diff options
| -rw-r--r-- | ChangeLog | 12 | ||||
| -rw-r--r-- | ssh-keygen.c | 12 |
2 files changed, 20 insertions, 4 deletions
| @@ -1,3 +1,13 @@ | |||
| 1 | 20051105 | ||
| 2 | - (djm) OpenBSD CVS Sync | ||
| 3 | - markus@cvs.openbsd.org 2005/10/07 11:13:57 | ||
| 4 | [ssh-keygen.c] | ||
| 5 | change DSA default back to 1024, as it's defined for 1024 bits only | ||
| 6 | and this causes interop problems with other clients. moreover, | ||
| 7 | in order to improve the security of DSA you need to change more | ||
| 8 | components of DSA key generation (e.g. the internal SHA1 hash); | ||
| 9 | ok deraadt | ||
| 10 | |||
| 1 | 20051102 | 11 | 20051102 |
| 2 | - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). | 12 | - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). |
| 3 | Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net | 13 | Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net |
| @@ -3130,4 +3140,4 @@ | |||
| 3130 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 3140 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 3131 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 3141 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 3132 | 3142 | ||
| 3133 | $Id: ChangeLog,v 1.3926 2005/11/01 22:07:31 dtucker Exp $ | 3143 | $Id: ChangeLog,v 1.3927 2005/11/05 03:52:18 djm Exp $ |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 92803da45..89686f5ac 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -12,7 +12,7 @@ | |||
| 12 | */ | 12 | */ |
| 13 | 13 | ||
| 14 | #include "includes.h" | 14 | #include "includes.h" |
| 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.129 2005/09/13 23:40:07 djm Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.130 2005/10/07 11:13:57 markus Exp $"); |
| 16 | 16 | ||
| 17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
| 18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
| @@ -35,8 +35,10 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.129 2005/09/13 23:40:07 djm Exp $"); | |||
| 35 | #endif | 35 | #endif |
| 36 | #include "dns.h" | 36 | #include "dns.h" |
| 37 | 37 | ||
| 38 | /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ | 38 | /* Number of bits in the RSA/DSA key. This value can be set on the command line. */ |
| 39 | u_int32_t bits = 2048; | 39 | #define DEFAULT_BITS 2048 |
| 40 | #define DEFAULT_BITS_DSA 1024 | ||
| 41 | u_int32_t bits = 0; | ||
| 40 | 42 | ||
| 41 | /* | 43 | /* |
| 42 | * Flag indicating that we just want to change the passphrase. This can be | 44 | * Flag indicating that we just want to change the passphrase. This can be |
| @@ -1217,6 +1219,8 @@ main(int ac, char **av) | |||
| 1217 | out_file, strerror(errno)); | 1219 | out_file, strerror(errno)); |
| 1218 | return (1); | 1220 | return (1); |
| 1219 | } | 1221 | } |
| 1222 | if (bits == 0) | ||
| 1223 | bits = DEFAULT_BITS; | ||
| 1220 | if (gen_candidates(out, memory, bits, start) != 0) | 1224 | if (gen_candidates(out, memory, bits, start) != 0) |
| 1221 | fatal("modulus candidate generation failed\n"); | 1225 | fatal("modulus candidate generation failed\n"); |
| 1222 | 1226 | ||
| @@ -1258,6 +1262,8 @@ main(int ac, char **av) | |||
| 1258 | } | 1262 | } |
| 1259 | if (!quiet) | 1263 | if (!quiet) |
| 1260 | printf("Generating public/private %s key pair.\n", key_type_name); | 1264 | printf("Generating public/private %s key pair.\n", key_type_name); |
| 1265 | if (bits == 0) | ||
| 1266 | bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS; | ||
| 1261 | private = key_generate(type, bits); | 1267 | private = key_generate(type, bits); |
| 1262 | if (private == NULL) { | 1268 | if (private == NULL) { |
| 1263 | fprintf(stderr, "key_generate failed"); | 1269 | fprintf(stderr, "key_generate failed"); |