|
Lines 174-183
extern char *__progname;
Link Here
|
| 174 |
|
174 |
|
| 175 |
char hostname[NI_MAXHOST]; |
175 |
char hostname[NI_MAXHOST]; |
| 176 |
|
176 |
|
|
|
177 |
#ifdef WITH_OPENSSL |
| 177 |
/* moduli.c */ |
178 |
/* moduli.c */ |
| 178 |
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); |
179 |
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); |
| 179 |
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, |
180 |
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, |
| 180 |
unsigned long); |
181 |
unsigned long); |
|
|
182 |
#endif |
| 181 |
|
183 |
|
| 182 |
static void |
184 |
static void |
| 183 |
type_bits_valid(int type, const char *name, u_int32_t *bitsp) |
185 |
type_bits_valid(int type, const char *name, u_int32_t *bitsp) |
|
Lines 2183-2191
usage(void)
Link Here
|
| 2183 |
" ssh-keygen -H [-f known_hosts_file]\n" |
2185 |
" ssh-keygen -H [-f known_hosts_file]\n" |
| 2184 |
" ssh-keygen -R hostname [-f known_hosts_file]\n" |
2186 |
" ssh-keygen -R hostname [-f known_hosts_file]\n" |
| 2185 |
" ssh-keygen -r hostname [-f input_keyfile] [-g]\n" |
2187 |
" ssh-keygen -r hostname [-f input_keyfile] [-g]\n" |
|
|
2188 |
#ifdef WITH_OPENSSL |
| 2186 |
" ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n" |
2189 |
" ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n" |
| 2187 |
" ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n" |
2190 |
" ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n" |
| 2188 |
" [-j start_line] [-K checkpt] [-W generator]\n" |
2191 |
" [-j start_line] [-K checkpt] [-W generator]\n" |
|
|
2192 |
#endif |
| 2189 |
" ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n" |
2193 |
" ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n" |
| 2190 |
" [-O option] [-V validity_interval] [-z serial_number] file ...\n" |
2194 |
" [-O option] [-V validity_interval] [-z serial_number] file ...\n" |
| 2191 |
" ssh-keygen -L [-f input_keyfile]\n" |
2195 |
" ssh-keygen -L [-f input_keyfile]\n" |
|
Lines 2203-2221
int
Link Here
|
| 2203 |
main(int argc, char **argv) |
2207 |
main(int argc, char **argv) |
| 2204 |
{ |
2208 |
{ |
| 2205 |
char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2; |
2209 |
char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2; |
| 2206 |
char *checkpoint = NULL; |
2210 |
char *rr_hostname = NULL, *ep, *fp, *ra; |
| 2207 |
char out_file[PATH_MAX], *rr_hostname = NULL, *ep, *fp, *ra; |
|
|
| 2208 |
struct sshkey *private, *public; |
2211 |
struct sshkey *private, *public; |
| 2209 |
struct passwd *pw; |
2212 |
struct passwd *pw; |
| 2210 |
struct stat st; |
2213 |
struct stat st; |
| 2211 |
int r, opt, type, fd; |
2214 |
int r, opt, type, fd; |
|
|
2215 |
int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; |
| 2216 |
FILE *f; |
| 2217 |
const char *errstr; |
| 2218 |
#ifdef WITH_OPENSSL |
| 2219 |
/* Moduli generation/screening */ |
| 2220 |
char out_file[PATH_MAX], *checkpoint = NULL; |
| 2212 |
u_int32_t memory = 0, generator_wanted = 0; |
2221 |
u_int32_t memory = 0, generator_wanted = 0; |
| 2213 |
int do_gen_candidates = 0, do_screen_candidates = 0; |
2222 |
int do_gen_candidates = 0, do_screen_candidates = 0; |
| 2214 |
int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; |
