Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14^! / . / ssh-keygen.c
commit1f0311c7c7d10c94ff7f823de9c5b2ed79368b14[log] [tgz]
authorDamien Miller <djm@mindrot.org>Thu May 15 14:24:09 2014 +1000
committerDamien Miller <djm@mindrot.org>Thu May 15 14:24:09 2014 +1000
treeae708c2a25f84a04bcb04f2dbf3e8039e0f692bc
parentc5893785564498cea73cb60d2cf199490483e080 [diff] [blame]
   - markus@cvs.openbsd.org 2014/04/29 18:01:49
     [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
     [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
     [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
     make compiling against OpenSSL optional (make OPENSSL=no);
     reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
     allows us to explore further options; with and ok djm

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 85eaf2e..085f1ec 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.245 2014/04/28 03:09:18 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.246 2014/04/29 18:01:49 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -195,6 +195,7 @@
 		fprintf(stderr, "key bits exceeds maximum %d\n", maxbits);
 		exit(1);
 	}
+#ifdef WITH_OPENSSL
 	if (type == KEY_DSA && *bitsp != 1024)
 		fatal("DSA keys must be 1024 bits");
 	else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)
@@ -202,6 +203,7 @@
 	else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1)
 		fatal("Invalid ECDSA key length - valid lengths are "
 		    "256, 384 or 521 bits");
+#endif
 }
 
 static void
@@ -278,6 +280,7 @@
 #define SSH_COM_PRIVATE_BEGIN		"---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----"
 #define	SSH_COM_PRIVATE_KEY_MAGIC	0x3f6ff9eb
 
+#ifdef WITH_OPENSSL
 static void
 do_convert_to_ssh2(struct passwd *pw, Key *k)
 {
@@ -711,6 +714,7 @@
 	key_free(k);
 	exit(0);
 }
+#endif
 
 static void
 do_print_public(struct passwd *pw)
@@ -1589,7 +1593,9 @@
 		}
 	}
 
+#ifdef ENABLE_PKCS11
 	pkcs11_init(1);
+#endif
 	tmp = tilde_expand_filename(ca_key_path, pw->pw_uid);
 	if (pkcs11provider != NULL) {
 		if ((ca = load_pkcs11_key(tmp)) == NULL)
@@ -1672,7 +1678,9 @@
 		key_free(public);
 		free(out);
 	}
+#ifdef ENABLE_PKCS11
 	pkcs11_terminate();
+#endif
 	exit(0);
 }
 
@@ -1923,6 +1931,7 @@
 	exit(0);
 }
 
+#ifdef WITH_OPENSSL
 static void
 load_krl(const char *path, struct ssh_krl **krlp)
 {
@@ -2145,6 +2154,7 @@
 	ssh_krl_free(krl);
 	exit(ret);
 }
+#endif
 
 static void
 usage(void)
@@ -2448,6 +2458,7 @@
 		printf("Cannot use -l with -H or -R.\n");
 		usage();
 	}
+#ifdef WITH_OPENSSL
 	if (gen_krl) {
 		do_gen_krl(pw, update_krl, argc, argv);
 		return (0);
@@ -2456,6 +2467,7 @@
 		do_check_krl(pw, argc, argv);
 		return (0);
 	}
+#endif
 	if (ca_key_path != NULL) {
 		if (cert_key_id == NULL)
 			fatal("Must specify key id (-I) when certifying");
@@ -2473,10 +2485,12 @@
 		do_change_passphrase(pw);
 	if (change_comment)
 		do_change_comment(pw);
+#ifdef WITH_OPENSSL
 	if (convert_to)
 		do_convert_to(pw);
 	if (convert_from)
 		do_convert_from(pw);
+#endif
 	if (print_public)
 		do_print_public(pw);
 	if (rr_hostname != NULL) {