| version 1.273, 2015/05/28 04:40:13 |
version 1.274, 2015/05/28 07:37:31 |
|
|
| |
|
| char hostname[NI_MAXHOST]; |
char hostname[NI_MAXHOST]; |
| |
|
| |
#ifdef WITH_OPENSSL |
| /* moduli.c */ |
/* moduli.c */ |
| int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); |
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); |
| int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, |
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, |
| unsigned long); |
unsigned long); |
| |
#endif |
| |
|
| static void |
static void |
| type_bits_valid(int type, const char *name, u_int32_t *bitsp) |
type_bits_valid(int type, const char *name, u_int32_t *bitsp) |
|
|
| " ssh-keygen -H [-f known_hosts_file]\n" |
" ssh-keygen -H [-f known_hosts_file]\n" |
| " ssh-keygen -R hostname [-f known_hosts_file]\n" |
" ssh-keygen -R hostname [-f known_hosts_file]\n" |
| " ssh-keygen -r hostname [-f input_keyfile] [-g]\n" |
" ssh-keygen -r hostname [-f input_keyfile] [-g]\n" |
| |
#ifdef WITH_OPENSSL |
| " ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n" |
" ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n" |
| " ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n" |
" ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n" |
| " [-j start_line] [-K checkpt] [-W generator]\n" |
" [-j start_line] [-K checkpt] [-W generator]\n" |
| |
#endif |
| " ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n" |
" ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n" |
| " [-O option] [-V validity_interval] [-z serial_number] file ...\n" |
" [-O option] [-V validity_interval] [-z serial_number] file ...\n" |
| " ssh-keygen -L [-f input_keyfile]\n" |
" ssh-keygen -L [-f input_keyfile]\n" |
|
|
| main(int argc, char **argv) |
main(int argc, char **argv) |
| { |
{ |
| char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2; |
char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2; |
| char *checkpoint = NULL; |
char *rr_hostname = NULL, *ep, *fp, *ra; |
| char out_file[PATH_MAX], *rr_hostname = NULL, *ep, *fp, *ra; |
|
| struct sshkey *private, *public; |
struct sshkey *private, *public; |
| struct passwd *pw; |
struct passwd *pw; |
| struct stat st; |
struct stat st; |
| int r, opt, type, fd; |
int r, opt, type, fd; |
| |
int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; |
| |
FILE *f; |
| |
const char *errstr; |
| |
#ifdef WITH_OPENSSL |
| |
/* Moduli generation/screening */ |
| |
char out_file[PATH_MAX], *checkpoint = NULL; |
| u_int32_t memory = 0, generator_wanted = 0; |
u_int32_t memory = 0, generator_wanted = 0; |
| int do_gen_candidates = 0, do_screen_candidates = 0; |
int do_gen_candidates = 0, do_screen_candidates = 0; |
| int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; |
|
| unsigned long start_lineno = 0, lines_to_process = 0; |
unsigned long start_lineno = 0, lines_to_process = 0; |
| BIGNUM *start = NULL; |
BIGNUM *start = NULL; |
| FILE *f; |
#endif |
| const char *errstr; |
|
| |
|
| extern int optind; |
extern int optind; |
| extern char *optarg; |
extern char *optarg; |
|
|
| case 'I': |
case 'I': |
| cert_key_id = optarg; |
cert_key_id = optarg; |
| break; |
break; |
| case 'J': |
|
| lines_to_process = strtoul(optarg, NULL, 10); |
|
| break; |
|
| case 'j': |
|
| start_lineno = strtoul(optarg, NULL, 10); |
|
| break; |
|
| case 'R': |
case 'R': |
| delete_host = 1; |
delete_host = 1; |
| rr_hostname = optarg; |
rr_hostname = optarg; |
|
|
| change_comment = 1; |
change_comment = 1; |
| break; |
break; |
| case 'f': |
case 'f': |
| if (strlcpy(identity_file, optarg, sizeof(identity_file)) >= |
if (strlcpy(identity_file, optarg, |
| sizeof(identity_file)) |
sizeof(identity_file)) >= sizeof(identity_file)) |
| fatal("Identity filename too long"); |
fatal("Identity filename too long"); |
| have_identity = 1; |
