diff options
| author | des <des@FreeBSD.org> | 2005-09-03 06:59:33 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2005-09-03 06:59:33 +0000 |
| commit | 755a16fa864cacbbd9fbefc822011b6741351d8d (patch) | |
| tree | b8088b859d6543143de670740f5c6f7bf4e0b23d /crypto/openssh/ssh-keygen.c | |
| parent | c4dfc1ed3bdacd05d73791b2c8f8b580511a939f (diff) | |
| download | FreeBSD-src-755a16fa864cacbbd9fbefc822011b6741351d8d.zip FreeBSD-src-755a16fa864cacbbd9fbefc822011b6741351d8d.tar.gz | |
Vendor import of OpenSSH 4.2p1.
Diffstat (limited to 'crypto/openssh/ssh-keygen.c')
| -rw-r--r-- | crypto/openssh/ssh-keygen.c | 82 |
1 files changed, 51 insertions, 31 deletions
diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c index 9288550..b178519 100644 --- a/crypto/openssh/ssh-keygen.c +++ b/crypto/openssh/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.122 2005/03/11 14:59:06 markus Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $"); #include <openssl/evp.h> #include <openssl/pem.h> @@ -36,7 +36,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.122 2005/03/11 14:59:06 markus Exp $"); #include "dns.h" /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ -int bits = 1024; +u_int32_t bits = 2048; /* * Flag indicating that we just want to change the passphrase. This can be @@ -90,7 +90,7 @@ extern char *__progname; char hostname[MAXHOSTNAMELEN]; /* moduli.c */ -int gen_candidates(FILE *, int, int, BIGNUM *); +int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); static void @@ -738,7 +738,7 @@ do_known_hosts(struct passwd *pw, const char *name) fprintf(stderr, "WARNING: %s contains unhashed " "entries\n", old); fprintf(stderr, "Delete this file to ensure privacy " - "of hostnames\n"); + "of hostnames\n"); } } @@ -959,31 +959,38 @@ usage(void) { fprintf(stderr, "Usage: %s [options]\n", __progname); fprintf(stderr, "Options:\n"); + fprintf(stderr, " -a trials Number of trials for screening DH-GEX moduli.\n"); + fprintf(stderr, " -B Show bubblebabble digest of key file.\n"); fprintf(stderr, " -b bits Number of bits in the key to create.\n"); + fprintf(stderr, " -C comment Provide new comment.\n"); fprintf(stderr, " -c Change comment in private and public key files.\n"); +#ifdef SMARTCARD + fprintf(stderr, " -D reader Download public key from smartcard.\n"); +#endif /* SMARTCARD */ fprintf(stderr, " -e Convert OpenSSH to IETF SECSH key file.\n"); + fprintf(stderr, " -F hostname Find hostname in known hosts file.\n"); fprintf(stderr, " -f filename Filename of the key file.\n"); + fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n"); fprintf(stderr, " -g Use generic DNS resource record format.\n"); + fprintf(stderr, " -H Hash names in known_hosts file.\n"); fprintf(stderr, " -i Convert IETF SECSH to OpenSSH key file.\n"); fprintf(stderr, " -l Show fingerprint of key file.\n"); - fprintf(stderr, " -p Change passphrase of private key file.\n"); - fprintf(stderr, " -q Quiet.\n"); - fprintf(stderr, " -y Read private key file and print public key.\n"); - fprintf(stderr, " -t type Specify type of key to create.\n"); - fprintf(stderr, " -B Show bubblebabble digest of key file.\n"); - fprintf(stderr, " -H Hash names in known_hosts file\n"); - fprintf(stderr, " -F hostname Find hostname in known hosts file\n"); - fprintf(stderr, " -C comment Provide new comment.\n"); + fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n"); fprintf(stderr, " -N phrase Provide new passphrase.\n"); fprintf(stderr, " -P phrase Provide old passphrase.\n"); + fprintf(stderr, " -p Change passphrase of private key file.\n"); + fprintf(stderr, " -q Quiet.\n"); + fprintf(stderr, " -R hostname Remove host from known_hosts file.\n"); fprintf(stderr, " -r hostname Print DNS resource record.\n"); + fprintf(stderr, " -S start Start point (hex) for generating DH-GEX moduli.\n"); + fprintf(stderr, " -T file Screen candidates for DH-GEX moduli.\n"); + fprintf(stderr, " -t type Specify type of key to create.\n"); #ifdef SMARTCARD - fprintf(stderr, " -D reader Download public key from smartcard.\n"); fprintf(stderr, " -U reader Upload private key to smartcard.\n"); #endif /* SMARTCARD */ - - fprintf(stderr, " -G file Generate candidates for DH-GEX moduli\n"); - fprintf(stderr, " -T file Screen candidates for DH-GEX moduli\n"); + fprintf(stderr, " -v Verbose.\n"); + fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n"); + fprintf(stderr, " -y Read private key file and print public key.\n"); exit(1); } @@ -1000,12 +1007,13 @@ main(int ac, char **av) Key *private, *public; struct passwd *pw; struct stat st; - int opt, type, fd, download = 0, memory = 0; - int generator_wanted = 0, trials = 100; + int opt, type, fd, download = 0; + u_int32_t memory = 0, generator_wanted = 0, trials = 100; int do_gen_candidates = 0, do_screen_candidates = 0; int log_level = SYSLOG_LEVEL_INFO; BIGNUM *start = NULL; FILE *f; + const char *errstr; extern int optind; extern char *optarg; @@ -1033,11 +1041,10 @@ main(int ac, char **av) "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { switch (opt) { case 'b': - bits = atoi(optarg); - if (bits < 512 || bits > 32768) { - printf("Bits has bad value.\n"); - exit(1); - } + bits = strtonum(optarg, 512, 32768, &errstr); + if (errstr) + fatal("Bits has bad value %s (%s)", + optarg, errstr); break; case 'F': find_host = 1; @@ -1063,7 +1070,9 @@ main(int ac, char **av) change_comment = 1; break; case 'f': - strlcpy(identity_file, optarg, sizeof(identity_file)); + if (strlcpy(identity_file, optarg, sizeof(identity_file)) >= + sizeof(identity_file)) + fatal("Identity filename too long"); have_identity = 1; break; case 'g': @@ -1118,23 +1127,34 @@ main(int ac, char **av) rr_hostname = optarg; break; case 'W': - generator_wanted = atoi(optarg); - if (generator_wanted < 1) - fatal("Desired generator has bad value."); + generator_wanted = strtonum(optarg, 1, UINT_MAX, &errstr); + if (errstr) + fatal("Desired generator has bad value: %s (%s)", + optarg, errstr); break; case 'a': - trials = atoi(optarg); + trials = strtonum(optarg, 1, UINT_MAX, &errstr); + if (errstr) + fatal("Invalid number of trials: %s (%s)", + optarg, errstr); break; case 'M': - memory = atoi(optarg); + memory = strtonum(optarg, 1, UINT_MAX, &errstr); + if (errstr) { + fatal("Memory limit is %s: %s", errstr, optarg); + } break; case 'G': do_gen_candidates = 1; - strlcpy(out_file, optarg, sizeof(out_file)); + if (strlcpy(out_file, optarg, sizeof(out_file)) >= + sizeof(out_file)) + fatal("Output filename too long"); break; case 'T': do_screen_candidates = 1; - strlcpy(out_file, optarg, sizeof(out_file)); + if (strlcpy(out_file, optarg, sizeof(out_file)) >= + sizeof(out_file)) + fatal("Output filename too long"); break; case 'S': /* XXX - also compare length against bits */ |
