tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream commit 

wrap all moduli-related code in #ifdef WITH_OPENSSL.
 based on patch from Reuben Hawkins; bz#2388 feedback and ok dtucker@

Upstream-ID: d80cfc8be3e6ec65b3fac9e87c4466533b31b7cf
This commit is contained in:
djm@openbsd.org 2015-05-28 07:37:31 +00:00 committed by Damien Miller
parent 496aeb25bc
commit 1d9a2e2849
1 changed files with 37 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
ssh-keygen.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keygen.c,v 1.273 2015/05/28 04:40:13 djm Exp $ */ /* $OpenBSD: ssh-keygen.c,v 1.274 2015/05/28 07:37:31 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -180,16 +180,18 @@ extern char *__progname;
char hostname[NI_MAXHOST]; char hostname[NI_MAXHOST];
#ifdef WITH_OPENSSL
/* moduli.c */ /* moduli.c */
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
unsigned long); unsigned long);
#endif
static void static void
type_bits_valid(int type, const char *name, u_int32_t *bitsp) type_bits_valid(int type, const char *name, u_int32_t *bitsp)
{ {
#ifdef WITH_OPENSSL #ifdef WITH_OPENSSL
u_int maxbits, nid; u_int maxbits, nid;
#endif #endif
if (type == KEY_UNSPEC) if (type == KEY_UNSPEC)
@ -2196,9 +2198,11 @@ usage(void)
" ssh-keygen -H [-f known_hosts_file]\n" " ssh-keygen -H [-f known_hosts_file]\n"
" ssh-keygen -R hostname [-f known_hosts_file]\n" " ssh-keygen -R hostname [-f known_hosts_file]\n"
" ssh-keygen -r hostname [-f input_keyfile] [-g]\n" " ssh-keygen -r hostname [-f input_keyfile] [-g]\n"
#ifdef WITH_OPENSSL
" ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n" " ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n"
" ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n" " ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n"
" [-j start_line] [-K checkpt] [-W generator]\n" " [-j start_line] [-K checkpt] [-W generator]\n"
#endif
" ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n" " ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n"
" [-O option] [-V validity_interval] [-z serial_number] file ...\n" " [-O option] [-V validity_interval] [-z serial_number] file ...\n"
" ssh-keygen -L [-f input_keyfile]\n" " ssh-keygen -L [-f input_keyfile]\n"
@ -2216,19 +2220,22 @@ int
main(int argc, char **argv) main(int argc, char **argv)
{ {
char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2; char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2;
char *checkpoint = NULL; char *rr_hostname = NULL, *ep, *fp, *ra;
char out_file[PATH_MAX], *rr_hostname = NULL, *ep, *fp, *ra;
struct sshkey *private, *public; struct sshkey *private, *public;
struct passwd *pw; struct passwd *pw;
struct stat st; struct stat st;
int r, opt, type, fd; int r, opt, type, fd;
u_int32_t memory = 0, generator_wanted = 0;
int do_gen_candidates = 0, do_screen_candidates = 0;
int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
unsigned long start_lineno = 0, lines_to_process = 0;
BIGNUM *start = NULL;
FILE *f; FILE *f;
const char *errstr; const char *errstr;
#ifdef WITH_OPENSSL
/* Moduli generation/screening */
char out_file[PATH_MAX], *checkpoint = NULL;
u_int32_t memory = 0, generator_wanted = 0;
int do_gen_candidates = 0, do_screen_candidates = 0;
unsigned long start_lineno = 0, lines_to_process = 0;
BIGNUM *start = NULL;
#endif
extern int optind; extern int optind;
extern char *optarg; extern char *optarg;
@ -2281,12 +2288,6 @@ main(int argc, char **argv)
case 'I': case 'I':
cert_key_id = optarg; cert_key_id = optarg;
break; break;
case 'J':
lines_to_process = strtoul(optarg, NULL, 10);
break;
case 'j':
start_lineno = strtoul(optarg, NULL, 10);
break;
case 'R': case 'R':
delete_host = 1; delete_host = 1;
rr_hostname = optarg; rr_hostname = optarg;
@ -2328,8 +2329,8 @@ main(int argc, char **argv)
change_comment = 1; change_comment = 1;
break; break;
case 'f': case 'f':
if (strlcpy(identity_file, optarg, sizeof(identity_file)) >= if (strlcpy(identity_file, optarg,
sizeof(identity_file)) sizeof(identity_file)) >= sizeof(identity_file))
fatal("Identity filename too long"); fatal("Identity filename too long");
have_identity = 1; have_identity = 1;
break; break;
@ -2401,6 +2402,24 @@ main(int argc, char **argv)
case 'r': case 'r':
rr_hostname = optarg; rr_hostname = optarg;
break; break;
case 'a':
rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr);
if (errstr)
fatal("Invalid number: %s (%s)",
optarg, errstr);
break;
case 'V':
parse_cert_times(optarg);
break;
case 'z':
errno = 0;
cert_serial = strtoull(optarg, &ep, 10);
if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
(errno == ERANGE && cert_serial == ULLONG_MAX))
fatal("Invalid serial number \"%s\"", optarg);
break;
#ifdef WITH_OPENSSL
/* Moduli generation/screening */
case 'W': case 'W':
generator_wanted = (u_int32_t)strtonum(optarg, 1, generator_wanted = (u_int32_t)strtonum(optarg, 1,
UINT_MAX, &errstr); UINT_MAX, &errstr);
@ -2408,13 +2427,6 @@ main(int argc, char **argv)
fatal("Desired generator has bad value: %s (%s)", fatal("Desired generator has bad value: %s (%s)",
optarg, errstr); optarg, errstr);
break; break;
case 'a':
rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr);
if (errstr)
fatal("Invalid number: %s (%s)",
optarg, errstr);
break;
#ifdef WITH_OPENSSL
case 'M': case 'M':
memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr); memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr);
if (errstr) if (errstr)
@ -2443,16 +2455,6 @@ main(int argc, char **argv)
fatal("Invalid start point."); fatal("Invalid start point.");
break; break;
#endif /* WITH_OPENSSL */ #endif /* WITH_OPENSSL */
case 'V':
parse_cert_times(optarg);
break;
case 'z':
errno = 0;
cert_serial = strtoull(optarg, &ep, 10);
if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
(errno == ERANGE && cert_serial == ULLONG_MAX))
fatal("Invalid serial number \"%s\"", optarg);
break;
case '?': case '?':
default: default:
usage(); usage();
@ -2540,6 +2542,7 @@ main(int argc, char **argv)
} }
} }
#ifdef WITH_OPENSSL
if (do_gen_candidates) { if (do_gen_candidates) {
FILE *out = fopen(out_file, "w"); FILE *out = fopen(out_file, "w");
@ -2579,6 +2582,7 @@ main(int argc, char **argv)
fatal("modulus screening failed"); fatal("modulus screening failed");
return (0); return (0);
} }
#endif
if (gen_all_hostkeys) { if (gen_all_hostkeys) {
do_gen_all_hostkeys(pw); do_gen_all_hostkeys(pw);