summaryrefslogtreecommitdiff
path: root/ssh-keygen.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2013-12-07 11:24:01 +1100
committerDamien Miller <djm@mindrot.org>2013-12-07 11:24:01 +1100
commit5be9d9e3cbd9c66f24745d25bf2e809c1d158ee0 (patch)
treed2086d37436014ea44f0f024396a1a8638640b00 /ssh-keygen.c
parentbcd00abd8451f36142ae2ee10cc657202149201e (diff)
- markus@cvs.openbsd.org 2013/12/06 13:39:49
[authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c] [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c] [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c] [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c] [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c] support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r--ssh-keygen.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 533eed291..eae83a461 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.237 2013/12/06 13:34:54 markus Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.238 2013/12/06 13:39:49 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -197,7 +197,7 @@ type_bits_valid(int type, u_int32_t *bitsp)
197 } 197 }
198 if (type == KEY_DSA && *bitsp != 1024) 198 if (type == KEY_DSA && *bitsp != 1024)
199 fatal("DSA keys must be 1024 bits"); 199 fatal("DSA keys must be 1024 bits");
200 else if (type != KEY_ECDSA && *bitsp < 768) 200 else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)
201 fatal("Key must at least be 768 bits"); 201 fatal("Key must at least be 768 bits");
202 else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1) 202 else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1)
203 fatal("Invalid ECDSA key length - valid lengths are " 203 fatal("Invalid ECDSA key length - valid lengths are "
@@ -233,6 +233,10 @@ ask_filename(struct passwd *pw, const char *prompt)
233 case KEY_RSA: 233 case KEY_RSA:
234 name = _PATH_SSH_CLIENT_ID_RSA; 234 name = _PATH_SSH_CLIENT_ID_RSA;
235 break; 235 break;
236 case KEY_ED25519:
237 case KEY_ED25519_CERT:
238 name = _PATH_SSH_CLIENT_ID_ED25519;
239 break;
236 default: 240 default:
237 fprintf(stderr, "bad key type\n"); 241 fprintf(stderr, "bad key type\n");
238 exit(1); 242 exit(1);
@@ -896,6 +900,7 @@ do_gen_all_hostkeys(struct passwd *pw)
896#ifdef OPENSSL_HAS_ECC 900#ifdef OPENSSL_HAS_ECC
897 { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE }, 901 { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
898#endif 902#endif
903 { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
899 { NULL, NULL, NULL } 904 { NULL, NULL, NULL }
900 }; 905 };
901 906
@@ -1611,7 +1616,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv)
1611 if ((public = key_load_public(tmp, &comment)) == NULL) 1616 if ((public = key_load_public(tmp, &comment)) == NULL)
1612 fatal("%s: unable to open \"%s\"", __func__, tmp); 1617 fatal("%s: unable to open \"%s\"", __func__, tmp);
1613 if (public->type != KEY_RSA && public->type != KEY_DSA && 1618 if (public->type != KEY_RSA && public->type != KEY_DSA &&
1614 public->type != KEY_ECDSA) 1619 public->type != KEY_ECDSA && public->type != KEY_ED25519)
1615 fatal("%s: key \"%s\" type %s cannot be certified", 1620 fatal("%s: key \"%s\" type %s cannot be certified",
1616 __func__, tmp, key_type(public)); 1621 __func__, tmp, key_type(public));
1617 1622
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-09 16:08:58 +0000