diff options
| author | Kim Hagen <user.name> | 2017-02-08 19:51:42 +0100 |
|---|---|---|
| committer | Kim Hagen <user.name> | 2017-02-08 19:51:42 +0100 |
| commit | 9608b691012160836fd0fdcc1c8f9357d89c4de1 (patch) | |
| tree | ca2b0be8720400af2e9349c35c4d81af64c96991 | |
| parent | 33e24e989996ec809e1be696866258ce987cc527 (diff) | |
| download | vyatta-op-vpn-9608b691012160836fd0fdcc1c8f9357d89c4de1.tar.gz vyatta-op-vpn-9608b691012160836fd0fdcc1c8f9357d89c4de1.zip | |
change ipsec newhostkey command with openssl command
5 files changed, 4 insertions, 26 deletions
diff --git a/scripts/gen_local_rsa_key.pl b/scripts/gen_local_rsa_key.pl index ce3f69b..e874316 100755 --- a/scripts/gen_local_rsa_key.pl +++ b/scripts/gen_local_rsa_key.pl @@ -31,20 +31,12 @@ use Vyatta::Misc qw(get_short_config_path); # Defaults my $bits = 2192; -my $device = "/dev/random"; if ($#ARGV > 1) { die "Usage: gen_local_rsa_key.pl <bits> <device>\n"; } $bits = $ARGV[0] if $#ARGV >= 0; -# -# The ipsec newhostkey command seems to support up to -# 20000 bits for key generation, but xorp currently -# can't handle a line that long when entered in the -# config. Xorp seems to be able to handle keys generated -# with up to 5840 bits. -# my ($bits_min, $bits_max) = (16, 4096); if ($bits > $bits_max) { @@ -56,10 +48,6 @@ if ($bits < $bits_min) { if ($bits % 16 != 0) { die "bits=$bits is not a multiple of 16\n"; } -$device = $ARGV[1] if $#ARGV >= 1; -unless (-r $device) { - die "invalid random number device $device\n"; -} my $local_key_file = rsa_get_local_key_file(); @@ -100,13 +88,7 @@ if (-e $temp_key_file) { } } -$cmd = "/usr/lib/ipsec/newhostkey --output $local_key_file --bits $bits"; -# -# The default random number generator is /dev/random, but it will block -# if there isn't enough system activity to provide enough "good" random -# bits. Try /dev/urandom if it's taking too long. -# -$cmd .= " --random $device"; +$cmd = "/usr/bin/openssl genrsa -out $local_key_file $bits"; # when presenting to users, show shortened /config path my $shortened_cfg_path_file = get_short_config_path($local_key_file); diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in b/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in index 2eae9cc..198ec58 100644 --- a/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in +++ b/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in @@ -1,3 +1,3 @@ help: Generate local RSA key with specified number of bits -run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl "$5" /dev/random +run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl "$5" allowed: echo -n '<16-4096>' diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.def b/templates/generate/vpn/rsa-key/bits/node.tag/random/node.def deleted file mode 100644 index 42118b5..0000000 --- a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Generate local RSA key with specified number of bits and random device diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in b/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in deleted file mode 100644 index 81a9633..0000000 --- a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Generate local RSA key with specified number of bits and random device -run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl "$5" "$7" -allowed: echo -n '/dev/random /dev/urandom' diff --git a/templates/generate/vpn/rsa-key/node.def.in b/templates/generate/vpn/rsa-key/node.def.in index 482f32c..eab5a4f 100644 --- a/templates/generate/vpn/rsa-key/node.def.in +++ b/templates/generate/vpn/rsa-key/node.def.in @@ -1,2 +1,2 @@ -help: Generate local RSA key (default: bits=2192 device=/dev/random) -run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl 2192 /dev/random +help: Generate local RSA key (default: bits=2192) +run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl 2192 |