have_identity = 1; |
| break; |
break; |
|
|
| case 'r': |
case 'r': |
| rr_hostname = optarg; |
rr_hostname = optarg; |
| break; |
break; |
| case 'W': |
|
| generator_wanted = (u_int32_t)strtonum(optarg, 1, |
|
| UINT_MAX, &errstr); |
|
| if (errstr) |
|
| fatal("Desired generator has bad value: %s (%s)", |
|
| optarg, errstr); |
|
| break; |
|
| case 'a': |
case 'a': |
| rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr); |
rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr); |
| if (errstr) |
if (errstr) |
| fatal("Invalid number: %s (%s)", |
fatal("Invalid number: %s (%s)", |
| optarg, errstr); |
optarg, errstr); |
| break; |
break; |
| case 'M': |
case 'V': |
| memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr); |
parse_cert_times(optarg); |
| if (errstr) |
|
| fatal("Memory limit is %s: %s", errstr, optarg); |
|
| break; |
break; |
| |
case 'z': |
| |
errno = 0; |
| |
cert_serial = strtoull(optarg, &ep, 10); |
| |
if (*optarg < '0' || *optarg > '9' || *ep != '\0' || |
| |
(errno == ERANGE && cert_serial == ULLONG_MAX)) |
| |
fatal("Invalid serial number \"%s\"", optarg); |
| |
break; |
| |
#ifdef WITH_OPENSSL |
| |
/* Moduli generation/screening */ |
| case 'G': |
case 'G': |
| do_gen_candidates = 1; |
do_gen_candidates = 1; |
| if (strlcpy(out_file, optarg, sizeof(out_file)) >= |
if (strlcpy(out_file, optarg, sizeof(out_file)) >= |
| sizeof(out_file)) |
sizeof(out_file)) |
| fatal("Output filename too long"); |
fatal("Output filename too long"); |
| break; |
break; |
| case 'T': |
case 'J': |
| do_screen_candidates = 1; |
lines_to_process = strtoul(optarg, NULL, 10); |
| if (strlcpy(out_file, optarg, sizeof(out_file)) >= |
break; |
| sizeof(out_file)) |
case 'j': |
| fatal("Output filename too long"); |
start_lineno = strtoul(optarg, NULL, 10); |
| break; |
break; |
| case 'K': |
case 'K': |
| if (strlen(optarg) >= PATH_MAX) |
if (strlen(optarg) >= PATH_MAX) |
| fatal("Checkpoint filename too long"); |
fatal("Checkpoint filename too long"); |
| checkpoint = xstrdup(optarg); |
checkpoint = xstrdup(optarg); |
| break; |
break; |
| |
case 'M': |
| |
memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, |
| |
&errstr); |
| |
if (errstr) |
| |
fatal("Memory limit is %s: %s", errstr, optarg); |
| |
break; |
| case 'S': |
case 'S': |
| /* XXX - also compare length against bits */ |
/* XXX - also compare length against bits */ |
| if (BN_hex2bn(&start, optarg) == 0) |
if (BN_hex2bn(&start, optarg) == 0) |
| fatal("Invalid start point."); |
fatal("Invalid start point."); |
| break; |
break; |
| case 'V': |
case 'T': |
| parse_cert_times(optarg); |
do_screen_candidates = 1; |
| |
if (strlcpy(out_file, optarg, sizeof(out_file)) >= |
| |
sizeof(out_file)) |
| |
fatal("Output filename too long"); |
| break; |
break; |
| case 'z': |
case 'W': |
| errno = 0; |
generator_wanted = (u_int32_t)strtonum(optarg, 1, |
| cert_serial = strtoull(optarg, &ep, 10); |
UINT_MAX, &errstr); |
| if (*optarg < '0' || *optarg > '9' || *ep != '\0' || |
if (errstr != NULL) |
| (errno == ERANGE && cert_serial == ULLONG_MAX)) |
fatal("Desired generator invalid: %s (%s)", |
| fatal("Invalid serial number \"%s\"", optarg); |
optarg, errstr); |
| break; |
break; |
| |
#endif /* WITH_OPENSSL */ |
| case '?': |
case '?': |
| default: |
default: |
| usage(); |
usage(); |
|
|
| } |
} |
| } |
} |
| |
|
| |
#ifdef WITH_OPENSSL |
| if (do_gen_candidates) { |
if (do_gen_candidates) { |
| FILE *out = fopen(out_file, "w"); |
FILE *out = fopen(out_file, "w"); |
| |
|
|
|
| fatal("modulus screening failed"); |
fatal("modulus screening failed"); |
| return (0); |
return (0); |
| } |
} |
| |
#endif |
| |
|
| if (gen_all_hostkeys) { |
if (gen_all_hostkeys) { |
| do_gen_all_hostkeys(pw); |
do_gen_all_hostkeys(pw); |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh