src/usr.bin/ssh/ssh-keygen.c - diff

Return to ssh-keygen.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/ssh-keygen.c between version 1.270 and 1.274

version 1.270, 2015/04/24 01:36:01

version 1.274, 2015/05/28 07:37:31

Line 52

#include "ssh-pkcs11.h"

#endif

#ifdef WITH_OPENSSL

# define DEFAULT_KEY_TYPE_NAME "rsa"

#else

# define DEFAULT_KEY_TYPE_NAME "ed25519"

#endif

/* Number of bits in the RSA/DSA key. This value can be set on the command line. */

#define DEFAULT_BITS 2048

#define DEFAULT_BITS_DSA 1024

Line 168

Line 174

char hostname[NI_MAXHOST];

#ifdef WITH_OPENSSL

/* moduli.c */

int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);

int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,

unsigned long);

#endif

static void

type_bits_valid(int type, const char *name, u_int32_t *bitsp)

{

#ifdef WITH_OPENSSL

u_int maxbits, nid;

#endif

if (type == KEY_UNSPEC)

fatal("unknown key type %s", key_type_name);

if (*bitsp == 0) {

#ifdef WITH_OPENSSL

if (type == KEY_DSA)

*bitsp = DEFAULT_BITS_DSA;

else if (type == KEY_ECDSA) {

Line 191

Line 202

*bitsp = DEFAULT_BITS_ECDSA;

}

else

#endif

*bitsp = DEFAULT_BITS;

}

#ifdef WITH_OPENSSL

maxbits = (type == KEY_DSA) ?

OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;

if (*bitsp > maxbits)

fatal("key bits exceeds maximum %d", maxbits);

#ifdef WITH_OPENSSL

if (type == KEY_DSA && *bitsp != 1024)

fatal("DSA keys must be 1024 bits");

else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)

Line 1059

Line 1071

known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)

{

struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;

enum sshkey_fp_rep rep;

int fptype;

char *fp;

fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;

rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;

if (l->status == HKF_STATUS_MATCHED) {

if (delete_host) {

if (l->marker != MRK_NONE) {

Line 1087

Line 1105

}

if (hash_hosts)

known_hosts_hash(l, ctx);

else

else if (print_fingerprint) {

fp = sshkey_fingerprint(l->key, fptype, rep);

printf("%s %s %s %s\n", ctx->host,

sshkey_type(l->key), fp, l->comment);

free(fp);

} else

fprintf(ctx->out, "%s\n", l->line);

return 0;

}

Line 1108

Line 1131

char *cp, tmp[PATH_MAX], old[PATH_MAX];

int r, fd, oerrno, inplace = 0;

struct known_hosts_ctx ctx;

u_int foreach_options;

if (!have_identity) {

cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);

Line 1144

Line 1168

}

/* XXX support identity_file == "-" for stdin */

foreach_options = find_host ? HKF_WANT_MATCH : 0;

foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0;

if ((r = hostkeys_foreach(identity_file,

hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx,

name, NULL, find_host ? HKF_WANT_MATCH : 0)) != 0)

name, NULL, foreach_options)) != 0)

fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));

if (inplace)

Line 2159

Line 2185

" ssh-keygen -H [-f known_hosts_file]\n"

" ssh-keygen -R hostname [-f known_hosts_file]\n"

" ssh-keygen -r hostname [-f input_keyfile] [-g]\n"

#ifdef WITH_OPENSSL

" ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n"

" ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n"

" [-j start_line] [-K checkpt] [-W generator]\n"

#endif

" ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n"

" [-O option] [-V validity_interval] [-z serial_number] file ...\n"

" ssh-keygen -L [-f input_keyfile]\n"

Line 2179

Line 2207

main(int argc, char **argv)

{

char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2;

char *checkpoint = NULL;

char *rr_hostname = NULL, *ep, *fp, *ra;

char out_file[PATH_MAX], *rr_hostname = NULL, *ep, *fp, *ra;

struct sshkey *private, *public;

struct passwd *pw;

struct stat st;

int r, opt, type, fd;

int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;

FILE *f;

const char *errstr;

