diff options
| author |   naddy <naddy@openbsd.org> | 2019-08-05 21:45:27 +0000 |
|---|---|---|
| committer | naddy <naddy@openbsd.org> | 2019-08-05 21:45:27 +0000 |
| commit | e756ce96e4c91452b1a530ec488b7ff9473b6022 (patch) | |
| tree | 98050c6ce4cc5d1f03b4e367b631ee19d394581b /usr.bin/ssh/ssh-keygen.c | |
| parent | 6.7 packages key (diff) | |
| download | wireguard-openbsd-e756ce96e4c91452b1a530ec488b7ff9473b6022.tar.xz wireguard-openbsd-e756ce96e4c91452b1a530ec488b7ff9473b6022.zip | |
Many key types are supported now, so take care to check the size
restrictions and apply the default size only to the matching key
type.
tweak and ok dtucker@
Diffstat (limited to 'usr.bin/ssh/ssh-keygen.c')
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.c | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 7a7b8b787a0..02551ea280e 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.338 2019/07/19 03:38:01 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.339 2019/08/05 21:45:27 naddy Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -166,31 +166,30 @@ int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, static void type_bits_valid(int type, const char *name, u_int32_t *bitsp) { -#ifdef WITH_OPENSSL - u_int maxbits, nid; -#endif - if (type == KEY_UNSPEC) fatal("unknown key type %s", key_type_name); if (*bitsp == 0) { #ifdef WITH_OPENSSL - if (type == KEY_DSA) + u_int nid; + + switch(type) { + case KEY_DSA: *bitsp = DEFAULT_BITS_DSA; - else if (type == KEY_ECDSA) { + break; + case KEY_ECDSA: if (name != NULL && (nid = sshkey_ecdsa_nid_from_name(name)) > 0) *bitsp = sshkey_curve_nid_to_bits(nid); if (*bitsp == 0) *bitsp = DEFAULT_BITS_ECDSA; - } else -#endif + break; + case KEY_RSA: *bitsp = DEFAULT_BITS; + break; + } +#endif } #ifdef WITH_OPENSSL - maxbits = (type == KEY_DSA) ? - OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; - if (*bitsp > maxbits) - fatal("key bits exceeds maximum %d", maxbits); switch (type) { case KEY_DSA: if (*bitsp != 1024) @@ -200,6 +199,9 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp) if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE) fatal("Invalid RSA key length: minimum is %d bits", SSH_RSA_MINIMUM_MODULUS_SIZE); + else if (*bitsp > OPENSSL_RSA_MAX_MODULUS_BITS) + fatal("Invalid RSA key length: maximum is %d bits", + OPENSSL_RSA_MAX_MODULUS_BITS); break; case KEY_ECDSA: if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1) |