summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog12
-rw-r--r--ssh-keygen.c12
2 files changed, 20 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index cf8031250..10c031042 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
120051105
2 - (djm) OpenBSD CVS Sync
3 - markus@cvs.openbsd.org 2005/10/07 11:13:57
4 [ssh-keygen.c]
5 change DSA default back to 1024, as it's defined for 1024 bits only
6 and this causes interop problems with other clients. moreover,
7 in order to improve the security of DSA you need to change more
8 components of DSA key generation (e.g. the internal SHA1 hash);
9 ok deraadt
10
120051102 1120051102
2 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). 12 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup().
3 Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net 13 Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net
@@ -3130,4 +3140,4 @@
3130 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 3140 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
3131 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 3141 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
3132 3142
3133$Id: ChangeLog,v 1.3926 2005/11/01 22:07:31 dtucker Exp $ 3143$Id: ChangeLog,v 1.3927 2005/11/05 03:52:18 djm Exp $
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 92803da45..89686f5ac 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: ssh-keygen.c,v 1.129 2005/09/13 23:40:07 djm Exp $"); 15RCSID("$OpenBSD: ssh-keygen.c,v 1.130 2005/10/07 11:13:57 markus Exp $");
16 16
17#include <openssl/evp.h> 17#include <openssl/evp.h>
18#include <openssl/pem.h> 18#include <openssl/pem.h>
@@ -35,8 +35,10 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.129 2005/09/13 23:40:07 djm Exp $");
35#endif 35#endif
36#include "dns.h" 36#include "dns.h"
37 37
38/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ 38/* Number of bits in the RSA/DSA key. This value can be set on the command line. */
39u_int32_t bits = 2048; 39#define DEFAULT_BITS 2048
40#define DEFAULT_BITS_DSA 1024
41u_int32_t bits = 0;
40 42
41/* 43/*
42 * Flag indicating that we just want to change the passphrase. This can be 44 * Flag indicating that we just want to change the passphrase. This can be
@@ -1217,6 +1219,8 @@ main(int ac, char **av)
1217 out_file, strerror(errno)); 1219 out_file, strerror(errno));
1218 return (1); 1220 return (1);
1219 } 1221 }
1222 if (bits == 0)
1223 bits = DEFAULT_BITS;
1220 if (gen_candidates(out, memory, bits, start) != 0) 1224 if (gen_candidates(out, memory, bits, start) != 0)
1221 fatal("modulus candidate generation failed\n"); 1225 fatal("modulus candidate generation failed\n");
1222 1226
@@ -1258,6 +1262,8 @@ main(int ac, char **av)
1258 } 1262 }
1259 if (!quiet) 1263 if (!quiet)
1260 printf("Generating public/private %s key pair.\n", key_type_name); 1264 printf("Generating public/private %s key pair.\n", key_type_name);
1265 if (bits == 0)
1266 bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS;
1261 private = key_generate(type, bits); 1267 private = key_generate(type, bits);
1262 if (private == NULL) { 1268 if (private == NULL) {
1263 fprintf(stderr, "key_generate failed"); 1269 fprintf(stderr, "key_generate failed");