diff options
Diffstat (limited to 'ssh-keygen.c')
| -rw-r--r-- | ssh-keygen.c | 86 |
1 files changed, 53 insertions, 33 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index a9931d4d8..b17851946 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -12,7 +12,7 @@ | |||
| 12 | */ | 12 | */ |
| 13 | 13 | ||
| 14 | #include "includes.h" | 14 | #include "includes.h" |
| 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.120 2005/03/02 01:27:41 djm Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $"); |
| 16 | 16 | ||
| 17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
| 18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
| @@ -36,7 +36,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.120 2005/03/02 01:27:41 djm Exp $"); | |||
| 36 | #include "dns.h" | 36 | #include "dns.h" |
| 37 | 37 | ||
| 38 | /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ | 38 | /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ |
| 39 | int bits = 1024; | 39 | u_int32_t bits = 2048; |
| 40 | 40 | ||
| 41 | /* | 41 | /* |
| 42 | * Flag indicating that we just want to change the passphrase. This can be | 42 | * Flag indicating that we just want to change the passphrase. This can be |
| @@ -90,7 +90,7 @@ extern char *__progname; | |||
| 90 | char hostname[MAXHOSTNAMELEN]; | 90 | char hostname[MAXHOSTNAMELEN]; |
| 91 | 91 | ||
| 92 | /* moduli.c */ | 92 | /* moduli.c */ |
| 93 | int gen_candidates(FILE *, int, int, BIGNUM *); | 93 | int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); |
| 94 | int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); | 94 | int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); |
| 95 | 95 | ||
| 96 | static void | 96 | static void |
| @@ -684,7 +684,7 @@ do_known_hosts(struct passwd *pw, const char *name) | |||
| 684 | if (delete_host && !c) | 684 | if (delete_host && !c) |
| 685 | print_host(out, cp, public, 0); | 685 | print_host(out, cp, public, 0); |
| 686 | } else if (hash_hosts) { | 686 | } else if (hash_hosts) { |
| 687 | for(cp2 = strsep(&cp, ","); | 687 | for (cp2 = strsep(&cp, ","); |
| 688 | cp2 != NULL && *cp2 != '\0'; | 688 | cp2 != NULL && *cp2 != '\0'; |
| 689 | cp2 = strsep(&cp, ",")) { | 689 | cp2 = strsep(&cp, ",")) { |
| 690 | if (strcspn(cp2, "*?!") != strlen(cp2)) | 690 | if (strcspn(cp2, "*?!") != strlen(cp2)) |
| @@ -707,7 +707,7 @@ do_known_hosts(struct passwd *pw, const char *name) | |||
| 707 | identity_file); | 707 | identity_file); |
| 708 | if (inplace) { | 708 | if (inplace) { |
| 709 | fprintf(stderr, "Not replacing existing known_hosts " | 709 | fprintf(stderr, "Not replacing existing known_hosts " |
| 710 | "file beacuse of errors"); | 710 | "file because of errors\n"); |
| 711 | fclose(out); | 711 | fclose(out); |
| 712 | unlink(tmp); | 712 | unlink(tmp); |
| 713 | } | 713 | } |
| @@ -738,7 +738,7 @@ do_known_hosts(struct passwd *pw, const char *name) | |||
| 738 | fprintf(stderr, "WARNING: %s contains unhashed " | 738 | fprintf(stderr, "WARNING: %s contains unhashed " |
| 739 | "entries\n", old); | 739 | "entries\n", old); |
| 740 | fprintf(stderr, "Delete this file to ensure privacy " | 740 | fprintf(stderr, "Delete this file to ensure privacy " |
| 741 | "of hostnames\n"); | 741 | "of hostnames\n"); |
| 742 | } | 742 | } |
| 743 | } | 743 | } |
| 744 | 744 | ||
| @@ -959,31 +959,38 @@ usage(void) | |||
| 959 | { | 959 | { |
| 960 | fprintf(stderr, "Usage: %s [options]\n", __progname); | 960 | fprintf(stderr, "Usage: %s [options]\n", __progname); |
| 961 | fprintf(stderr, "Options:\n"); | 961 | fprintf(stderr, "Options:\n"); |
| 962 | fprintf(stderr, " -a trials Number of trials for screening DH-GEX moduli.\n"); | ||
| 963 | fprintf(stderr, " -B Show bubblebabble digest of key file.\n"); | ||
| 962 | fprintf(stderr, " -b bits Number of bits in the key to create.\n"); | 964 | fprintf(stderr, " -b bits Number of bits in the key to create.\n"); |