#ifdef WITH_OPENSSL

/* Moduli generation/screening */

char out_file[PATH_MAX], *checkpoint = NULL;

u_int32_t memory = 0, generator_wanted = 0;

int do_gen_candidates = 0, do_screen_candidates = 0;

int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;

unsigned long start_lineno = 0, lines_to_process = 0;

BIGNUM *start = NULL;

FILE *f;

#endif

const char *errstr;

extern int optind;

extern char *optarg;

Line 2238

Line 2269

case 'I':

cert_key_id = optarg;

break;

case 'J':

lines_to_process = strtoul(optarg, NULL, 10);

break;

case 'j':

start_lineno = strtoul(optarg, NULL, 10);

break;

case 'R':

delete_host = 1;

rr_hostname = optarg;

Line 2285

Line 2310

change_comment = 1;

break;

case 'f':

if (strlcpy(identity_file, optarg, sizeof(identity_file)) >=

if (strlcpy(identity_file, optarg,

sizeof(identity_file))

sizeof(identity_file)) >= sizeof(identity_file))

fatal("Identity filename too long");

have_identity = 1;

break;

Line 2358

Line 2383

case 'r':

rr_hostname = optarg;

break;

case 'W':

generator_wanted = (u_int32_t)strtonum(optarg, 1,

UINT_MAX, &errstr);

if (errstr)

fatal("Desired generator has bad value: %s (%s)",

optarg, errstr);

break;

case 'a':

rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr);

if (errstr)

fatal("Invalid number: %s (%s)",

optarg, errstr);

break;

case 'M':

case 'V':

memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr);

parse_cert_times(optarg);

if (errstr)

fatal("Memory limit is %s: %s", errstr, optarg);

break;

case 'z':

errno = 0;

cert_serial = strtoull(optarg, &ep, 10);

if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||

(errno == ERANGE && cert_serial == ULLONG_MAX))

fatal("Invalid serial number \"%s\"", optarg);

break;

#ifdef WITH_OPENSSL

/* Moduli generation/screening */

case 'G':

do_gen_candidates = 1;

if (strlcpy(out_file, optarg, sizeof(out_file)) >=

sizeof(out_file))

fatal("Output filename too long");

break;

case 'T':

case 'J':

do_screen_candidates = 1;

lines_to_process = strtoul(optarg, NULL, 10);

if (strlcpy(out_file, optarg, sizeof(out_file)) >=

break;

sizeof(out_file))

case 'j':

fatal("Output filename too long");

start_lineno = strtoul(optarg, NULL, 10);

break;

case 'K':

if (strlen(optarg) >= PATH_MAX)

fatal("Checkpoint filename too long");

checkpoint = xstrdup(optarg);

break;

case 'M':

memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX,

&errstr);

if (errstr)

fatal("Memory limit is %s: %s", errstr, optarg);

break;

case 'S':

/* XXX - also compare length against bits */

if (BN_hex2bn(&start, optarg) == 0)

fatal("Invalid start point.");

break;

case 'V':

case 'T':

parse_cert_times(optarg);

do_screen_candidates = 1;

if (strlcpy(out_file, optarg, sizeof(out_file)) >=

sizeof(out_file))

fatal("Output filename too long");

break;

case 'z':

case 'W':

errno = 0;

generator_wanted = (u_int32_t)strtonum(optarg, 1,

cert_serial = strtoull(optarg, &ep, 10);

UINT_MAX, &errstr);

if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||

if (errstr != NULL)

(errno == ERANGE && cert_serial == ULLONG_MAX))

fatal("Desired generator invalid: %s (%s)",

fatal("Invalid serial number \"%s\"", optarg);

optarg, errstr);

break;

#endif /* WITH_OPENSSL */

case '?':

default:

usage();

Line 2497

Line 2532

}

#ifdef WITH_OPENSSL

if (do_gen_candidates) {

FILE *out = fopen(out_file, "w");

Line 2536

Line 2572

fatal("modulus screening failed");

return (0);

}

#endif

if (gen_all_hostkeys) {

do_gen_all_hostkeys(pw);

Line 2543

Line 2580

}

if (key_type_name == NULL)

key_type_name = "rsa";

key_type_name = DEFAULT_KEY_TYPE_NAME;

type = sshkey_type_from_name(key_type_name);

type_bits_valid(type, key_type_name, &bits);