summaryrefslogtreecommitdiff
path: root/ssh-keygen.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r--ssh-keygen.c22
1 files changed, 18 insertions, 4 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 8daea7f76..75f8e2e09 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -19,9 +19,11 @@
19#include <sys/stat.h> 19#include <sys/stat.h>
20#include <sys/param.h> 20#include <sys/param.h>
21 21
22#ifdef WITH_OPENSSL
22#include <openssl/evp.h> 23#include <openssl/evp.h>
23#include <openssl/pem.h> 24#include <openssl/pem.h>
24#include "openbsd-compat/openssl-compat.h" 25#include "openbsd-compat/openssl-compat.h"
26#endif
25 27
26#include <errno.h> 28#include <errno.h>
27#include <fcntl.h> 29#include <fcntl.h>
@@ -179,7 +181,9 @@ int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
179static void 181static void
180type_bits_valid(int type, u_int32_t *bitsp) 182type_bits_valid(int type, u_int32_t *bitsp)
181{ 183{
184#ifdef WITH_OPENSSL
182 u_int maxbits; 185 u_int maxbits;
186#endif
183 187
184 if (type == KEY_UNSPEC) { 188 if (type == KEY_UNSPEC) {
185 fprintf(stderr, "unknown key type %s\n", key_type_name); 189 fprintf(stderr, "unknown key type %s\n", key_type_name);
@@ -193,13 +197,13 @@ type_bits_valid(int type, u_int32_t *bitsp)
193 else 197 else
194 *bitsp = DEFAULT_BITS; 198 *bitsp = DEFAULT_BITS;
195 } 199 }
200#ifdef WITH_OPENSSL
196 maxbits = (type == KEY_DSA) ? 201 maxbits = (type == KEY_DSA) ?
197 OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; 202 OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
198 if (*bitsp > maxbits) { 203 if (*bitsp > maxbits) {
199 fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); 204 fprintf(stderr, "key bits exceeds maximum %d\n", maxbits);
200 exit(1); 205 exit(1);
201 } 206 }
202#ifdef WITH_OPENSSL
203 if (type == KEY_DSA && *bitsp != 1024) 207 if (type == KEY_DSA && *bitsp != 1024)
204 fatal("DSA keys must be 1024 bits"); 208 fatal("DSA keys must be 1024 bits");
205 else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) 209 else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)
@@ -2102,10 +2106,12 @@ update_krl_from_file(struct passwd *pw, const char *file, const Key *ca,
2102 fclose(krl_spec); 2106 fclose(krl_spec);
2103 free(path); 2107 free(path);
2104} 2108}
2109#endif /* WITH_OPENSSL */
2105 2110
2106static void 2111static void
2107do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) 2112do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
2108{ 2113{
2114#ifdef WITH_OPENSSL
2109 struct ssh_krl *krl; 2115 struct ssh_krl *krl;
2110 struct stat sb; 2116 struct stat sb;
2111 Key *ca = NULL; 2117 Key *ca = NULL;
@@ -2155,11 +2161,15 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
2155 ssh_krl_free(krl); 2161 ssh_krl_free(krl);
2156 if (ca != NULL) 2162 if (ca != NULL)
2157 key_free(ca); 2163 key_free(ca);
2164#else /* WITH_OPENSSL */
2165 fatal("KRLs not supported without OpenSSL");
2166#endif /* WITH_OPENSSL */
2158} 2167}
2159 2168
2160static void 2169static void
2161do_check_krl(struct passwd *pw, int argc, char **argv) 2170do_check_krl(struct passwd *pw, int argc, char **argv)
2162{ 2171{
2172#ifdef WITH_OPENSSL
2163 int i, r, ret = 0; 2173 int i, r, ret = 0;
2164 char *comment; 2174 char *comment;
2165 struct ssh_krl *krl; 2175 struct ssh_krl *krl;
@@ -2182,8 +2192,10 @@ do_check_krl(struct passwd *pw, int argc, char **argv)
2182 } 2192 }
2183 ssh_krl_free(krl); 2193 ssh_krl_free(krl);
2184 exit(ret); 2194 exit(ret);
2195#else /* WITH_OPENSSL */
2196 fatal("KRLs not supported without OpenSSL");
2197#endif /* WITH_OPENSSL */
2185} 2198}
2186#endif
2187 2199
2188static void 2200static void
2189usage(void) 2201usage(void)
@@ -2249,7 +2261,9 @@ main(int argc, char **argv)
2249 2261
2250 __progname = ssh_get_progname(argv[0]); 2262 __progname = ssh_get_progname(argv[0]);
2251 2263
2264#ifdef WITH_OPENSSL
2252 OpenSSL_add_all_algorithms(); 2265 OpenSSL_add_all_algorithms();
2266#endif
2253 log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); 2267 log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
2254 2268
2255 seed_rng(); 2269 seed_rng();
@@ -2427,6 +2441,7 @@ main(int argc, char **argv)
2427 fatal("Invalid number: %s (%s)", 2441 fatal("Invalid number: %s (%s)",
2428 optarg, errstr); 2442 optarg, errstr);
2429 break; 2443 break;
2444#ifdef WITH_OPENSSL
2430 case 'M': 2445 case 'M':
2431 memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr); 2446 memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr);
2432 if (errstr) 2447 if (errstr)
@@ -2454,6 +2469,7 @@ main(int argc, char **argv)
2454 if (BN_hex2bn(&start, optarg) == 0) 2469 if (BN_hex2bn(&start, optarg) == 0)
2455 fatal("Invalid start point."); 2470 fatal("Invalid start point.");
2456 break; 2471 break;
2472#endif /* WITH_OPENSSL */
2457 case 'V': 2473 case 'V':
2458 parse_cert_times(optarg); 2474 parse_cert_times(optarg);
2459 break; 2475 break;
@@ -2493,7 +2509,6 @@ main(int argc, char **argv)
2493 printf("Cannot use -l with -H or -R.\n"); 2509 printf("Cannot use -l with -H or -R.\n");
2494 usage(); 2510 usage();
2495 } 2511 }
2496#ifdef WITH_OPENSSL
2497 if (gen_krl) { 2512 if (gen_krl) {
2498 do_gen_krl(pw, update_krl, argc, argv); 2513 do_gen_krl(pw, update_krl, argc, argv);
2499 return (0); 2514 return (0);
@@ -2502,7 +2517,6 @@ main(int argc, char **argv)
2502 do_check_krl(pw, argc, argv); 2517 do_check_krl(pw, argc, argv);
2503 return (0); 2518 return (0);
2504 } 2519 }
2505#endif
2506 if (ca_key_path != NULL) { 2520 if (ca_key_path != NULL) {
2507 if (cert_key_id == NULL) 2521 if (cert_key_id == NULL)
2508 fatal("Must specify key id (-I) when certifying"); 2522 fatal("Must specify key id (-I) when certifying");
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-27 20:49:20 +0000