version 1.338, 2019/07/19 03:38:01 |
version 1.339, 2019/08/05 21:45:27 |
|
|
static void |
static void |
type_bits_valid(int type, const char *name, u_int32_t *bitsp) |
type_bits_valid(int type, const char *name, u_int32_t *bitsp) |
{ |
{ |
#ifdef WITH_OPENSSL |
|
u_int maxbits, nid; |
|
#endif |
|
|
|
if (type == KEY_UNSPEC) |
if (type == KEY_UNSPEC) |
fatal("unknown key type %s", key_type_name); |
fatal("unknown key type %s", key_type_name); |
if (*bitsp == 0) { |
if (*bitsp == 0) { |
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
if (type == KEY_DSA) |
u_int nid; |
|
|
|
switch(type) { |
|
case KEY_DSA: |
*bitsp = DEFAULT_BITS_DSA; |
*bitsp = DEFAULT_BITS_DSA; |
else if (type == KEY_ECDSA) { |
break; |
|
case KEY_ECDSA: |
if (name != NULL && |
if (name != NULL && |
(nid = sshkey_ecdsa_nid_from_name(name)) > 0) |
(nid = sshkey_ecdsa_nid_from_name(name)) > 0) |
*bitsp = sshkey_curve_nid_to_bits(nid); |
*bitsp = sshkey_curve_nid_to_bits(nid); |
if (*bitsp == 0) |
if (*bitsp == 0) |
*bitsp = DEFAULT_BITS_ECDSA; |
*bitsp = DEFAULT_BITS_ECDSA; |
} else |
break; |
#endif |
case KEY_RSA: |
*bitsp = DEFAULT_BITS; |
*bitsp = DEFAULT_BITS; |
|
break; |
|
} |
|
#endif |
} |
} |
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
maxbits = (type == KEY_DSA) ? |
|
OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; |
|
if (*bitsp > maxbits) |
|
fatal("key bits exceeds maximum %d", maxbits); |
|
switch (type) { |
switch (type) { |
case KEY_DSA: |
case KEY_DSA: |
if (*bitsp != 1024) |
if (*bitsp != 1024) |
|
|
if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE) |
if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE) |
fatal("Invalid RSA key length: minimum is %d bits", |
fatal("Invalid RSA key length: minimum is %d bits", |
SSH_RSA_MINIMUM_MODULUS_SIZE); |
SSH_RSA_MINIMUM_MODULUS_SIZE); |
|
else if (*bitsp > OPENSSL_RSA_MAX_MODULUS_BITS) |
|
fatal("Invalid RSA key length: maximum is %d bits", |
|
OPENSSL_RSA_MAX_MODULUS_BITS); |
break; |
break; |
case KEY_ECDSA: |
case KEY_ECDSA: |
if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1) |
if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1) |