summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xscripts/gen_local_rsa_key.pl20
-rw-r--r--templates/generate/vpn/rsa-key/bits/node.tag/node.def.in2
-rw-r--r--templates/generate/vpn/rsa-key/bits/node.tag/random/node.def1
-rw-r--r--templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in3
-rw-r--r--templates/generate/vpn/rsa-key/node.def.in4
5 files changed, 4 insertions, 26 deletions
diff --git a/scripts/gen_local_rsa_key.pl b/scripts/gen_local_rsa_key.pl
index ce3f69b..e874316 100755
--- a/scripts/gen_local_rsa_key.pl
+++ b/scripts/gen_local_rsa_key.pl
@@ -31,20 +31,12 @@ use Vyatta::Misc qw(get_short_config_path);
# Defaults
my $bits = 2192;
-my $device = "/dev/random";
if ($#ARGV > 1) {
die "Usage: gen_local_rsa_key.pl <bits> <device>\n";
}
$bits = $ARGV[0] if $#ARGV >= 0;
-#
-# The ipsec newhostkey command seems to support up to
-# 20000 bits for key generation, but xorp currently
-# can't handle a line that long when entered in the
-# config. Xorp seems to be able to handle keys generated
-# with up to 5840 bits.
-#
my ($bits_min, $bits_max) = (16, 4096);
if ($bits > $bits_max) {
@@ -56,10 +48,6 @@ if ($bits < $bits_min) {
if ($bits % 16 != 0) {
die "bits=$bits is not a multiple of 16\n";
}
-$device = $ARGV[1] if $#ARGV >= 1;
-unless (-r $device) {
- die "invalid random number device $device\n";
-}
my $local_key_file = rsa_get_local_key_file();
@@ -100,13 +88,7 @@ if (-e $temp_key_file) {
}
}
-$cmd = "/usr/lib/ipsec/newhostkey --output $local_key_file --bits $bits";
-#
-# The default random number generator is /dev/random, but it will block
-# if there isn't enough system activity to provide enough "good" random
-# bits. Try /dev/urandom if it's taking too long.
-#
-$cmd .= " --random $device";
+$cmd = "/usr/bin/openssl genrsa -out $local_key_file $bits";
# when presenting to users, show shortened /config path
my $shortened_cfg_path_file = get_short_config_path($local_key_file);
diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in b/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in
index 2eae9cc..198ec58 100644
--- a/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in
+++ b/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in
@@ -1,3 +1,3 @@
help: Generate local RSA key with specified number of bits
-run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl "$5" /dev/random
+run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl "$5"
allowed: echo -n '<16-4096>'
diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.def b/templates/generate/vpn/rsa-key/bits/node.tag/random/node.def
deleted file mode 100644
index 42118b5..0000000
--- a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.def
+++ /dev/null
@@ -1 +0,0 @@
-help: Generate local RSA key with specified number of bits and random device
diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in b/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in
deleted file mode 100644
index 81a9633..0000000
--- a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in
+++ /dev/null
@@ -1,3 +0,0 @@
-help: Generate local RSA key with specified number of bits and random device
-run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl "$5" "$7"
-allowed: echo -n '/dev/random /dev/urandom'
diff --git a/templates/generate/vpn/rsa-key/node.def.in b/templates/generate/vpn/rsa-key/node.def.in
index 482f32c..eab5a4f 100644
--- a/templates/generate/vpn/rsa-key/node.def.in
+++ b/templates/generate/vpn/rsa-key/node.def.in
@@ -1,2 +1,2 @@
-help: Generate local RSA key (default: bits=2192 device=/dev/random)
-run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl 2192 /dev/random
+help: Generate local RSA key (default: bits=2192)
+run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl 2192