version 1.127, 2005/06/08 03:50:00 |
version 1.136, 2006/02/20 17:19:54 |
|
|
#include "includes.h" |
#include "includes.h" |
RCSID("$OpenBSD$"); |
RCSID("$OpenBSD$"); |
|
|
|
#include <sys/types.h> |
|
#include <sys/stat.h> |
|
|
#include <openssl/evp.h> |
#include <openssl/evp.h> |
#include <openssl/pem.h> |
#include <openssl/pem.h> |
|
|
|
|
#endif |
#endif |
#include "dns.h" |
#include "dns.h" |
|
|
/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ |
/* Number of bits in the RSA/DSA key. This value can be set on the command line. */ |
u_int32_t bits = 2048; |
#define DEFAULT_BITS 2048 |
|
#define DEFAULT_BITS_DSA 1024 |
|
u_int32_t bits = 0; |
|
|
/* |
/* |
* Flag indicating that we just want to change the passphrase. This can be |
* Flag indicating that we just want to change the passphrase. This can be |
|
|
fprintf(stderr, "WARNING: %s contains unhashed " |
fprintf(stderr, "WARNING: %s contains unhashed " |
"entries\n", old); |
"entries\n", old); |
fprintf(stderr, "Delete this file to ensure privacy " |
fprintf(stderr, "Delete this file to ensure privacy " |
"of hostnames\n"); |
"of hostnames\n"); |
} |
} |
} |
} |
|
|
|
|
extern int optind; |
extern int optind; |
extern char *optarg; |
extern char *optarg; |
|
|
|
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
|
sanitise_stdfd(); |
|
|
SSLeay_add_all_algorithms(); |
SSLeay_add_all_algorithms(); |
log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); |
log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); |
|
|
|
|
"degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { |
"degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { |
switch (opt) { |
switch (opt) { |
case 'b': |
case 'b': |
bits = strtonum(optarg, 512, 32768, &errstr); |
bits = strtonum(optarg, 768, 32768, &errstr); |
if (errstr) |
if (errstr) |
fatal("Bits has bad value %s (%s)", |
fatal("Bits has bad value %s (%s)", |
optarg, errstr); |
optarg, errstr); |
|
|
out_file, strerror(errno)); |
out_file, strerror(errno)); |
return (1); |
return (1); |
} |
} |
|
if (bits == 0) |
|
bits = DEFAULT_BITS; |
if (gen_candidates(out, memory, bits, start) != 0) |
if (gen_candidates(out, memory, bits, start) != 0) |
fatal("modulus candidate generation failed\n"); |
fatal("modulus candidate generation failed"); |
|
|
return (0); |
return (0); |
} |
} |
|
|
out_file, strerror(errno)); |
out_file, strerror(errno)); |
} |
} |
if (prime_test(in, out, trials, generator_wanted) != 0) |
if (prime_test(in, out, trials, generator_wanted) != 0) |
fatal("modulus screening failed\n"); |
fatal("modulus screening failed"); |
return (0); |
return (0); |
} |
} |
|
|
arc4random_stir(); |
arc4random_stir(); |
|
|
if (key_type_name == NULL) { |
if (key_type_name == NULL) |
printf("You must specify a key type (-t).\n"); |
key_type_name = "rsa"; |
usage(); |
|
} |
|
type = key_type_from_name(key_type_name); |
type = key_type_from_name(key_type_name); |
if (type == KEY_UNSPEC) { |
if (type == KEY_UNSPEC) { |
fprintf(stderr, "unknown key type %s\n", key_type_name); |
fprintf(stderr, "unknown key type %s\n", key_type_name); |
exit(1); |
exit(1); |
} |
} |
|
if (bits == 0) |
|
bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS; |
|
if (type == KEY_DSA && bits != 1024) |
|
fatal("DSA keys must be 1024 bits"); |
if (!quiet) |
if (!quiet) |
printf("Generating public/private %s key pair.\n", key_type_name); |
printf("Generating public/private %s key pair.\n", key_type_name); |
private = key_generate(type, bits); |
private = key_generate(type, bits); |
|
|
if (!have_identity) |
if (!have_identity) |
ask_filename(pw, "Enter file in which to save the key"); |
ask_filename(pw, "Enter file in which to save the key"); |
|
|
/* Create ~/.ssh directory if it doesn\'t already exist. */ |
/* Create ~/.ssh directory if it doesn't already exist. */ |
snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); |
snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); |
if (strstr(identity_file, dotsshdir) != NULL && |
if (strstr(identity_file, dotsshdir) != NULL && |
stat(dotsshdir, &st) < 0) { |
stat(dotsshdir, &st) < 0) { |