1c1
< /* $OpenBSD: ssh-keygen.c,v 1.197 2010/08/04 06:07:11 djm Exp $ */
---
> /* $OpenBSD: ssh-keygen.c,v 1.205 2011/01/11 06:13:10 djm Exp $ */
59a60
> #define DEFAULT_BITS_ECDSA 256
178a180,185
> #ifdef OPENSSL_HAS_ECC
> case KEY_ECDSA_CERT:
> case KEY_ECDSA:
> name = _PATH_SSH_CLIENT_ID_ECDSA;
> break;
> #endif
262a270,275
> #ifdef OPENSSL_HAS_ECC
> case KEY_ECDSA:
> if (!PEM_write_EC_PUBKEY(stdout, k->ecdsa))
> fatal("PEM_write_EC_PUBKEY failed");
> break;
> #endif
282a296
> /* XXX ECDSA? */
541a556,563
> #ifdef OPENSSL_HAS_ECC
> case EVP_PKEY_EC:
> *k = key_new(KEY_UNSPEC);
> (*k)->type = KEY_ECDSA;
> (*k)->ecdsa = EVP_PKEY_get1_EC_KEY(pubkey);
> (*k)->ecdsa_nid = key_ecdsa_key_to_nid((*k)->ecdsa);
> break;
> #endif
576a599
> /* XXX ECDSA */
616a640,645
> #ifdef OPENSSL_HAS_ECC
> case KEY_ECDSA:
> ok = PEM_write_ECPrivateKey(stdout, k->ecdsa, NULL,
> NULL, 0, NULL, NULL);
> break;
> #endif
1407c1436,1437
< if (public->type != KEY_RSA && public->type != KEY_DSA)
---
> if (public->type != KEY_RSA && public->type != KEY_DSA &&
> public->type != KEY_ECDSA)
1453c1483,1484
< out, public->cert->key_id, public->cert->serial,
---
> out, public->cert->key_id,
> (unsigned long long)public->cert->serial,
1678,1679c1709,1712
< if (!v00)
< printf(" Serial: %llu\n", key->cert->serial);
---
> if (!v00) {
> printf(" Serial: %llu\n",
> (unsigned long long)key->cert->serial);
> }
1784c1817
< SSLeay_add_all_algorithms();
---
> OpenSSL_add_all_algorithms();
1805c1838
< bits = (u_int32_t)strtonum(optarg, 768, 32768, &errstr);
---
> bits = (u_int32_t)strtonum(optarg, 256, 32768, &errstr);
2089,2090c2122,2129
< if (bits == 0)
< bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS;
---
> if (bits == 0) {
> if (type == KEY_DSA)
> bits = DEFAULT_BITS_DSA;
> else if (type == KEY_ECDSA)
> bits = DEFAULT_BITS_ECDSA;
> else
> bits = DEFAULT_BITS;
> }
2098a2138,2142
> else if (type != KEY_ECDSA && bits < 768)
> fatal("Key must at least be 768 bits");
> else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(bits) == -1)
> fatal("Invalid ECDSA key length - valid lengths are "
> "256, 384 or 521 bits");
< /* $OpenBSD: ssh-keygen.c,v 1.197 2010/08/04 06:07:11 djm Exp $ */
---
> /* $OpenBSD: ssh-keygen.c,v 1.205 2011/01/11 06:13:10 djm Exp $ */
59a60
> #define DEFAULT_BITS_ECDSA 256
178a180,185
> #ifdef OPENSSL_HAS_ECC
> case KEY_ECDSA_CERT:
> case KEY_ECDSA:
> name = _PATH_SSH_CLIENT_ID_ECDSA;
> break;
> #endif
262a270,275
> #ifdef OPENSSL_HAS_ECC
> case KEY_ECDSA:
> if (!PEM_write_EC_PUBKEY(stdout, k->ecdsa))
> fatal("PEM_write_EC_PUBKEY failed");
> break;
> #endif
282a296
> /* XXX ECDSA? */
541a556,563
> #ifdef OPENSSL_HAS_ECC
> case EVP_PKEY_EC:
> *k = key_new(KEY_UNSPEC);
> (*k)->type = KEY_ECDSA;
> (*k)->ecdsa = EVP_PKEY_get1_EC_KEY(pubkey);
> (*k)->ecdsa_nid = key_ecdsa_key_to_nid((*k)->ecdsa);
> break;
> #endif
576a599
> /* XXX ECDSA */
616a640,645
> #ifdef OPENSSL_HAS_ECC
> case KEY_ECDSA:
> ok = PEM_write_ECPrivateKey(stdout, k->ecdsa, NULL,
> NULL, 0, NULL, NULL);
> break;
> #endif
1407c1436,1437
< if (public->type != KEY_RSA && public->type != KEY_DSA)
---
> if (public->type != KEY_RSA && public->type != KEY_DSA &&
> public->type != KEY_ECDSA)
1453c1483,1484
< out, public->cert->key_id, public->cert->serial,
---
> out, public->cert->key_id,
> (unsigned long long)public->cert->serial,
1678,1679c1709,1712
< if (!v00)
< printf(" Serial: %llu\n", key->cert->serial);
---
> if (!v00) {
> printf(" Serial: %llu\n",
> (unsigned long long)key->cert->serial);
> }
1784c1817
< SSLeay_add_all_algorithms();
---
> OpenSSL_add_all_algorithms();
1805c1838
< bits = (u_int32_t)strtonum(optarg, 768, 32768, &errstr);
---
> bits = (u_int32_t)strtonum(optarg, 256, 32768, &errstr);
2089,2090c2122,2129
< if (bits == 0)
< bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS;
---
> if (bits == 0) {
> if (type == KEY_DSA)
> bits = DEFAULT_BITS_DSA;
> else if (type == KEY_ECDSA)
> bits = DEFAULT_BITS_ECDSA;
> else
> bits = DEFAULT_BITS;
> }
2098a2138,2142
> else if (type != KEY_ECDSA && bits < 768)
> fatal("Key must at least be 768 bits");
> else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(bits) == -1)
> fatal("Invalid ECDSA key length - valid lengths are "
> "256, 384 or 521 bits");