diff options
author | dtucker <dtucker> | 2005-11-28 05:41:46 +0000 |
---|---|---|
committer | dtucker <dtucker> | 2005-11-28 05:41:46 +0000 |
commit | 36eb36591c2cc32aebd3c98caedd9362318bba51 (patch) | |
tree | c41715ca2380785bc7a3d96ea1ee0336979622a2 /ssh-keygen.c | |
parent | 565cc4350be7dcfde2acd8ad1efb2f7a2c13d702 (diff) | |
download | openssh-36eb36591c2cc32aebd3c98caedd9362318bba51.tar.gz |
[ssh-keygen.1 ssh-keygen.c]
Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
increase minumum RSA key size to 768 bits and update man page to reflect
these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
ok djm@, grudging ok deraadt@.
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 7f9c7fd1..b4c651d2 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.133 2005/10/31 11:12:49 djm Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.134 2005/11/28 05:16:53 dtucker Exp $"); #include <openssl/evp.h> #include <openssl/pem.h> @@ -1046,7 +1046,7 @@ main(int ac, char **av) "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { switch (opt) { case 'b': - bits = strtonum(optarg, 512, 32768, &errstr); + bits = strtonum(optarg, 768, 32768, &errstr); if (errstr) fatal("Bits has bad value %s (%s)", optarg, errstr); @@ -1259,6 +1259,8 @@ main(int ac, char **av) fprintf(stderr, "unknown key type %s\n", key_type_name); exit(1); } + if (type == KEY_DSA && bits != 1024) + fatal("DSA keys must be 1024 bits"); if (!quiet) printf("Generating public/private %s key pair.\n", key_type_name); if (bits == 0) |