diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2014-04-29 18:01:50 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2014-04-29 18:01:50 +0000 |
| commit | 37790797bff794cb8568109494b4219ce0efe114 (patch) | |
| tree | fd18910fac16eb18b0335b454f721e19ab10476f /usr.bin/ssh/ssh-keygen.c | |
| parent | 5f95fb61bf8bbcc318d67e4081c9fb35a7df925e (diff) | |
make compiling against OpenSSL optional (make OPENSSL=no);
reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
allows us to explore further options; with and ok djm
Diffstat (limited to 'usr.bin/ssh/ssh-keygen.c')
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index acb6f0d5cca..08ac3428e36 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.245 2014/04/28 03:09:18 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.246 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -190,6 +190,7 @@ type_bits_valid(int type, u_int32_t *bitsp) fprintf(stderr, "key bits exceeds maximum %d\n", maxbits); exit(1); } +#ifdef WITH_OPENSSL if (type == KEY_DSA && *bitsp != 1024) fatal("DSA keys must be 1024 bits"); else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) @@ -197,6 +198,7 @@ type_bits_valid(int type, u_int32_t *bitsp) else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1) fatal("Invalid ECDSA key length - valid lengths are " "256, 384 or 521 bits"); +#endif } static void @@ -271,6 +273,7 @@ load_identity(char *filename) #define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----" #define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb +#ifdef WITH_OPENSSL static void do_convert_to_ssh2(struct passwd *pw, Key *k) { @@ -698,6 +701,7 @@ do_convert_from(struct passwd *pw) key_free(k); exit(0); } +#endif static void do_print_public(struct passwd *pw) @@ -1574,7 +1578,9 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) } } +#ifdef ENABLE_PKCS11 pkcs11_init(1); +#endif tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); if (pkcs11provider != NULL) { if ((ca = load_pkcs11_key(tmp)) == NULL) @@ -1657,7 +1663,9 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) key_free(public); free(out); } +#ifdef ENABLE_PKCS11 pkcs11_terminate(); +#endif exit(0); } @@ -1908,6 +1916,7 @@ do_show_cert(struct passwd *pw) exit(0); } +#ifdef WITH_OPENSSL static void load_krl(const char *path, struct ssh_krl **krlp) { @@ -2130,6 +2139,7 @@ do_check_krl(struct passwd *pw, int argc, char **argv) ssh_krl_free(krl); exit(ret); } +#endif static void usage(void) @@ -2429,6 +2439,7 @@ main(int argc, char **argv) printf("Cannot use -l with -H or -R.\n"); usage(); } +#ifdef WITH_OPENSSL if (gen_krl) { do_gen_krl(pw, update_krl, argc, argv); return (0); @@ -2437,6 +2448,7 @@ main(int argc, char **argv) do_check_krl(pw, argc, argv); return (0); } +#endif if (ca_key_path != NULL) { if (cert_key_id == NULL) fatal("Must specify key id (-I) when certifying"); @@ -2454,10 +2466,12 @@ main(int argc, char **argv) do_change_passphrase(pw); if (change_comment) do_change_comment(pw); +#ifdef WITH_OPENSSL if (convert_to) do_convert_to(pw); if (convert_from) do_convert_from(pw); +#endif if (print_public) do_print_public(pw); if (rr_hostname != NULL) { |