From 46d8840f7ea8e0f0569c5a4b9cd4074da8d7973b Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Mon, 26 Nov 2018 18:00:14 +0100 Subject: [PATCH] The largest ECDSA key has 521 bits Signed-off-by: Jakub Jelen Reviewed-by: Andreas Schneider --- src/pki.c | 2 +- src/pki_crypto.c | 2 +- src/pki_gcrypt.c | 2 +- src/pki_mbedcrypto.c | 2 +- tests/unittests/torture_options.c | 2 +- tests/unittests/torture_pki_ecdsa.c | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/pki.c b/src/pki.c index 282ed70c..9d50e870 100644 --- a/src/pki.c +++ b/src/pki.c @@ -1538,7 +1538,7 @@ int ssh_pki_import_cert_file(const char *filename, ssh_key *pkey) * @param[in] parameter Parameter to the creation of key: * rsa : length of the key in bits (e.g. 1024, 2048, 4096) * dsa : length of the key in bits (e.g. 1024, 2048, 3072) - * ecdsa : bits of the key (e.g. 256, 384, 512) + * ecdsa : bits of the key (e.g. 256, 384, 521) * @param[out] pkey A pointer to store the allocated private key. You need * to free the memory. * diff --git a/src/pki_crypto.c b/src/pki_crypto.c index ccd22a13..0c9f8ab4 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -558,7 +558,7 @@ int pki_key_generate_ecdsa(ssh_key key, int parameter) { case 384: nid = NID_secp384r1; break; - case 512: + case 521: nid = NID_secp521r1; break; case 256: diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c index 4ef4d882..e0c356b8 100644 --- a/src/pki_gcrypt.c +++ b/src/pki_gcrypt.c @@ -1348,7 +1348,7 @@ int pki_key_generate_ecdsa(ssh_key key, int parameter) { case 384: nid = NID_gcrypt_nistp384; break; - case 512: + case 521: nid = NID_gcrypt_nistp521; break; case 256: diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c index 26a80be0..f4138ab4 100644 --- a/src/pki_mbedcrypto.c +++ b/src/pki_mbedcrypto.c @@ -1439,7 +1439,7 @@ int pki_key_generate_ecdsa(ssh_key key, int parameter) case 384: nid = NID_mbedtls_nistp384; break; - case 512: + case 521: nid = NID_mbedtls_nistp521; break; case 256: diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c index 80fe84b2..d35502a9 100644 --- a/tests/unittests/torture_options.c +++ b/tests/unittests/torture_options.c @@ -674,7 +674,7 @@ static void torture_bind_options_import_key(void **state) assert_int_equal(rc, 0); #endif /* set ecdsa key */ - base64_key = torture_get_testkey(SSH_KEYTYPE_ECDSA, 512, 0); + base64_key = torture_get_testkey(SSH_KEYTYPE_ECDSA, 521, 0); rc = ssh_pki_import_privkey_base64(base64_key, NULL, NULL, NULL, &key); assert_int_equal(rc, SSH_OK); assert_non_null(key); diff --git a/tests/unittests/torture_pki_ecdsa.c b/tests/unittests/torture_pki_ecdsa.c index 2f0f7d96..07020eb6 100644 --- a/tests/unittests/torture_pki_ecdsa.c +++ b/tests/unittests/torture_pki_ecdsa.c @@ -451,7 +451,7 @@ static void torture_pki_generate_key_ecdsa(void **state) ssh_signature_free(sign); SSH_KEY_FREE(key); - rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 512, &key); + rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 521, &key); assert_true(rc == SSH_OK); assert_true(key != NULL); sign = pki_do_sign(key, ECDSA_HASH, 20);