version 1.270, 2015/04/24 01:36:01 |
version 1.271, 2015/04/27 01:52:30 |
|
|
static void |
static void |
type_bits_valid(int type, const char *name, u_int32_t *bitsp) |
type_bits_valid(int type, const char *name, u_int32_t *bitsp) |
{ |
{ |
|
#ifdef WITH_OPENSSL |
u_int maxbits, nid; |
u_int maxbits, nid; |
|
#endif |
|
|
if (type == KEY_UNSPEC) |
if (type == KEY_UNSPEC) |
fatal("unknown key type %s", key_type_name); |
fatal("unknown key type %s", key_type_name); |
if (*bitsp == 0) { |
if (*bitsp == 0) { |
|
#ifdef WITH_OPENSSL |
if (type == KEY_DSA) |
if (type == KEY_DSA) |
*bitsp = DEFAULT_BITS_DSA; |
*bitsp = DEFAULT_BITS_DSA; |
else if (type == KEY_ECDSA) { |
else if (type == KEY_ECDSA) { |
|
|
*bitsp = DEFAULT_BITS_ECDSA; |
*bitsp = DEFAULT_BITS_ECDSA; |
} |
} |
else |
else |
|
#endif |
*bitsp = DEFAULT_BITS; |
*bitsp = DEFAULT_BITS; |
} |
} |
|
#ifdef WITH_OPENSSL |
maxbits = (type == KEY_DSA) ? |
maxbits = (type == KEY_DSA) ? |
OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; |
OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; |
if (*bitsp > maxbits) |
if (*bitsp > maxbits) |
fatal("key bits exceeds maximum %d", maxbits); |
fatal("key bits exceeds maximum %d", maxbits); |
#ifdef WITH_OPENSSL |
|
if (type == KEY_DSA && *bitsp != 1024) |
if (type == KEY_DSA && *bitsp != 1024) |
fatal("DSA keys must be 1024 bits"); |
fatal("DSA keys must be 1024 bits"); |
else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) |
else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) |