diff options
Diffstat (limited to 'ssh-keygen.c')
| -rw-r--r-- | ssh-keygen.c | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index ea3c0e638..11e391878 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keygen.c,v 1.338 2019/07/19 03:38:01 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.339 2019/08/05 21:45:27 naddy Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -173,31 +173,30 @@ int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, | |||
| 173 | static void | 173 | static void |
| 174 | type_bits_valid(int type, const char *name, u_int32_t *bitsp) | 174 | type_bits_valid(int type, const char *name, u_int32_t *bitsp) |
| 175 | { | 175 | { |
| 176 | #ifdef WITH_OPENSSL | ||
| 177 | u_int maxbits, nid; | ||
| 178 | #endif | ||
| 179 | |||
| 180 | if (type == KEY_UNSPEC) | 176 | if (type == KEY_UNSPEC) |
| 181 | fatal("unknown key type %s", key_type_name); | 177 | fatal("unknown key type %s", key_type_name); |
| 182 | if (*bitsp == 0) { | 178 | if (*bitsp == 0) { |
| 183 | #ifdef WITH_OPENSSL | 179 | #ifdef WITH_OPENSSL |
| 184 | if (type == KEY_DSA) | 180 | u_int nid; |
| 181 | |||
| 182 | switch(type) { | ||
| 183 | case KEY_DSA: | ||
| 185 | *bitsp = DEFAULT_BITS_DSA; | 184 | *bitsp = DEFAULT_BITS_DSA; |
| 186 | else if (type == KEY_ECDSA) { | 185 | break; |
| 186 | case KEY_ECDSA: | ||
| 187 | if (name != NULL && | 187 | if (name != NULL && |
| 188 | (nid = sshkey_ecdsa_nid_from_name(name)) > 0) | 188 | (nid = sshkey_ecdsa_nid_from_name(name)) > 0) |
| 189 | *bitsp = sshkey_curve_nid_to_bits(nid); | 189 | *bitsp = sshkey_curve_nid_to_bits(nid); |
| 190 | if (*bitsp == 0) | 190 | if (*bitsp == 0) |
| 191 | *bitsp = DEFAULT_BITS_ECDSA; | 191 | *bitsp = DEFAULT_BITS_ECDSA; |
| 192 | } else | 192 | break; |
| 193 | #endif | 193 | case KEY_RSA: |
| 194 | *bitsp = DEFAULT_BITS; | 194 | *bitsp = DEFAULT_BITS; |
| 195 | break; | ||
| 196 | } | ||
| 197 | #endif | ||
| 195 | } | 198 | } |
| 196 | #ifdef WITH_OPENSSL | 199 | #ifdef WITH_OPENSSL |
| 197 | maxbits = (type == KEY_DSA) ? | ||
| 198 | OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; | ||
| 199 | if (*bitsp > maxbits) | ||
| 200 | fatal("key bits exceeds maximum %d", maxbits); | ||
| 201 | switch (type) { | 200 | switch (type) { |
| 202 | case KEY_DSA: | 201 | case KEY_DSA: |
| 203 | if (*bitsp != 1024) | 202 | if (*bitsp != 1024) |
| @@ -207,6 +206,9 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp) | |||
| 207 | if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE) | 206 | if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE) |
| 208 | fatal("Invalid RSA key length: minimum is %d bits", | 207 | fatal("Invalid RSA key length: minimum is %d bits", |
| 209 | SSH_RSA_MINIMUM_MODULUS_SIZE); | 208 | SSH_RSA_MINIMUM_MODULUS_SIZE); |
| 209 | else if (*bitsp > OPENSSL_RSA_MAX_MODULUS_BITS) | ||
| 210 | fatal("Invalid RSA key length: maximum is %d bits", | ||
| 211 | OPENSSL_RSA_MAX_MODULUS_BITS); | ||
| 210 | break; | 212 | break; |
| 211 | case KEY_ECDSA: | 213 | case KEY_ECDSA: |
| 212 | if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1) | 214 | if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1) |