|
|
| 2215 |
unsigned long start_lineno = 0, lines_to_process = 0; |
2223 |
unsigned long start_lineno = 0, lines_to_process = 0; |
| 2216 |
BIGNUM *start = NULL; |
2224 |
BIGNUM *start = NULL; |
| 2217 |
FILE *f; |
2225 |
#endif |
| 2218 |
const char *errstr; |
|
|
| 2219 |
|
2226 |
|
| 2220 |
extern int optind; |
2227 |
extern int optind; |
| 2221 |
extern char *optarg; |
2228 |
extern char *optarg; |
|
Lines 2262-2273
main(int argc, char **argv)
Link Here
|
| 2262 |
case 'I': |
2269 |
case 'I': |
| 2263 |
cert_key_id = optarg; |
2270 |
cert_key_id = optarg; |
| 2264 |
break; |
2271 |
break; |
| 2265 |
case 'J': |
|
|
| 2266 |
lines_to_process = strtoul(optarg, NULL, 10); |
| 2267 |
break; |
| 2268 |
case 'j': |
| 2269 |
start_lineno = strtoul(optarg, NULL, 10); |
| 2270 |
break; |
| 2271 |
case 'R': |
2272 |
case 'R': |
| 2272 |
delete_host = 1; |
2273 |
delete_host = 1; |
| 2273 |
rr_hostname = optarg; |
2274 |
rr_hostname = optarg; |
|
Lines 2309-2316
main(int argc, char **argv)
Link Here
|
| 2309 |
change_comment = 1; |
2310 |
change_comment = 1; |
| 2310 |
break; |
2311 |
break; |
| 2311 |
case 'f': |
2312 |
case 'f': |
| 2312 |
if (strlcpy(identity_file, optarg, sizeof(identity_file)) >= |
2313 |
if (strlcpy(identity_file, optarg, |
| 2313 |
sizeof(identity_file)) |
2314 |
sizeof(identity_file)) >= sizeof(identity_file)) |
| 2314 |
fatal("Identity filename too long"); |
2315 |
fatal("Identity filename too long"); |
| 2315 |
have_identity = 1; |
2316 |
have_identity = 1; |
| 2316 |
break; |
2317 |
break; |
|
Lines 2382-2437
main(int argc, char **argv)
Link Here
|
| 2382 |
case 'r': |
2383 |
case 'r': |
| 2383 |
rr_hostname = optarg; |
2384 |
rr_hostname = optarg; |
| 2384 |
break; |
2385 |
break; |
| 2385 |
case 'W': |
|
|
| 2386 |
generator_wanted = (u_int32_t)strtonum(optarg, 1, |
| 2387 |
UINT_MAX, &errstr); |
| 2388 |
if (errstr) |
| 2389 |
fatal("Desired generator has bad value: %s (%s)", |
| 2390 |
optarg, errstr); |
| 2391 |
break; |
| 2392 |
case 'a': |
2386 |
case 'a': |
| 2393 |
rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr); |
2387 |
rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr); |
| 2394 |
if (errstr) |
2388 |
if (errstr) |
| 2395 |
fatal("Invalid number: %s (%s)", |
2389 |
fatal("Invalid number: %s (%s)", |
| 2396 |
optarg, errstr); |
2390 |
optarg, errstr); |
| 2397 |
break; |
2391 |
break; |
| 2398 |
case 'M': |
2392 |
case 'V': |
| 2399 |
memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr); |
2393 |
parse_cert_times(optarg); |
| 2400 |
if (errstr) |
|
|
| 2401 |
fatal("Memory limit is %s: %s", errstr, optarg); |
| 2402 |
break; |
2394 |
break; |
|
|
2395 |
case 'z': |
| 2396 |
errno = 0; |
| 2397 |
cert_serial = strtoull(optarg, &ep, 10); |
| 2398 |
if (*optarg < '0' || *optarg > '9' || *ep != '\0' || |
| 2399 |
(errno == ERANGE && cert_serial == ULLONG_MAX)) |
| 2400 |
fatal("Invalid serial number \"%s\"", optarg); |
| 2401 |
break; |
| 2402 |
#ifdef WITH_OPENSSL |
| 2403 |
/* Moduli generation/screening */ |
| 2403 |
case 'G': |
2404 |
case 'G': |
| 2404 |
do_gen_candidates = 1; |
2405 |
do_gen_candidates = 1; |
| 2405 |
if (strlcpy(out_file, optarg, sizeof(out_file)) >= |
2406 |
