Attachment #3308 for bug #3050

View | Details | Raw Unified | Return to bug 3050
Collapse All | Expand All




static void
type_bits_valid(int type, const char *name, u_int32_t *bitsp)
{
#ifdef WITH_OPENSSL
	u_int maxbits, nid;
#endif

	if (type == KEY_UNSPEC)
		fatal("unknown key type %s", key_type_name);
	if (*bitsp == 0) {
#ifdef WITH_OPENSSL
		u_int nid;

		if (type == KEY_DSA)
			*bitsp = DEFAULT_BITS_DSA;
		else if (type == KEY_ECDSA) {

			*bitsp = DEFAULT_BITS;
	}
#ifdef WITH_OPENSSL
	maxbits = (type == KEY_DSA) ?
	    OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
	if (*bitsp > maxbits)
		fatal("key bits exceeds maximum %d", maxbits);
	switch (type) {
	case KEY_DSA:
		if (*bitsp != 1024)
			fatal("Invalid DSA key length: must be 1024 bits");
		break;
	case KEY_RSA:
		if (*bitsp > OPENSSL_RSA_MAX_MODULUS_BITS)
			fatal("Invalid RSA key length: maximum is %d bits",
			    OPENSSL_RSA_MAX_MODULUS_BITS);
		if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE)
			fatal("Invalid RSA key length: minimum is %d bits",
			    SSH_RSA_MINIMUM_MODULUS_SIZE);

			gen_all_hostkeys = 1;
			break;
		case 'b':
			bits = (u_int32_t)strtonum(optarg, 0, UINT_MAX,
			    &errstr);
			if (errstr)
				fatal("Bits has bad value %s (%s)",
					optarg, errstr);

Return to bug 3050

Lines 166-179 int prime_test(FILE , FILE , u_int32_t Link Here

(-)ssh-keygen.c (-9 / +7 lines)
166	static void	166	static void
167	type_bits_valid(int type, const char name, u_int32_t bitsp)	167	type_bits_valid(int type, const char name, u_int32_t bitsp)
168	{	168	{
169	#ifdef WITH_OPENSSL
170	u_int maxbits, nid;
171	#endif
172
173	if (type == KEY_UNSPEC)	169	if (type == KEY_UNSPEC)
174	fatal("unknown key type %s", key_type_name);	170	fatal("unknown key type %s", key_type_name);
175	if (*bitsp == 0) {	171	if (*bitsp == 0) {
176	#ifdef WITH_OPENSSL	172	#ifdef WITH_OPENSSL
		173	u_int nid;
		174
177	if (type == KEY_DSA)	175	if (type == KEY_DSA)
178	*bitsp = DEFAULT_BITS_DSA;	176	*bitsp = DEFAULT_BITS_DSA;
179	else if (type == KEY_ECDSA) {	177	else if (type == KEY_ECDSA) {
Lines 187-202 type_bits_valid(int type, const char *na Link Here
187	*bitsp = DEFAULT_BITS;	185	*bitsp = DEFAULT_BITS;
188	}	186	}
189	#ifdef WITH_OPENSSL	187	#ifdef WITH_OPENSSL
190	maxbits = (type == KEY_DSA) ?
191	OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
192	if (*bitsp > maxbits)
193	fatal("key bits exceeds maximum %d", maxbits);
194	switch (type) {	188	switch (type) {
195	case KEY_DSA:	189	case KEY_DSA:
196	if (*bitsp != 1024)	190	if (*bitsp != 1024)
197	fatal("Invalid DSA key length: must be 1024 bits");	191	fatal("Invalid DSA key length: must be 1024 bits");
198	break;	192	break;
199	case KEY_RSA:	193	case KEY_RSA:
		194	if (*bitsp > OPENSSL_RSA_MAX_MODULUS_BITS)
		195	fatal("Invalid RSA key length: maximum is %d bits",
		196	OPENSSL_RSA_MAX_MODULUS_BITS);
200	if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE)	197	if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE)
201	fatal("Invalid RSA key length: minimum is %d bits",	198	fatal("Invalid RSA key length: minimum is %d bits",
202	SSH_RSA_MINIMUM_MODULUS_SIZE);	199	SSH_RSA_MINIMUM_MODULUS_SIZE);
Lines 2469-2475 main(int argc, char **argv) Link Here
2469	gen_all_hostkeys = 1;	2466	gen_all_hostkeys = 1;
2470	break;	2467	break;
2471	case 'b':	2468	case 'b':
2472	bits = (u_int32_t)strtonum(optarg, 10, 32768, &errstr);	2469	bits = (u_int32_t)strtonum(optarg, 0, UINT_MAX,
		2470	&errstr);
2473	if (errstr)	2471	if (errstr)
2474	fatal("Bits has bad value %s (%s)",	2472	fatal("Bits has bad value %s (%s)",
2475	optarg, errstr);	2473	optarg, errstr);