diff options
author | Colin Watson <cjwatson@debian.org> | 2012-09-07 00:20:47 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2012-09-07 00:20:47 +0100 |
commit | eab78da6a54225de06271d9c8da650f04a55ed88 (patch) | |
tree | aa258ca77515939f6d89317ff67fbcb0bca08b24 /ssh-keygen.c | |
parent | a26f5de49df59322fde07f7be91b3e3969c9c238 (diff) | |
parent | c6a2c0334e45419875687d250aed9bea78480f2e (diff) |
* New upstream release (http://www.openssh.com/txt/release-6.1).
- Enable pre-auth sandboxing by default for new installs.
- Allow "PermitOpen none" to refuse all port-forwarding requests
(closes: #543683).
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 5fcd3a159..a223ddc81 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.212 2011/10/16 15:02:41 jmc Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.216 2012/07/06 06:38:03 jmc Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -154,7 +154,8 @@ char hostname[MAXHOSTNAMELEN]; | |||
154 | 154 | ||
155 | /* moduli.c */ | 155 | /* moduli.c */ |
156 | int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); | 156 | int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); |
157 | int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *); | 157 | int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, |
158 | unsigned long); | ||
158 | 159 | ||
159 | static void | 160 | static void |
160 | type_bits_valid(int type, u_int32_t *bitsp) | 161 | type_bits_valid(int type, u_int32_t *bitsp) |
@@ -265,6 +266,10 @@ do_convert_to_ssh2(struct passwd *pw, Key *k) | |||
265 | u_char *blob; | 266 | u_char *blob; |
266 | char comment[61]; | 267 | char comment[61]; |
267 | 268 | ||
269 | if (k->type == KEY_RSA1) { | ||
270 | fprintf(stderr, "version 1 keys are not supported\n"); | ||
271 | exit(1); | ||
272 | } | ||
268 | if (key_to_blob(k, &blob, &len) <= 0) { | 273 | if (key_to_blob(k, &blob, &len) <= 0) { |
269 | fprintf(stderr, "key_to_blob failed\n"); | 274 | fprintf(stderr, "key_to_blob failed\n"); |
270 | exit(1); | 275 | exit(1); |
@@ -288,6 +293,7 @@ static void | |||
288 | do_convert_to_pkcs8(Key *k) | 293 | do_convert_to_pkcs8(Key *k) |
289 | { | 294 | { |
290 | switch (key_type_plain(k->type)) { | 295 | switch (key_type_plain(k->type)) { |
296 | case KEY_RSA1: | ||
291 | case KEY_RSA: | 297 | case KEY_RSA: |
292 | if (!PEM_write_RSA_PUBKEY(stdout, k->rsa)) | 298 | if (!PEM_write_RSA_PUBKEY(stdout, k->rsa)) |
293 | fatal("PEM_write_RSA_PUBKEY failed"); | 299 | fatal("PEM_write_RSA_PUBKEY failed"); |
@@ -312,6 +318,7 @@ static void | |||
312 | do_convert_to_pem(Key *k) | 318 | do_convert_to_pem(Key *k) |
313 | { | 319 | { |
314 | switch (key_type_plain(k->type)) { | 320 | switch (key_type_plain(k->type)) { |
321 | case KEY_RSA1: | ||
315 | case KEY_RSA: | 322 | case KEY_RSA: |
316 | if (!PEM_write_RSAPublicKey(stdout, k->rsa)) | 323 | if (!PEM_write_RSAPublicKey(stdout, k->rsa)) |
317 | fatal("PEM_write_RSAPublicKey failed"); | 324 | fatal("PEM_write_RSAPublicKey failed"); |
@@ -345,10 +352,6 @@ do_convert_to(struct passwd *pw) | |||
345 | exit(1); | 352 | exit(1); |
346 | } | 353 | } |
347 | } | 354 | } |
348 | if (k->type == KEY_RSA1) { | ||
349 | fprintf(stderr, "version 1 keys are not supported\n"); | ||
350 | exit(1); | ||
351 | } | ||
352 | 355 | ||
353 | switch (convert_format) { | 356 | switch (convert_format) { |
354 | case FMT_RFC4716: | 357 | case FMT_RFC4716: |
@@ -1886,6 +1889,8 @@ usage(void) | |||
1886 | fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n"); | 1889 | fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n"); |
1887 | fprintf(stderr, " -I key_id Key identifier to include in certificate.\n"); | 1890 | fprintf(stderr, " -I key_id Key identifier to include in certificate.\n"); |
