upstream commit
infer key length correctly when user specified a fully-
qualified key name instead of using the -b bits option; ok markus@
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 22f491c..500a366 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.254 2015/01/16 15:55:07 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.255 2015/01/18 13:22:28 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -180,10 +180,11 @@
unsigned long);
static void
-type_bits_valid(int type, u_int32_t *bitsp)
+type_bits_valid(int type, const char *name, u_int32_t *bitsp)
{
#ifdef WITH_OPENSSL
u_int maxbits;
+ int nid;
#endif
if (type == KEY_UNSPEC) {
@@ -193,8 +194,13 @@
if (*bitsp == 0) {
if (type == KEY_DSA)
*bitsp = DEFAULT_BITS_DSA;
- else if (type == KEY_ECDSA)
- *bitsp = DEFAULT_BITS_ECDSA;
+ else if (type == KEY_ECDSA) {
+ if (name != NULL &&
+ (nid = sshkey_ecdsa_nid_from_name(name)) > 0)
+ *bitsp = sshkey_curve_nid_to_bits(nid);
+ if (*bitsp == 0)
+ *bitsp = DEFAULT_BITS_ECDSA;
+ }
else
*bitsp = DEFAULT_BITS;
}
@@ -971,7 +977,7 @@
type = sshkey_type_from_name(key_types[i].key_type);
strlcpy(identity_file, key_types[i].path, sizeof(identity_file));
bits = 0;
- type_bits_valid(type, &bits);
+ type_bits_valid(type, NULL, &bits);
if ((r = sshkey_generate(type, bits, &private)) != 0) {
fprintf(stderr, "key_generate failed: %s\n",
ssh_err(r));
@@ -2671,7 +2677,7 @@
key_type_name = "rsa";
type = sshkey_type_from_name(key_type_name);
- type_bits_valid(type, &bits);
+ type_bits_valid(type, key_type_name, &bits);
if (!quiet)
printf("Generating public/private %s key pair.\n",