-/* $OpenBSD: ssh-keygen.c,v 1.273 2015/05/28 04:40:13 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.274 2015/05/28 07:37:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
char hostname[NI_MAXHOST];
+#ifdef WITH_OPENSSL
/* moduli.c */
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
unsigned long);
+#endif
static void
type_bits_valid(int type, const char *name, u_int32_t *bitsp)
" ssh-keygen -H [-f known_hosts_file]\n"
" ssh-keygen -R hostname [-f known_hosts_file]\n"
" ssh-keygen -r hostname [-f input_keyfile] [-g]\n"
+#ifdef WITH_OPENSSL
" ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n"
" ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n"
" [-j start_line] [-K checkpt] [-W generator]\n"
+#endif
" ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n"
" [-O option] [-V validity_interval] [-z serial_number] file ...\n"
" ssh-keygen -L [-f input_keyfile]\n"
main(int argc, char **argv)
{
char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2;
- char *checkpoint = NULL;
- char out_file[PATH_MAX], *rr_hostname = NULL, *ep, *fp, *ra;
+ char *rr_hostname = NULL, *ep, *fp, *ra;
struct sshkey *private, *public;
struct passwd *pw;
struct stat st;
int r, opt, type, fd;
+ int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
+ FILE *f;
+ const char *errstr;
+#ifdef WITH_OPENSSL
+ /* Moduli generation/screening */
+ char out_file[PATH_MAX], *checkpoint = NULL;
u_int32_t memory = 0, generator_wanted = 0;
int do_gen_candidates = 0, do_screen_candidates = 0;
- int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
unsigned long start_lineno = 0, lines_to_process = 0;
BIGNUM *start = NULL;
- FILE *f;
- const char *errstr;
+#endif
extern int optind;
extern char *optarg;
case 'I':
cert_key_id = optarg;
break;
- case 'J':
- lines_to_process = strtoul(optarg, NULL, 10);
- break;
- case 'j':
- start_lineno = strtoul(optarg, NULL, 10);
- break;
case 'R':
delete_host = 1;
rr_hostname = optarg;
change_comment = 1;
break;
case 'f':
- if (strlcpy(identity_file, optarg, sizeof(identity_file)) >=
- sizeof(identity_file))
+ if (strlcpy(identity_file, optarg,
+ sizeof(identity_file)) >= sizeof(identity_file))
fatal("Identity filename too long");
have_identity = 1;
break;
case 'r':
rr_hostname = optarg;
break;
- case 'W':
- generator_wanted = (u_int32_t)strtonum(optarg, 1,
- UINT_MAX, &errstr);
- if (errstr)
- fatal("Desired generator has bad value: %s (%s)",
- optarg, errstr);
- break;
case 'a':
rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr);
if (errstr)
fatal("Invalid number: %s (%s)",
optarg, errstr);
break;
- case 'M':
- memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr);
- if (errstr)
- fatal("Memory limit is %s: %s", errstr, optarg);
+ case 'V':
+ parse_cert_times(optarg);
+ break;
+ case 'z':
+ errno = 0;
+ cert_serial = strtoull(optarg, &ep, 10);
+ if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
+ (errno == ERANGE && cert_serial == ULLONG_MAX))
+ fatal("Invalid serial number \"%s\"", optarg);
break;
+#ifdef WITH_OPENSSL
+ /* Moduli generation/screening */
case 'G':
do_gen_candidates = 1;
if (strlcpy(out_file, optarg, sizeof(out_file)) >=
sizeof(out_file))
fatal("Output filename too long");
break;
- case 'T':
- do_screen_candidates = 1;
- if (strlcpy(out_file, optarg, sizeof(out_file)) >=
- sizeof(out_file))
- fatal("Output filename too long");
- break;
+ case 'J':
+ lines_to_process = strtoul(optarg, NULL, 10);
+ break;
+ case 'j':
+ start_lineno = strtoul(optarg, NULL, 10);
+ break;
case 'K':
if (strlen(optarg) >= PATH_MAX)
fatal("Checkpoint filename too long");
checkpoint = xstrdup(optarg);
break;
+ case 'M':
+ memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX,
+ &errstr);
+ if (errstr)
+ fatal("Memory limit is %s: %s", errstr, optarg);
+ break;
case 'S':
/* XXX - also compare length against bits */
if (BN_hex2bn(&start, optarg) == 0)
fatal("Invalid start point.");
break;
- case 'V':
- parse_cert_times(optarg);
+ case 'T':
+ do_screen_candidates = 1;
+ if (strlcpy(out_file, optarg, sizeof(out_file)) >=
+ sizeof(out_file))
+ fatal("Output filename too long");
break;
- case 'z':
- errno = 0;
- cert_serial = strtoull(optarg, &ep, 10);
- if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
- (errno == ERANGE && cert_serial == ULLONG_MAX))
- fatal("Invalid serial number \"%s\"", optarg);
+ case 'W':
+ generator_wanted = (u_int32_t)strtonum(optarg, 1,
+ UINT_MAX, &errstr);
+ if (errstr != NULL)
+ fatal("Desired generator invalid: %s (%s)",
+ optarg, errstr);
break;
+#endif /* WITH_OPENSSL */
case '?':
default:
usage();
}
}
+#ifdef WITH_OPENSSL
if (do_gen_candidates) {
FILE *out = fopen(out_file, "w");
fatal("modulus screening failed");
return (0);
}
+#endif
if (gen_all_hostkeys) {
do_gen_all_hostkeys(pw);
projects / openbsd / commitdiff