1888 | fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n"); | 1891 | fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n"); |
1892 | fprintf(stderr, " -J number Screen this number of moduli lines.\n"); | ||
1893 | fprintf(stderr, " -j number Start screening moduli at specified line.\n"); | ||
1889 | fprintf(stderr, " -K checkpt Write checkpoints to this file.\n"); | 1894 | fprintf(stderr, " -K checkpt Write checkpoints to this file.\n"); |
1890 | fprintf(stderr, " -L Print the contents of a certificate.\n"); | 1895 | fprintf(stderr, " -L Print the contents of a certificate.\n"); |
1891 | fprintf(stderr, " -l Show fingerprint of key file.\n"); | 1896 | fprintf(stderr, " -l Show fingerprint of key file.\n"); |
@@ -1928,6 +1933,7 @@ main(int argc, char **argv) | |||
1928 | u_int32_t memory = 0, generator_wanted = 0, trials = 100; | 1933 | u_int32_t memory = 0, generator_wanted = 0, trials = 100; |
1929 | int do_gen_candidates = 0, do_screen_candidates = 0; | 1934 | int do_gen_candidates = 0, do_screen_candidates = 0; |
1930 | int gen_all_hostkeys = 0; | 1935 | int gen_all_hostkeys = 0; |
1936 | unsigned long start_lineno = 0, lines_to_process = 0; | ||
1931 | BIGNUM *start = NULL; | 1937 | BIGNUM *start = NULL; |
1932 | FILE *f; | 1938 | FILE *f; |
1933 | const char *errstr; | 1939 | const char *errstr; |
@@ -1956,8 +1962,8 @@ main(int argc, char **argv) | |||
1956 | exit(1); | 1962 | exit(1); |
1957 | } | 1963 | } |
1958 | 1964 | ||
1959 | while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:K:P:m:N:n:" | 1965 | while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:J:j:K:P:" |
1960 | "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) { | 1966 | "m:N:n:O:C:r:g:R:T:G:M:S:s:a:V:W:z")) != -1) { |
1961 | switch (opt) { | 1967 | switch (opt) { |
1962 | case 'A': | 1968 | case 'A': |
1963 | gen_all_hostkeys = 1; | 1969 | gen_all_hostkeys = 1; |
@@ -1978,6 +1984,12 @@ main(int argc, char **argv) | |||
1978 | case 'I': | 1984 | case 'I': |
1979 | cert_key_id = optarg; | 1985 | cert_key_id = optarg; |
1980 | break; | 1986 | break; |
1987 | case 'J': | ||
1988 | lines_to_process = strtoul(optarg, NULL, 10); | ||
1989 | break; | ||
1990 | case 'j': | ||
1991 | start_lineno = strtoul(optarg, NULL, 10); | ||
1992 | break; | ||
1981 | case 'R': | 1993 | case 'R': |
1982 | delete_host = 1; | 1994 | delete_host = 1; |
1983 | rr_hostname = optarg; | 1995 | rr_hostname = optarg; |
@@ -2192,6 +2204,8 @@ main(int argc, char **argv) | |||
2192 | _PATH_HOST_RSA_KEY_FILE, rr_hostname); | 2204 | _PATH_HOST_RSA_KEY_FILE, rr_hostname); |
2193 | n += do_print_resource_record(pw, | 2205 | n += do_print_resource_record(pw, |
2194 | _PATH_HOST_DSA_KEY_FILE, rr_hostname); | 2206 | _PATH_HOST_DSA_KEY_FILE, rr_hostname); |
2207 | n += do_print_resource_record(pw, | ||
2208 | _PATH_HOST_ECDSA_KEY_FILE, rr_hostname); | ||
2195 | 2209 | ||
2196 | if (n == 0) | 2210 | if (n == 0) |
2197 | fatal("no keys found."); | 2211 | fatal("no keys found."); |
@@ -2234,8 +2248,8 @@ main(int argc, char **argv) | |||
2234 | fatal("Couldn't open moduli file \"%s\": %s", | 2248 | fatal("Couldn't open moduli file \"%s\": %s", |
2235 | out_file, strerror(errno)); | 2249 | out_file, strerror(errno)); |
2236 | } | 2250 | } |
2237 | if (prime_test(in, out, trials, generator_wanted, checkpoint) | 2251 | if (prime_test(in, out, trials, generator_wanted, checkpoint, |
2238 | != 0) | 2252 | start_lineno, lines_to_process) != 0) |
2239 | fatal("modulus screening failed"); | 2253 | fatal("modulus screening failed"); |
2240 | return (0); | 2254 | return (0); |
2241 | } | 2255 | } |