| 965 | fprintf(stderr, " -C comment Provide new comment.\n"); | ||
| 963 | fprintf(stderr, " -c Change comment in private and public key files.\n"); | 966 | fprintf(stderr, " -c Change comment in private and public key files.\n"); |
| 967 | #ifdef SMARTCARD | ||
| 968 | fprintf(stderr, " -D reader Download public key from smartcard.\n"); | ||
| 969 | #endif /* SMARTCARD */ | ||
| 964 | fprintf(stderr, " -e Convert OpenSSH to IETF SECSH key file.\n"); | 970 | fprintf(stderr, " -e Convert OpenSSH to IETF SECSH key file.\n"); |
| 971 | fprintf(stderr, " -F hostname Find hostname in known hosts file.\n"); | ||
| 965 | fprintf(stderr, " -f filename Filename of the key file.\n"); | 972 | fprintf(stderr, " -f filename Filename of the key file.\n"); |
| 973 | fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n"); | ||
| 966 | fprintf(stderr, " -g Use generic DNS resource record format.\n"); | 974 | fprintf(stderr, " -g Use generic DNS resource record format.\n"); |
| 975 | fprintf(stderr, " -H Hash names in known_hosts file.\n"); | ||
| 967 | fprintf(stderr, " -i Convert IETF SECSH to OpenSSH key file.\n"); | 976 | fprintf(stderr, " -i Convert IETF SECSH to OpenSSH key file.\n"); |
| 968 | fprintf(stderr, " -l Show fingerprint of key file.\n"); | 977 | fprintf(stderr, " -l Show fingerprint of key file.\n"); |
| 969 | fprintf(stderr, " -p Change passphrase of private key file.\n"); | 978 | fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n"); |
| 970 | fprintf(stderr, " -q Quiet.\n"); | ||
| 971 | fprintf(stderr, " -y Read private key file and print public key.\n"); | ||
| 972 | fprintf(stderr, " -t type Specify type of key to create.\n"); | ||
| 973 | fprintf(stderr, " -B Show bubblebabble digest of key file.\n"); | ||
| 974 | fprintf(stderr, " -H Hash names in known_hosts file\n"); | ||
| 975 | fprintf(stderr, " -F hostname Find hostname in known hosts file\n"); | ||
| 976 | fprintf(stderr, " -C comment Provide new comment.\n"); | ||
| 977 | fprintf(stderr, " -N phrase Provide new passphrase.\n"); | 979 | fprintf(stderr, " -N phrase Provide new passphrase.\n"); |
| 978 | fprintf(stderr, " -P phrase Provide old passphrase.\n"); | 980 | fprintf(stderr, " -P phrase Provide old passphrase.\n"); |
| 981 | fprintf(stderr, " -p Change passphrase of private key file.\n"); | ||
| 982 | fprintf(stderr, " -q Quiet.\n"); | ||
| 983 | fprintf(stderr, " -R hostname Remove host from known_hosts file.\n"); | ||
| 979 | fprintf(stderr, " -r hostname Print DNS resource record.\n"); | 984 | fprintf(stderr, " -r hostname Print DNS resource record.\n"); |
| 985 | fprintf(stderr, " -S start Start point (hex) for generating DH-GEX moduli.\n"); | ||
| 986 | fprintf(stderr, " -T file Screen candidates for DH-GEX moduli.\n"); | ||
| 987 | fprintf(stderr, " -t type Specify type of key to create.\n"); | ||
| 980 | #ifdef SMARTCARD | 988 | #ifdef SMARTCARD |
| 981 | fprintf(stderr, " -D reader Download public key from smartcard.\n"); | ||
| 982 | fprintf(stderr, " -U reader Upload private key to smartcard.\n"); | 989 | fprintf(stderr, " -U reader Upload private key to smartcard.\n"); |
| 983 | #endif /* SMARTCARD */ | 990 | #endif /* SMARTCARD */ |
| 984 | 991 | fprintf(stderr, " -v Verbose.\n"); | |
| 985 | fprintf(stderr, " -G file Generate candidates for DH-GEX moduli\n"); | 992 | fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n"); |
| 986 | fprintf(stderr, " -T file Screen candidates for DH-GEX moduli\n"); | 993 | fprintf(stderr, " -y Read private key file and print public key.\n"); |
| 987 | 994 | ||
| 988 | exit(1); | 995 | exit(1); |
| 989 | } | 996 | } |
| @@ -1000,12 +1007,13 @@ main(int ac, char **av) | |||
| 1000 | Key *private, *public; | 1007 | Key *private, *public; |
| 1001 | struct passwd *pw; | 1008 | struct passwd *pw; |
| 1002 | struct stat st; | 1009 | struct stat st; |
