summaryrefslogtreecommitdiff
path: root/ssh-keygen.c
diff options
context:
space:
mode:
authornaddy@openbsd.org <naddy@openbsd.org>2019-08-05 21:45:27 +0000
committerDamien Miller <djm@mindrot.org>2019-08-08 16:40:09 +1000
commitc31e4f5fb3915c040061981a67224de7650ab34b (patch)
tree52ef82146aa19c606af4e5c6b4c5ead7bd0ad2c7 /ssh-keygen.c
parent6b39a7b49ebacec4e70e24bfc8ea2f11057aac22 (diff)
upstream: Many key types are supported now, so take care to check
the size restrictions and apply the default size only to the matching key type. tweak and ok dtucker@ OpenBSD-Commit-ID: b825de92d79cc4cba19b298c61e99909488ff57e
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r--ssh-keygen.c28
1 files changed, 15 insertions, 13 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index ea3c0e638..11e391878 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.338 2019/07/19 03:38:01 djm Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.339 2019/08/05 21:45:27 naddy Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -173,31 +173,30 @@ int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
173static void 173static void
174type_bits_valid(int type, const char *name, u_int32_t *bitsp) 174type_bits_valid(int type, const char *name, u_int32_t *bitsp)
175{ 175{
176#ifdef WITH_OPENSSL
177 u_int maxbits, nid;
178#endif
179
180 if (type == KEY_UNSPEC) 176 if (type == KEY_UNSPEC)
181 fatal("unknown key type %s", key_type_name); 177 fatal("unknown key type %s", key_type_name);
182 if (*bitsp == 0) { 178 if (*bitsp == 0) {
183#ifdef WITH_OPENSSL 179#ifdef WITH_OPENSSL
184 if (type == KEY_DSA) 180 u_int nid;
181
182 switch(type) {
183 case KEY_DSA:
185 *bitsp = DEFAULT_BITS_DSA; 184 *bitsp = DEFAULT_BITS_DSA;
186 else if (type == KEY_ECDSA) { 185 break;
186 case KEY_ECDSA:
187 if (name != NULL && 187 if (name != NULL &&
188 (nid = sshkey_ecdsa_nid_from_name(name)) > 0) 188 (nid = sshkey_ecdsa_nid_from_name(name)) > 0)
189 *bitsp = sshkey_curve_nid_to_bits(nid); 189 *bitsp = sshkey_curve_nid_to_bits(nid);
190 if (*bitsp == 0) 190 if (*bitsp == 0)
191 *bitsp = DEFAULT_BITS_ECDSA; 191 *bitsp = DEFAULT_BITS_ECDSA;
192 } else 192 break;
193#endif 193 case KEY_RSA:
194 *bitsp = DEFAULT_BITS; 194 *bitsp = DEFAULT_BITS;
195 break;
196 }
197#endif
195 } 198 }
196#ifdef WITH_OPENSSL 199#ifdef WITH_OPENSSL
197 maxbits = (type == KEY_DSA) ?
198 OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
199 if (*bitsp > maxbits)
200 fatal("key bits exceeds maximum %d", maxbits);
201 switch (type) { 200 switch (type) {
202 case KEY_DSA: 201 case KEY_DSA:
203 if (*bitsp != 1024) 202 if (*bitsp != 1024)
@@ -207,6 +206,9 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp)
207 if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE) 206 if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE)
208 fatal("Invalid RSA key length: minimum is %d bits", 207 fatal("Invalid RSA key length: minimum is %d bits",
209 SSH_RSA_MINIMUM_MODULUS_SIZE); 208 SSH_RSA_MINIMUM_MODULUS_SIZE);
209 else if (*bitsp > OPENSSL_RSA_MAX_MODULUS_BITS)
210 fatal("Invalid RSA key length: maximum is %d bits",
211 OPENSSL_RSA_MAX_MODULUS_BITS);
210 break; 212 break;
211 case KEY_ECDSA: 213 case KEY_ECDSA:
212 if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1) 214 if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1)
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 05:01:51 +0000