diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2015-01-18 13:22:28 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-01-20 00:19:59 +1100 |
| commit | 7efb455789a0cb76bdcdee91c6060a3dc8f5c007 (patch) | |
| tree | 9eeaa341b3243d2dfa0a2704cdc43d535a519dfa | |
| parent | 83f8ffa6a55ccd0ce9d8a205e3e7439ec18fedf5 (diff) | |
upstream commit
infer key length correctly when user specified a fully-
qualified key name instead of using the -b bits option; ok markus@
| -rw-r--r-- | ssh-keygen.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 22f491cd4..500a36633 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keygen.c,v 1.254 2015/01/16 15:55:07 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.255 2015/01/18 13:22:28 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -180,10 +180,11 @@ int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, | |||
| 180 | unsigned long); | 180 | unsigned long); |
| 181 | 181 | ||
| 182 | static void | 182 | static void |
| 183 | type_bits_valid(int type, u_int32_t *bitsp) | 183 | type_bits_valid(int type, const char *name, u_int32_t *bitsp) |
| 184 | { | 184 | { |
| 185 | #ifdef WITH_OPENSSL | 185 | #ifdef WITH_OPENSSL |
| 186 | u_int maxbits; | 186 | u_int maxbits; |
| 187 | int nid; | ||
| 187 | #endif | 188 | #endif |
| 188 | 189 | ||
| 189 | if (type == KEY_UNSPEC) { | 190 | if (type == KEY_UNSPEC) { |
| @@ -193,8 +194,13 @@ type_bits_valid(int type, u_int32_t *bitsp) | |||
| 193 | if (*bitsp == 0) { | 194 | if (*bitsp == 0) { |
| 194 | if (type == KEY_DSA) | 195 | if (type == KEY_DSA) |
| 195 | *bitsp = DEFAULT_BITS_DSA; | 196 | *bitsp = DEFAULT_BITS_DSA; |
| 196 | else if (type == KEY_ECDSA) | 197 | else if (type == KEY_ECDSA) { |
| 197 | *bitsp = DEFAULT_BITS_ECDSA; | 198 | if (name != NULL && |
| 199 | (nid = sshkey_ecdsa_nid_from_name(name)) > 0) | ||
| 200 | *bitsp = sshkey_curve_nid_to_bits(nid); | ||
| 201 | if (*bitsp == 0) | ||
| 202 | *bitsp = DEFAULT_BITS_ECDSA; | ||
| 203 | } | ||
| 198 | else | 204 | else |
| 199 | *bitsp = DEFAULT_BITS; | 205 | *bitsp = DEFAULT_BITS; |
| 200 | } | 206 | } |
| @@ -971,7 +977,7 @@ do_gen_all_hostkeys(struct passwd *pw) | |||
| 971 | type = sshkey_type_from_name(key_types[i].key_type); | 977 | type = sshkey_type_from_name(key_types[i].key_type); |
| 972 | strlcpy(identity_file, key_types[i].path, sizeof(identity_file)); | 978 | strlcpy(identity_file, key_types[i].path, sizeof(identity_file)); |
| 973 | bits = 0; | 979 | bits = 0; |
| 974 | type_bits_valid(type, &bits); | 980 | type_bits_valid(type, NULL, &bits); |
| 975 | if ((r = sshkey_generate(type, bits, &private)) != 0) { | 981 | if ((r = sshkey_generate(type, bits, &private)) != 0) { |
| 976 | fprintf(stderr, "key_generate failed: %s\n", | 982 | fprintf(stderr, "key_generate failed: %s\n", |
| 977 | ssh_err(r)); | 983 | ssh_err(r)); |
| @@ -2671,7 +2677,7 @@ main(int argc, char **argv) | |||
| 2671 | key_type_name = "rsa"; | 2677 | key_type_name = "rsa"; |
| 2672 | 2678 | ||
| 2673 | type = sshkey_type_from_name(key_type_name); | 2679 | type = sshkey_type_from_name(key_type_name); |
| 2674 | type_bits_valid(type, &bits); | 2680 | type_bits_valid(type, key_type_name, &bits); |
| 2675 | 2681 | ||
| 2676 | if (!quiet) | 2682 | if (!quiet) |
| 2677 | printf("Generating public/private %s key pair.\n", | 2683 | printf("Generating public/private %s key pair.\n", |