version 1.245, 2014/04/28 03:09:18 |
version 1.246, 2014/04/29 18:01:49 |
|
|
fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); |
fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); |
exit(1); |
exit(1); |
} |
} |
|
#ifdef WITH_OPENSSL |
if (type == KEY_DSA && *bitsp != 1024) |
if (type == KEY_DSA && *bitsp != 1024) |
fatal("DSA keys must be 1024 bits"); |
fatal("DSA keys must be 1024 bits"); |
else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) |
else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) |
|
|
else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1) |
else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1) |
fatal("Invalid ECDSA key length - valid lengths are " |
fatal("Invalid ECDSA key length - valid lengths are " |
"256, 384 or 521 bits"); |
"256, 384 or 521 bits"); |
|
#endif |
} |
} |
|
|
static void |
static void |
|
|
#define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----" |
#define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----" |
#define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb |
#define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb |
|
|
|
#ifdef WITH_OPENSSL |
static void |
static void |
do_convert_to_ssh2(struct passwd *pw, Key *k) |
do_convert_to_ssh2(struct passwd *pw, Key *k) |
{ |
{ |
|
|
key_free(k); |
key_free(k); |
exit(0); |
exit(0); |
} |
} |
|
#endif |
|
|
static void |
static void |
do_print_public(struct passwd *pw) |
do_print_public(struct passwd *pw) |
|
|
} |
} |
} |
} |
|
|
|
#ifdef ENABLE_PKCS11 |
pkcs11_init(1); |
pkcs11_init(1); |
|
#endif |
tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); |
tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); |
if (pkcs11provider != NULL) { |
if (pkcs11provider != NULL) { |
if ((ca = load_pkcs11_key(tmp)) == NULL) |
if ((ca = load_pkcs11_key(tmp)) == NULL) |
|
|
key_free(public); |
key_free(public); |
free(out); |
free(out); |
} |
} |
|
#ifdef ENABLE_PKCS11 |
pkcs11_terminate(); |
pkcs11_terminate(); |
|
#endif |
exit(0); |
exit(0); |
} |
} |
|
|
|
|
exit(0); |
exit(0); |
} |
} |
|
|
|
#ifdef WITH_OPENSSL |
static void |
static void |
load_krl(const char *path, struct ssh_krl **krlp) |
load_krl(const char *path, struct ssh_krl **krlp) |
{ |
{ |
|
|
ssh_krl_free(krl); |
ssh_krl_free(krl); |
exit(ret); |
exit(ret); |
} |
} |
|
#endif |
|
|
static void |
static void |
usage(void) |
usage(void) |
|
|
printf("Cannot use -l with -H or -R.\n"); |
printf("Cannot use -l with -H or -R.\n"); |
usage(); |
usage(); |
} |
} |
|
#ifdef WITH_OPENSSL |
if (gen_krl) { |
if (gen_krl) { |
do_gen_krl(pw, update_krl, argc, argv); |
do_gen_krl(pw, update_krl, argc, argv); |
return (0); |
return (0); |
|
|
do_check_krl(pw, argc, argv); |
do_check_krl(pw, argc, argv); |
return (0); |
return (0); |
} |
} |
|
#endif |
if (ca_key_path != NULL) { |
if (ca_key_path != NULL) { |
if (cert_key_id == NULL) |
if (cert_key_id == NULL) |
fatal("Must specify key id (-I) when certifying"); |
fatal("Must specify key id (-I) when certifying"); |
|
|
do_change_passphrase(pw); |
do_change_passphrase(pw); |
if (change_comment) |
if (change_comment) |
do_change_comment(pw); |
do_change_comment(pw); |
|
#ifdef WITH_OPENSSL |
if (convert_to) |
if (convert_to) |
do_convert_to(pw); |
do_convert_to(pw); |
if (convert_from) |
if (convert_from) |
do_convert_from(pw); |
do_convert_from(pw); |
|
#endif |
if (print_public) |
if (print_public) |
do_print_public(pw); |
do_print_public(pw); |
if (rr_hostname != NULL) { |
if (rr_hostname != NULL) { |