diff options
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 8daea7f76..75f8e2e09 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -19,9 +19,11 @@ | |||
19 | #include <sys/stat.h> | 19 | #include <sys/stat.h> |
20 | #include <sys/param.h> | 20 | #include <sys/param.h> |
21 | 21 | ||
22 | #ifdef WITH_OPENSSL | ||
22 | #include <openssl/evp.h> | 23 | #include <openssl/evp.h> |
23 | #include <openssl/pem.h> | 24 | #include <openssl/pem.h> |
24 | #include "openbsd-compat/openssl-compat.h" | 25 | #include "openbsd-compat/openssl-compat.h" |
26 | #endif | ||
25 | 27 | ||
26 | #include <errno.h> | 28 | #include <errno.h> |
27 | #include <fcntl.h> | 29 | #include <fcntl.h> |
@@ -179,7 +181,9 @@ int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, | |||
179 | static void | 181 | static void |
180 | type_bits_valid(int type, u_int32_t *bitsp) | 182 | type_bits_valid(int type, u_int32_t *bitsp) |
181 | { | 183 | { |
184 | #ifdef WITH_OPENSSL | ||
182 | u_int maxbits; | 185 | u_int maxbits; |
186 | #endif | ||
183 | 187 | ||
184 | if (type == KEY_UNSPEC) { | 188 | if (type == KEY_UNSPEC) { |
185 | fprintf(stderr, "unknown key type %s\n", key_type_name); | 189 | fprintf(stderr, "unknown key type %s\n", key_type_name); |
@@ -193,13 +197,13 @@ type_bits_valid(int type, u_int32_t *bitsp) | |||
193 | else | 197 | else |
194 | *bitsp = DEFAULT_BITS; | 198 | *bitsp = DEFAULT_BITS; |
195 | } | 199 | } |
200 | #ifdef WITH_OPENSSL | ||
196 | maxbits = (type == KEY_DSA) ? | 201 | maxbits = (type == KEY_DSA) ? |
197 | OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; | 202 | OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; |
198 | if (*bitsp > maxbits) { | 203 | if (*bitsp > maxbits) { |
199 | fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); | 204 | fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); |
200 | exit(1); | 205 | exit(1); |
201 | } | 206 | } |
202 | #ifdef WITH_OPENSSL | ||
203 | if (type == KEY_DSA && *bitsp != 1024) | 207 | if (type == KEY_DSA && *bitsp != 1024) |
204 | fatal("DSA keys must be 1024 bits"); | 208 | fatal("DSA keys must be 1024 bits"); |
205 | else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) | 209 | else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) |
@@ -2102,10 +2106,12 @@ update_krl_from_file(struct passwd *pw, const char *file, const Key *ca, | |||
2102 | fclose(krl_spec); | 2106 | fclose(krl_spec); |
2103 | free(path); | 2107 | free(path); |
2104 | } | 2108 | } |
2109 | #endif /* WITH_OPENSSL */ | ||
2105 | 2110 | ||
2106 | static void | 2111 | static void |
2107 | do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) | 2112 | do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) |
2108 | { | 2113 | { |
2114 | #ifdef WITH_OPENSSL | ||
2109 | struct ssh_krl *krl; | 2115 | struct ssh_krl *krl; |
2110 | struct stat sb; | 2116 | struct stat sb; |
2111 | Key *ca = NULL; | 2117 | Key *ca = NULL; |
@@ -2155,11 +2161,15 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) | |||
2155 | ssh_krl_free(krl); | 2161 | ssh_krl_free(krl); |
2156 | if (ca != NULL) | 2162 | if (ca != NULL) |
2157 | key_free(ca); | 2163 | key_free(ca); |
2164 | #else /* WITH_OPENSSL */ | ||
2165 | fatal("KRLs not supported without OpenSSL"); | ||
