summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2010-05-10 11:54:38 +1000
committerDamien Miller <djm@mindrot.org>2010-05-10 11:54:38 +1000
commitbebbb7e8a591b4a2bb297f618ca2ee1f306d3d9c (patch)
tree6b943c116ef8d13526071fd1aac0f958f9d10b6d
parent22a29880bb324983a997f6bc03484879cae1f912 (diff)
- djm@cvs.openbsd.org 2010/04/23 22:48:31
[ssh-keygen.c] refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS, since we would refuse to use them anyway. bz#1516; ok dtucker@
Diffstat
-rw-r--r--ChangeLog4
-rw-r--r--ssh-keygen.c9
2 files changed, 12 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 45389e49d..fc9e4e855 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,10 @@
15 set stderr to /dev/null for subsystems rather than just closing it. 15 set stderr to /dev/null for subsystems rather than just closing it.
16 avoids hangs if a subsystem or shell initialisation writes to stderr. 16 avoids hangs if a subsystem or shell initialisation writes to stderr.
17 bz#1750; ok markus@ 17 bz#1750; ok markus@
18 - djm@cvs.openbsd.org 2010/04/23 22:48:31
19 [ssh-keygen.c]
20 refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS,
21 since we would refuse to use them anyway. bz#1516; ok dtucker@
18 22
1920100423 2320100423
20 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir 24 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 45248237c..1eb25bd94 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.188 2010/04/23 01:47:41 djm Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.189 2010/04/23 22:48:31 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1563,6 +1563,7 @@ main(int argc, char **argv)
1563 struct passwd *pw; 1563 struct passwd *pw;
1564 struct stat st; 1564 struct stat st;
1565 int opt, type, fd; 1565 int opt, type, fd;
1566 u_int maxbits;
1566 u_int32_t memory = 0, generator_wanted = 0, trials = 100; 1567 u_int32_t memory = 0, generator_wanted = 0, trials = 100;
1567 int do_gen_candidates = 0, do_screen_candidates = 0; 1568 int do_gen_candidates = 0, do_screen_candidates = 0;
1568 BIGNUM *start = NULL; 1569 BIGNUM *start = NULL;
@@ -1869,6 +1870,12 @@ main(int argc, char **argv)
1869 } 1870 }
1870 if (bits == 0) 1871 if (bits == 0)
1871 bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS; 1872 bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS;
1873 maxbits = (type == KEY_DSA) ?
1874 OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
1875 if (bits > maxbits) {
1876 fprintf(stderr, "key bits exceeds maximum %d\n", maxbits);
1877 exit(1);
1878 }
1872 if (type == KEY_DSA && bits != 1024) 1879 if (type == KEY_DSA && bits != 1024)
1873 fatal("DSA keys must be 1024 bits"); 1880 fatal("DSA keys must be 1024 bits");
1874 if (!quiet) 1881 if (!quiet)
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-08 05:18:41 +0000