| 1003 | int opt, type, fd, download = 0, memory = 0; | 1010 | int opt, type, fd, download = 0; |
| 1004 | int generator_wanted = 0, trials = 100; | 1011 | u_int32_t memory = 0, generator_wanted = 0, trials = 100; |
| 1005 | int do_gen_candidates = 0, do_screen_candidates = 0; | 1012 | int do_gen_candidates = 0, do_screen_candidates = 0; |
| 1006 | int log_level = SYSLOG_LEVEL_INFO; | 1013 | int log_level = SYSLOG_LEVEL_INFO; |
| 1007 | BIGNUM *start = NULL; | 1014 | BIGNUM *start = NULL; |
| 1008 | FILE *f; | 1015 | FILE *f; |
| 1016 | const char *errstr; | ||
| 1009 | 1017 | ||
| 1010 | extern int optind; | 1018 | extern int optind; |
| 1011 | extern char *optarg; | 1019 | extern char *optarg; |
| @@ -1033,11 +1041,10 @@ main(int ac, char **av) | |||
| 1033 | "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { | 1041 | "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { |
| 1034 | switch (opt) { | 1042 | switch (opt) { |
| 1035 | case 'b': | 1043 | case 'b': |
| 1036 | bits = atoi(optarg); | 1044 | bits = strtonum(optarg, 512, 32768, &errstr); |
| 1037 | if (bits < 512 || bits > 32768) { | 1045 | if (errstr) |
| 1038 | printf("Bits has bad value.\n"); | 1046 | fatal("Bits has bad value %s (%s)", |
| 1039 | exit(1); | 1047 | optarg, errstr); |
| 1040 | } | ||
| 1041 | break; | 1048 | break; |
| 1042 | case 'F': | 1049 | case 'F': |
| 1043 | find_host = 1; | 1050 | find_host = 1; |
| @@ -1063,7 +1070,9 @@ main(int ac, char **av) | |||
| 1063 | change_comment = 1; | 1070 | change_comment = 1; |
| 1064 | break; | 1071 | break; |
| 1065 | case 'f': | 1072 | case 'f': |
| 1066 | strlcpy(identity_file, optarg, sizeof(identity_file)); | 1073 | if (strlcpy(identity_file, optarg, sizeof(identity_file)) >= |
| 1074 | sizeof(identity_file)) | ||
| 1075 | fatal("Identity filename too long"); | ||
| 1067 | have_identity = 1; | 1076 | have_identity = 1; |
| 1068 | break; | 1077 | break; |
| 1069 | case 'g': | 1078 | case 'g': |
| @@ -1118,23 +1127,34 @@ main(int ac, char **av) | |||
| 1118 | rr_hostname = optarg; | 1127 | rr_hostname = optarg; |
| 1119 | break; | 1128 | break; |
| 1120 | case 'W': | 1129 | case 'W': |
| 1121 | generator_wanted = atoi(optarg); | 1130 | generator_wanted = strtonum(optarg, 1, UINT_MAX, &errstr); |
| 1122 | if (generator_wanted < 1) | 1131 | if (errstr) |
| 1123 | fatal("Desired generator has bad value."); | 1132 | fatal("Desired generator has bad value: %s (%s)", |
| 1133 | optarg, errstr); | ||
| 1124 | break; | 1134 | break; |
| 1125 | case 'a': | 1135 | case 'a': |
| 1126 | trials = atoi(optarg); | 1136 | trials = strtonum(optarg, 1, UINT_MAX, &errstr); |
| 1137 | if (errstr) | ||
| 1138 | fatal("Invalid number of trials: %s (%s)", | ||
| 1139 | optarg, errstr); | ||
| 1127 | break; | 1140 | break; |
| 1128 | case 'M': | 1141 | case 'M': |
| 1129 | memory = atoi(optarg); | 1142 | memory = strtonum(optarg, 1, UINT_MAX, &errstr); |
| 1143 | if (errstr) { | ||
| 1144 | fatal("Memory limit is %s: %s", errstr, optarg); | ||
| 1145 | } | ||
| 1130 | break; | 1146 | break; |
| 1131 | case 'G': | 1147 | case 'G': |
| 1132 | do_gen_candidates = 1; | 1148 | do_gen_candidates = 1; |
| 1133 | strlcpy(out_file, optarg, sizeof(out_file)); | 1149 | if (strlcpy(out_file, optarg, sizeof(out_file)) >= |
| 1150 | sizeof(out_file)) | ||
| 1151 | fatal("Output filename too long"); | ||
| 1134 | break; | 1152 | break; |
| 1135 | case 'T': | 1153 | case 'T': |
| 1136 | do_screen_candidates = 1; | 1154 | do_screen_candidates = 1; |
| 1137 | strlcpy(out_file, optarg, sizeof(out_file)); | 1155 | if (strlcpy(out_file, optarg, sizeof(out_file)) >= |
| 1156 | sizeof(out_file)) | ||
| 1157 | fatal("Output filename too long"); | ||
| 1138 | break; | 1158 | break; |
| 1139 | case 'S': | 1159 | case 'S': |
| 1140 | /* XXX - also compare length against bits */ | 1160 | /* XXX - also compare length against bits */ |