if (strlcpy(out_file, optarg, sizeof(out_file)) >= |
| 2406 |
sizeof(out_file)) |
2407 |
sizeof(out_file)) |
| 2407 |
fatal("Output filename too long"); |
2408 |
fatal("Output filename too long"); |
| 2408 |
break; |
2409 |
break; |
| 2409 |
case 'T': |
2410 |
case 'J': |
| 2410 |
do_screen_candidates = 1; |
2411 |
lines_to_process = strtoul(optarg, NULL, 10); |
| 2411 |
if (strlcpy(out_file, optarg, sizeof(out_file)) >= |
2412 |
break; |
| 2412 |
sizeof(out_file)) |
2413 |
case 'j': |
| 2413 |
fatal("Output filename too long"); |
2414 |
start_lineno = strtoul(optarg, NULL, 10); |
| 2414 |
break; |
2415 |
break; |
| 2415 |
case 'K': |
2416 |
case 'K': |
| 2416 |
if (strlen(optarg) >= PATH_MAX) |
2417 |
if (strlen(optarg) >= PATH_MAX) |
| 2417 |
fatal("Checkpoint filename too long"); |
2418 |
fatal("Checkpoint filename too long"); |
| 2418 |
checkpoint = xstrdup(optarg); |
2419 |
checkpoint = xstrdup(optarg); |
| 2419 |
break; |
2420 |
break; |
|
|
2421 |
case 'M': |
| 2422 |
memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, |
| 2423 |
&errstr); |
| 2424 |
if (errstr) |
| 2425 |
fatal("Memory limit is %s: %s", errstr, optarg); |
| 2426 |
break; |
| 2427 |
case 'T': |
| 2428 |
do_screen_candidates = 1; |
| 2429 |
if (strlcpy(out_file, optarg, sizeof(out_file)) >= |
| 2430 |
sizeof(out_file)) |
| 2431 |
fatal("Output filename too long"); |
| 2432 |
break; |
| 2420 |
case 'S': |
2433 |
case 'S': |
| 2421 |
/* XXX - also compare length against bits */ |
2434 |
/* XXX - also compare length against bits */ |
| 2422 |
if (BN_hex2bn(&start, optarg) == 0) |
2435 |
if (BN_hex2bn(&start, optarg) == 0) |
| 2423 |
fatal("Invalid start point."); |
2436 |
fatal("Invalid start point."); |
| 2424 |
break; |
2437 |
break; |
| 2425 |
case 'V': |
2438 |
case 'W': |
| 2426 |
parse_cert_times(optarg); |
2439 |
generator_wanted = (u_int32_t)strtonum(optarg, 1, |
| 2427 |
break; |
2440 |
UINT_MAX, &errstr); |
| 2428 |
case 'z': |
2441 |
if (errstr != NULL) |
| 2429 |
errno = 0; |
2442 |
fatal("Desired generator invalid: %s (%s)", |
| 2430 |
cert_serial = strtoull(optarg, &ep, 10); |
2443 |
optarg, errstr); |
| 2431 |
if (*optarg < '0' || *optarg > '9' || *ep != '\0' || |
|
|
| 2432 |
(errno == ERANGE && cert_serial == ULLONG_MAX)) |
| 2433 |
fatal("Invalid serial number \"%s\"", optarg); |
| 2434 |
break; |
2444 |
break; |
|
|
2445 |
#endif /* WITH_OPENSSL */ |
| 2435 |
case '?': |
2446 |
case '?': |
| 2436 |
default: |
2447 |
default: |
| 2437 |
usage(); |
2448 |
usage(); |
|
Lines 2521-2526
main(int argc, char **argv)
Link Here
|
| 2521 |
} |
2532 |
} |
| 2522 |
} |
2533 |
} |
| 2523 |
|
2534 |
|
|
|
2535 |
#ifdef WITH_OPENSSL |
| 2524 |
if (do_gen_candidates) { |
2536 |
if (do_gen_candidates) { |
| 2525 |
FILE *out = fopen(out_file, "w"); |
2537 |
FILE *out = fopen(out_file, "w"); |
| 2526 |
|
2538 |
|
|
Lines 2560-2565
main(int argc, char **argv)
Link Here
|
| 2560 |
fatal("modulus screening failed"); |
2572 |
fatal("modulus screening failed"); |
| 2561 |
return (0); |
2573 |
return (0); |
| 2562 |
} |
2574 |
} |
|
|
2575 |
#endif |
| 2563 |
|
2576 |
|
| 2564 |
if (gen_all_hostkeys) { |
2577 |
if (gen_all_hostkeys) { |
| 2565 |
do_gen_all_hostkeys(pw); |
2578 |
do_gen_all_hostkeys(pw); |