in ssh-keygen.c [173:227]
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
unsigned long);
#endif
static void
type_bits_valid(int type, const char *name, u_int32_t *bitsp)
{
if (type == KEY_UNSPEC)
fatal("unknown key type %s", key_type_name);
if (*bitsp == 0) {
#ifdef WITH_OPENSSL
u_int nid;
switch(type) {
case KEY_DSA:
*bitsp = DEFAULT_BITS_DSA;
break;
case KEY_ECDSA:
if (name != NULL &&
(nid = sshkey_ecdsa_nid_from_name(name)) > 0)
*bitsp = sshkey_curve_nid_to_bits(nid);
if (*bitsp == 0)
*bitsp = DEFAULT_BITS_ECDSA;
break;
case KEY_RSA:
*bitsp = DEFAULT_BITS;
break;
}
#endif
}
#ifdef WITH_OPENSSL
switch (type) {
case KEY_DSA:
if (*bitsp != 1024)
fatal("Invalid DSA key length: must be 1024 bits");
break;
case KEY_RSA:
if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE)
fatal("Invalid RSA key length: minimum is %d bits",
SSH_RSA_MINIMUM_MODULUS_SIZE);
else if (*bitsp > OPENSSL_RSA_MAX_MODULUS_BITS)
fatal("Invalid RSA key length: maximum is %d bits",
OPENSSL_RSA_MAX_MODULUS_BITS);
break;
case KEY_ECDSA:
if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1)
fatal("Invalid ECDSA key length: valid lengths are "
#ifdef OPENSSL_HAS_NISTP521
"256, 384 or 521 bits");
#else
"256 or 384 bits");
#endif
}
#endif
}