diff options
| author |   djm <djm@openbsd.org> | 2015-01-18 13:22:28 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2015-01-18 13:22:28 +0000 |
| commit | a9ad3f546ae93421e9cc2091005cac9b81a69dfa (patch) | |
| tree | 6c258230ffecaee6282b4ba542b88ae0608ad73d | |
| parent | The 'mrs' instruction only deals with the whole register without (diff) | |
| download | wireguard-openbsd-a9ad3f546ae93421e9cc2091005cac9b81a69dfa.tar.xz wireguard-openbsd-a9ad3f546ae93421e9cc2091005cac9b81a69dfa.zip | |
infer key length correctly when user specified a fully-
qualified key name instead of using the -b bits option;
ok markus@
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 30e02b8e26c..bcbd5538122 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.254 2015/01/16 15:55:07 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.255 2015/01/18 13:22:28 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -174,9 +174,9 @@ int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, unsigned long); static void -type_bits_valid(int type, u_int32_t *bitsp) +type_bits_valid(int type, const char *name, u_int32_t *bitsp) { - u_int maxbits; + u_int maxbits, nid; if (type == KEY_UNSPEC) { fprintf(stderr, "unknown key type %s\n", key_type_name); @@ -185,8 +185,13 @@ type_bits_valid(int type, u_int32_t *bitsp) if (*bitsp == 0) { if (type == KEY_DSA) *bitsp = DEFAULT_BITS_DSA; - else if (type == KEY_ECDSA) - *bitsp = DEFAULT_BITS_ECDSA; + else if (type == KEY_ECDSA) { + if (name != NULL && + (nid = sshkey_ecdsa_nid_from_name(name)) > 0) + *bitsp = sshkey_curve_nid_to_bits(nid); + if (*bitsp == 0) + *bitsp = DEFAULT_BITS_ECDSA; + } else *bitsp = DEFAULT_BITS; } @@ -953,7 +958,7 @@ do_gen_all_hostkeys(struct passwd *pw) type = sshkey_type_from_name(key_types[i].key_type); strlcpy(identity_file, key_types[i].path, sizeof(identity_file)); bits = 0; - type_bits_valid(type, &bits); + type_bits_valid(type, NULL, &bits); if ((r = sshkey_generate(type, bits, &private)) != 0) { fprintf(stderr, "key_generate failed: %s\n", ssh_err(r)); @@ -2649,7 +2654,7 @@ main(int argc, char **argv) key_type_name = "rsa"; type = sshkey_type_from_name(key_type_name); - type_bits_valid(type, &bits); + type_bits_valid(type, key_type_name, &bits); if (!quiet) printf("Generating public/private %s key pair.\n", |