upstream commit

refuse to generate or accept RSA keys smaller than 1024 bits; feedback and ok dtucker@ Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba
author: djm@openbsd.org <djm@openbsd.org> 2015-07-03 03:49:45 +0000
committer: Damien Miller <djm@mindrot.org> 2015-07-15 15:36:02 +1000
commit: 933935ce8d093996c34d7efa4d59113163080680 (patch)
tree: 7c2df1bfff8ab967e52436d649a420fc20ba80c6 /ssh-keygen.c
parent: bdfd29f60b74f3e678297269dc6247a5699583c1 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index b546366f1..ea5f1e49e 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.275 2015/07/03 03:43:18 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.276 2015/07/03 03:49:45 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -217,8 +217,8 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp)
                fatal("key bits exceeds maximum %d", maxbits);
        if (type == KEY_DSA && *bitsp != 1024)
                fatal("DSA keys must be 1024 bits");
-        else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)
+        else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 1024)
-                fatal("Key must at least be 768 bits");
+                fatal("Key must at least be 1024 bits");
        else if (type == KEY_ECDSA && sshkey_ecdsa_bits_to_nid(*bitsp) == -1)
                fatal("Invalid ECDSA key length - valid lengths are "
                    "256, 384 or 521 bits");
author	djm@openbsd.org <djm@openbsd.org>	2015-07-03 03:49:45 +0000
committer	Damien Miller <djm@mindrot.org>	2015-07-15 15:36:02 +1000
commit	933935ce8d093996c34d7efa4d59113163080680 (patch)
tree	7c2df1bfff8ab967e52436d649a420fc20ba80c6 /ssh-keygen.c
parent	bdfd29f60b74f3e678297269dc6247a5699583c1 (diff)

diff --git a/ssh-keygen.c b/ssh-keygen.c index b546366f1..ea5f1e49e 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-keygen.c,v 1.275 2015/07/03 03:43:18 djm Exp $ */	1	/* $OpenBSD: ssh-keygen.c,v 1.276 2015/07/03 03:49:45 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -217,8 +217,8 @@ type_bits_valid(int type, const char name, u_int32_t bitsp)
217	fatal("key bits exceeds maximum %d", maxbits);	217	fatal("key bits exceeds maximum %d", maxbits);
218	if (type == KEY_DSA && *bitsp != 1024)	218	if (type == KEY_DSA && *bitsp != 1024)
219	fatal("DSA keys must be 1024 bits");	219	fatal("DSA keys must be 1024 bits");
220	else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)	220	else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 1024)
221	fatal("Key must at least be 768 bits");	221	fatal("Key must at least be 1024 bits");
222	else if (type == KEY_ECDSA && sshkey_ecdsa_bits_to_nid(*bitsp) == -1)	222	else if (type == KEY_ECDSA && sshkey_ecdsa_bits_to_nid(*bitsp) == -1)
223	fatal("Invalid ECDSA key length - valid lengths are "	223	fatal("Invalid ECDSA key length - valid lengths are "
224	"256, 384 or 521 bits");	224	"256, 384 or 521 bits");