RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-02-27 11:20:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

upstream: Many key types are supported now, so take care to check

Browse Source 
the size restrictions and apply the default size only to the matching key
type. tweak and ok dtucker@

OpenBSD-Commit-ID: b825de92d79cc4cba19b298c61e99909488ff57e
This commit is contained in:
naddy@openbsd.org 2019-08-05 21:45:27 +00:00 committed by Damien Miller
parent 6b39a7b49e
commit c31e4f5fb3
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
ssh-keygen.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keygen.c,v 1.338 2019/07/19 03:38:01 djm Exp $ */ /* $OpenBSD: ssh-keygen.c,v 1.339 2019/08/05 21:45:27 naddy Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -173,31 +173,30 @@ int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
static void static void
type_bits_valid(int type, const char *name, u_int32_t *bitsp) type_bits_valid(int type, const char *name, u_int32_t *bitsp)
{ {
#ifdef WITH_OPENSSL
u_int maxbits, nid;
#endif
if (type == KEY_UNSPEC) if (type == KEY_UNSPEC)
fatal("unknown key type %s", key_type_name); fatal("unknown key type %s", key_type_name);
if (*bitsp == 0) { if (*bitsp == 0) {
#ifdef WITH_OPENSSL #ifdef WITH_OPENSSL
if (type == KEY_DSA) u_int nid;
switch(type) {
case KEY_DSA:
*bitsp = DEFAULT_BITS_DSA; *bitsp = DEFAULT_BITS_DSA;
else if (type == KEY_ECDSA) { break;
case KEY_ECDSA:
if (name != NULL && if (name != NULL &&
(nid = sshkey_ecdsa_nid_from_name(name)) > 0) (nid = sshkey_ecdsa_nid_from_name(name)) > 0)
*bitsp = sshkey_curve_nid_to_bits(nid); *bitsp = sshkey_curve_nid_to_bits(nid);
if (*bitsp == 0) if (*bitsp == 0)
*bitsp = DEFAULT_BITS_ECDSA; *bitsp = DEFAULT_BITS_ECDSA;
} else break;
#endif case KEY_RSA:
*bitsp = DEFAULT_BITS; *bitsp = DEFAULT_BITS;
break;
}
#endif
} }
#ifdef WITH_OPENSSL #ifdef WITH_OPENSSL
maxbits = (type == KEY_DSA) ?
OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
if (*bitsp > maxbits)
fatal("key bits exceeds maximum %d", maxbits);
switch (type) { switch (type) {
case KEY_DSA: case KEY_DSA:
if (*bitsp != 1024) if (*bitsp != 1024)
@ -207,6 +206,9 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp)
if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE) if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE)
fatal("Invalid RSA key length: minimum is %d bits", fatal("Invalid RSA key length: minimum is %d bits",
SSH_RSA_MINIMUM_MODULUS_SIZE); SSH_RSA_MINIMUM_MODULUS_SIZE);
else if (*bitsp > OPENSSL_RSA_MAX_MODULUS_BITS)
fatal("Invalid RSA key length: maximum is %d bits",
OPENSSL_RSA_MAX_MODULUS_BITS);
break; break;
case KEY_ECDSA: case KEY_ECDSA:
if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1) if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1)