2166 | #endif /* WITH_OPENSSL */ | ||
2158 | } | 2167 | } |
2159 | 2168 | ||
2160 | static void | 2169 | static void |
2161 | do_check_krl(struct passwd *pw, int argc, char **argv) | 2170 | do_check_krl(struct passwd *pw, int argc, char **argv) |
2162 | { | 2171 | { |
2172 | #ifdef WITH_OPENSSL | ||
2163 | int i, r, ret = 0; | 2173 | int i, r, ret = 0; |
2164 | char *comment; | 2174 | char *comment; |
2165 | struct ssh_krl *krl; | 2175 | struct ssh_krl *krl; |
@@ -2182,8 +2192,10 @@ do_check_krl(struct passwd *pw, int argc, char **argv) | |||
2182 | } | 2192 | } |
2183 | ssh_krl_free(krl); | 2193 | ssh_krl_free(krl); |
2184 | exit(ret); | 2194 | exit(ret); |
2195 | #else /* WITH_OPENSSL */ | ||
2196 | fatal("KRLs not supported without OpenSSL"); | ||
2197 | #endif /* WITH_OPENSSL */ | ||
2185 | } | 2198 | } |
2186 | #endif | ||
2187 | 2199 | ||
2188 | static void | 2200 | static void |
2189 | usage(void) | 2201 | usage(void) |
@@ -2249,7 +2261,9 @@ main(int argc, char **argv) | |||
2249 | 2261 | ||
2250 | __progname = ssh_get_progname(argv[0]); | 2262 | __progname = ssh_get_progname(argv[0]); |
2251 | 2263 | ||
2264 | #ifdef WITH_OPENSSL | ||
2252 | OpenSSL_add_all_algorithms(); | 2265 | OpenSSL_add_all_algorithms(); |
2266 | #endif | ||
2253 | log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); | 2267 | log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); |
2254 | 2268 | ||
2255 | seed_rng(); | 2269 | seed_rng(); |
@@ -2427,6 +2441,7 @@ main(int argc, char **argv) | |||
2427 | fatal("Invalid number: %s (%s)", | 2441 | fatal("Invalid number: %s (%s)", |
2428 | optarg, errstr); | 2442 | optarg, errstr); |
2429 | break; | 2443 | break; |
2444 | #ifdef WITH_OPENSSL | ||
2430 | case 'M': | 2445 | case 'M': |
2431 | memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr); | 2446 | memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr); |
2432 | if (errstr) | 2447 | if (errstr) |
@@ -2454,6 +2469,7 @@ main(int argc, char **argv) | |||
2454 | if (BN_hex2bn(&start, optarg) == 0) | 2469 | if (BN_hex2bn(&start, optarg) == 0) |
2455 | fatal("Invalid start point."); | 2470 | fatal("Invalid start point."); |
2456 | break; | 2471 | break; |
2472 | #endif /* WITH_OPENSSL */ | ||
2457 | case 'V': | 2473 | case 'V': |
2458 | parse_cert_times(optarg); | 2474 | parse_cert_times(optarg); |
2459 | break; | 2475 | break; |
@@ -2493,7 +2509,6 @@ main(int argc, char **argv) | |||
2493 | printf("Cannot use -l with -H or -R.\n"); | 2509 | printf("Cannot use -l with -H or -R.\n"); |
2494 | usage(); | 2510 | usage(); |
2495 | } | 2511 | } |
2496 | #ifdef WITH_OPENSSL | ||
2497 | if (gen_krl) { | 2512 | if (gen_krl) { |
2498 | do_gen_krl(pw, update_krl, argc, argv); | 2513 | do_gen_krl(pw, update_krl, argc, argv); |
2499 | return (0); | 2514 | return (0); |
@@ -2502,7 +2517,6 @@ main(int argc, char **argv) | |||
2502 | do_check_krl(pw, argc, argv); | 2517 | do_check_krl(pw, argc, argv); |
2503 | return (0); | 2518 | return (0); |
2504 | } | 2519 | } |
2505 | #endif | ||
2506 | if (ca_key_path != NULL) { | 2520 | if (ca_key_path != NULL) { |
2507 | if (cert_key_id == NULL) | 2521 | if (cert_key_id == NULL) |
2508 | fatal("Must specify key id (-I) when certifying"); | 2522 | fatal("Must specify key id (-I) when certifying"); |