -1956,8 +1962,8 @@ main(int argc, char **argv)
1956 exit(1); 1962 exit(1);
1957 } 1963 }
1958 1964
1959 while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:K:P:m:N:n:" 1965 while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:J:j:K:P:"
1960 "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) { 1966 "m:N:n:O:C:r:g:R:T:G:M:S:s:a:V:W:z")) != -1) {
1961 switch (opt) { 1967 switch (opt) {
1962 case 'A': 1968 case 'A':
1963 gen_all_hostkeys = 1; 1969 gen_all_hostkeys = 1;
@@ -1978,6 +1984,12 @@ main(int argc, char **argv)
1978 case 'I': 1984 case 'I':
1979 cert_key_id = optarg; 1985 cert_key_id = optarg;
1980 break; 1986 break;
1987 case 'J':
1988 lines_to_process = strtoul(optarg, NULL, 10);
1989 break;
1990 case 'j':
1991 start_lineno = strtoul(optarg, NULL, 10);
1992 break;
1981 case 'R': 1993 case 'R':
1982 delete_host = 1; 1994 delete_host = 1;
1983 rr_hostname = optarg; 1995 rr_hostname = optarg;
@@ -2192,6 +2204,8 @@ main(int argc, char **argv)
2192 _PATH_HOST_RSA_KEY_FILE, rr_hostname); 2204 _PATH_HOST_RSA_KEY_FILE, rr_hostname);
2193 n += do_print_resource_record(pw, 2205 n += do_print_resource_record(pw,
2194 _PATH_HOST_DSA_KEY_FILE, rr_hostname); 2206 _PATH_HOST_DSA_KEY_FILE, rr_hostname);
2207 n += do_print_resource_record(pw,
2208 _PATH_HOST_ECDSA_KEY_FILE, rr_hostname);
2195 2209
2196 if (n == 0) 2210 if (n == 0)
2197 fatal("no keys found."); 2211 fatal("no keys found.");
@@ -2234,8 +2248,8 @@ main(int argc, char **argv)
2234 fatal("Couldn't open moduli file \"%s\": %s", 2248 fatal("Couldn't open moduli file \"%s\": %s",
2235 out_file, strerror(errno)); 2249 out_file, strerror(errno));
2236 } 2250 }
2237 if (prime_test(in, out, trials, generator_wanted, checkpoint) 2251 if (prime_test(in, out, trials, generator_wanted, checkpoint,
2238 != 0) 2252 start_lineno, lines_to_process) != 0)
2239 fatal("modulus screening failed"); 2253 fatal("modulus screening failed");
2240 return (0); 2254 return (0);
2241 } 2255 }