[openssh-commits] [openssh] 05/05: upstream commit
git+noreply at mindrot.org
git+noreply at mindrot.org
Thu May 28 18:55:11 AEST 2015
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 1d9a2e2849c9864fe75daabf433436341c968e14
Author: djm at openbsd.org <djm at openbsd.org>
Date: Thu May 28 07:37:31 2015 +0000
upstream commit
wrap all moduli-related code in #ifdef WITH_OPENSSL.
based on patch from Reuben Hawkins; bz#2388 feedback and ok dtucker@
Upstream-ID: d80cfc8be3e6ec65b3fac9e87c4466533b31b7cf
---
ssh-keygen.c | 68 ++++++++++++++++++++++++++++++++----------------------------
1 file changed, 36 insertions(+), 32 deletions(-)
diff --git a/ssh-keygen.c b/ssh-keygen.c
index ff1d31b..8259d87 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.273 2015/05/28 04:40:13 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.274 2015/05/28 07:37:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -180,16 +180,18 @@ extern char *__progname;
char hostname[NI_MAXHOST];
+#ifdef WITH_OPENSSL
/* moduli.c */
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
unsigned long);
+#endif
static void
type_bits_valid(int type, const char *name, u_int32_t *bitsp)
{
#ifdef WITH_OPENSSL
- u_int maxbits, nid;
+ u_int maxbits, nid;
#endif
if (type == KEY_UNSPEC)
@@ -2196,9 +2198,11 @@ usage(void)
" ssh-keygen -H [-f known_hosts_file]\n"
" ssh-keygen -R hostname [-f known_hosts_file]\n"
" ssh-keygen -r hostname [-f input_keyfile] [-g]\n"
+#ifdef WITH_OPENSSL
" ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n"
" ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n"
" [-j start_line] [-K checkpt] [-W generator]\n"
+#endif
" ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n"
" [-O option] [-V validity_interval] [-z serial_number] file ...\n"
" ssh-keygen -L [-f input_keyfile]\n"
@@ -2216,19 +2220,22 @@ int
main(int argc, char **argv)
{
char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2;
- char *checkpoint = NULL;
- char out_file[PATH_MAX], *rr_hostname = NULL, *ep, *fp, *ra;
+ char *rr_hostname = NULL, *ep, *fp, *ra;
struct sshkey *private, *public;
struct passwd *pw;
struct stat st;
int r, opt, type, fd;
+ int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
+ FILE *f;
+ const char *errstr;
+#ifdef WITH_OPENSSL
+ /* Moduli generation/screening */
+ char out_file[PATH_MAX], *checkpoint = NULL;
u_int32_t memory = 0, generator_wanted = 0;
int do_gen_candidates = 0, do_screen_candidates = 0;
- int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
unsigned long start_lineno = 0, lines_to_process = 0;
BIGNUM *start = NULL;
- FILE *f;
- const char *errstr;
+#endif
extern int optind;
extern char *optarg;
@@ -2281,12 +2288,6 @@ main(int argc, char **argv)
case 'I':
cert_key_id = optarg;
break;
- case 'J':
- lines_to_process = strtoul(optarg, NULL, 10);
- break;
- case 'j':
- start_lineno = strtoul(optarg, NULL, 10);
- break;
case 'R':
delete_host = 1;
rr_hostname = optarg;
@@ -2328,8 +2329,8 @@ main(int argc, char **argv)
change_comment = 1;
break;
case 'f':
- if (strlcpy(identity_file, optarg, sizeof(identity_file)) >=
- sizeof(identity_file))
+ if (strlcpy(identity_file, optarg,
+ sizeof(identity_file)) >= sizeof(identity_file))
fatal("Identity filename too long");
have_identity = 1;
break;
@@ -2401,6 +2402,24 @@ main(int argc, char **argv)
case 'r':
rr_hostname = optarg;
break;
+ case 'a':
+ rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr);
+ if (errstr)
+ fatal("Invalid number: %s (%s)",
+ optarg, errstr);
+ break;
+ case 'V':
+ parse_cert_times(optarg);
+ break;
+ case 'z':
+ errno = 0;
+ cert_serial = strtoull(optarg, &ep, 10);
+ if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
+ (errno == ERANGE && cert_serial == ULLONG_MAX))
+ fatal("Invalid serial number \"%s\"", optarg);
+ break;
+#ifdef WITH_OPENSSL
+ /* Moduli generation/screening */
case 'W':
generator_wanted = (u_int32_t)strtonum(optarg, 1,
UINT_MAX, &errstr);
@@ -2408,13 +2427,6 @@ main(int argc, char **argv)
fatal("Desired generator has bad value: %s (%s)",
optarg, errstr);
break;
- case 'a':
- rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr);
- if (errstr)
- fatal("Invalid number: %s (%s)",
- optarg, errstr);
- break;
-#ifdef WITH_OPENSSL
case 'M':
memory = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr);
if (errstr)
@@ -2443,16 +2455,6 @@ main(int argc, char **argv)
fatal("Invalid start point.");
break;
#endif /* WITH_OPENSSL */
- case 'V':
- parse_cert_times(optarg);
- break;
- case 'z':
- errno = 0;
- cert_serial = strtoull(optarg, &ep, 10);
- if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
- (errno == ERANGE && cert_serial == ULLONG_MAX))
- fatal("Invalid serial number \"%s\"", optarg);
- break;
case '?':
default:
usage();
@@ -2540,6 +2542,7 @@ main(int argc, char **argv)
}
}
+#ifdef WITH_OPENSSL
if (do_gen_candidates) {
FILE *out = fopen(out_file, "w");
@@ -2579,6 +2582,7 @@ main(int argc, char **argv)
fatal("modulus screening failed");
return (0);
}
+#endif
if (gen_all_hostkeys) {
do_gen_all_hostkeys(pw);
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list