diff options
-rw-r--r-- | ChangeLog | 12 | ||||
-rw-r--r-- | ssh-keygen.c | 12 |
2 files changed, 20 insertions, 4 deletions
@@ -1,3 +1,13 @@ | |||
1 | 20051105 | ||
2 | - (djm) OpenBSD CVS Sync | ||
3 | - markus@cvs.openbsd.org 2005/10/07 11:13:57 | ||
4 | [ssh-keygen.c] | ||
5 | change DSA default back to 1024, as it's defined for 1024 bits only | ||
6 | and this causes interop problems with other clients. moreover, | ||
7 | in order to improve the security of DSA you need to change more | ||
8 | components of DSA key generation (e.g. the internal SHA1 hash); | ||
9 | ok deraadt | ||
10 | |||
1 | 20051102 | 11 | 20051102 |
2 | - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). | 12 | - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). |
3 | Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net | 13 | Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net |
@@ -3130,4 +3140,4 @@ | |||
3130 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 3140 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
3131 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 3141 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
3132 | 3142 | ||
3133 | $Id: ChangeLog,v 1.3926 2005/11/01 22:07:31 dtucker Exp $ | 3143 | $Id: ChangeLog,v 1.3927 2005/11/05 03:52:18 djm Exp $ |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 92803da45..89686f5ac 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.129 2005/09/13 23:40:07 djm Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.130 2005/10/07 11:13:57 markus Exp $"); |
16 | 16 | ||
17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
@@ -35,8 +35,10 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.129 2005/09/13 23:40:07 djm Exp $"); | |||
35 | #endif | 35 | #endif |
36 | #include "dns.h" | 36 | #include "dns.h" |
37 | 37 | ||
38 | /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ | 38 | /* Number of bits in the RSA/DSA key. This value can be set on the command line. */ |
39 | u_int32_t bits = 2048; | 39 | #define DEFAULT_BITS 2048 |
40 | #define DEFAULT_BITS_DSA 1024 | ||
41 | u_int32_t bits = 0; | ||
40 | 42 | ||
41 | /* | 43 | /* |
42 | * Flag indicating that we just want to change the passphrase. This can be | 44 | * Flag indicating that we just want to change the passphrase. This can be |
@@ -1217,6 +1219,8 @@ main(int ac, char **av) | |||
1217 | out_file, strerror(errno)); | 1219 | out_file, strerror(errno)); |
1218 | return (1); | 1220 | return (1); |
1219 | } | 1221 | } |
1222 | if (bits == 0) | ||
1223 | bits = DEFAULT_BITS; | ||
1220 | if (gen_candidates(out, memory, bits, start) != 0) | 1224 | if (gen_candidates(out, memory, bits, start) != 0) |
1221 | fatal("modulus candidate generation failed\n"); | 1225 | fatal("modulus candidate generation failed\n"); |
1222 | 1226 | ||
@@ -1258,6 +1262,8 @@ main(int ac, char **av) | |||
1258 | } | 1262 | } |
1259 | if (!quiet) | 1263 | if (!quiet) |
1260 | printf("Generating public/private %s key pair.\n", key_type_name); | 1264 | printf("Generating public/private %s key pair.\n", key_type_name); |
1265 | if (bits == 0) | ||
1266 | bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS; | ||
1261 | private = key_generate(type, bits); | 1267 | private = key_generate(type, bits); |
1262 | if (private == NULL) { | 1268 | if (private == NULL) { |
1263 | fprintf(stderr, "key_generate failed"); | 1269 | fprintf(stderr, "key_generate failed"); |