| version 1.269, 2015/04/17 13:19:22 |
version 1.272, 2015/05/21 12:01:19 |
|
|
| static void |
static void |
| type_bits_valid(int type, const char *name, u_int32_t *bitsp) |
type_bits_valid(int type, const char *name, u_int32_t *bitsp) |
| { |
{ |
| |
#ifdef WITH_OPENSSL |
| u_int maxbits, nid; |
u_int maxbits, nid; |
| |
#endif |
| |
|
| if (type == KEY_UNSPEC) |
if (type == KEY_UNSPEC) |
| fatal("unknown key type %s", key_type_name); |
fatal("unknown key type %s", key_type_name); |
| if (*bitsp == 0) { |
if (*bitsp == 0) { |
| |
#ifdef WITH_OPENSSL |
| if (type == KEY_DSA) |
if (type == KEY_DSA) |
| *bitsp = DEFAULT_BITS_DSA; |
*bitsp = DEFAULT_BITS_DSA; |
| else if (type == KEY_ECDSA) { |
else if (type == KEY_ECDSA) { |
|
|
| *bitsp = DEFAULT_BITS_ECDSA; |
*bitsp = DEFAULT_BITS_ECDSA; |
| } |
} |
| else |
else |
| |
#endif |
| *bitsp = DEFAULT_BITS; |
*bitsp = DEFAULT_BITS; |
| } |
} |
| |
#ifdef WITH_OPENSSL |
| maxbits = (type == KEY_DSA) ? |
maxbits = (type == KEY_DSA) ? |
| OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; |
OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; |
| if (*bitsp > maxbits) |
if (*bitsp > maxbits) |
| fatal("key bits exceeds maximum %d", maxbits); |
fatal("key bits exceeds maximum %d", maxbits); |
| #ifdef WITH_OPENSSL |
|
| if (type == KEY_DSA && *bitsp != 1024) |
if (type == KEY_DSA && *bitsp != 1024) |
| fatal("DSA keys must be 1024 bits"); |
fatal("DSA keys must be 1024 bits"); |
| else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) |
else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) |
|
|
| known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) |
known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx) |
| { |
{ |
| struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx; |
struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx; |
| |
enum sshkey_fp_rep rep; |
| |
int fptype; |
| |
char *fp; |
| |
|
| |
fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; |
| |
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; |
| |
|
| if (l->status == HKF_STATUS_MATCHED) { |
if (l->status == HKF_STATUS_MATCHED) { |
| if (delete_host) { |
if (delete_host) { |
| if (l->marker != MRK_NONE) { |
if (l->marker != MRK_NONE) { |
|
|
| } |
} |
| if (hash_hosts) |
if (hash_hosts) |
| known_hosts_hash(l, ctx); |
known_hosts_hash(l, ctx); |
| else |
else if (print_fingerprint) { |
| |
fp = sshkey_fingerprint(l->key, fptype, rep); |
| |
printf("%s %s %s %s\n", ctx->host, |
| |
sshkey_type(l->key), fp, l->comment); |
| |
free(fp); |
| |
} else |
| fprintf(ctx->out, "%s\n", l->line); |
fprintf(ctx->out, "%s\n", l->line); |
| return 0; |
return 0; |
| } |
} |
|
|
| char *cp, tmp[PATH_MAX], old[PATH_MAX]; |
char *cp, tmp[PATH_MAX], old[PATH_MAX]; |
| int r, fd, oerrno, inplace = 0; |
int r, fd, oerrno, inplace = 0; |
| struct known_hosts_ctx ctx; |
struct known_hosts_ctx ctx; |
| |
u_int foreach_options; |
| |
|
| if (!have_identity) { |
if (!have_identity) { |
| cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); |
cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); |
|
|
| } |
} |
| |
|
| /* XXX support identity_file == "-" for stdin */ |
/* XXX support identity_file == "-" for stdin */ |
| |
foreach_options = find_host ? HKF_WANT_MATCH : 0; |
| |
foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0; |
| if ((r = hostkeys_foreach(identity_file, |
if ((r = hostkeys_foreach(identity_file, |
| hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx, |
hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx, |
| name, NULL, find_host ? HKF_WANT_MATCH : 0)) != 0) |
name, NULL, foreach_options)) != 0) |
| fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); |
fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); |
| |
|
| if (inplace) |
if (inplace) |
|
|
| otmp = tmp = xstrdup(cert_principals); |
otmp = tmp = xstrdup(cert_principals); |
| plist = NULL; |
plist = NULL; |
| for (; (cp = strsep(&tmp, ",")) != NULL; n++) { |
for (; (cp = strsep(&tmp, ",")) != NULL; n++) { |
| plist = xrealloc(plist, n + 1, sizeof(*plist)); |
plist = xreallocarray(plist, n + 1, sizeof(*plist)); |
| if (*(plist[n] = xstrdup(cp)) == '\0') |
if (*(plist[n] = xstrdup(cp)) == '\0') |
| fatal("Empty principal name"); |
fatal("Empty principal name"); |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh