diff options
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index a66e8508c..0abf10f61 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.201 2010/08/31 12:33:38 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.202 2010/09/02 16:07:25 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1825,7 +1825,7 @@ main(int argc, char **argv) | |||
1825 | "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) { | 1825 | "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) { |
1826 | switch (opt) { | 1826 | switch (opt) { |
1827 | case 'b': | 1827 | case 'b': |
1828 | bits = (u_int32_t)strtonum(optarg, 768, 32768, &errstr); | 1828 | bits = (u_int32_t)strtonum(optarg, 256, 32768, &errstr); |
1829 | if (errstr) | 1829 | if (errstr) |
1830 | fatal("Bits has bad value %s (%s)", | 1830 | fatal("Bits has bad value %s (%s)", |
1831 | optarg, errstr); | 1831 | optarg, errstr); |
@@ -2125,6 +2125,8 @@ main(int argc, char **argv) | |||
2125 | } | 2125 | } |
2126 | if (type == KEY_DSA && bits != 1024) | 2126 | if (type == KEY_DSA && bits != 1024) |
2127 | fatal("DSA keys must be 1024 bits"); | 2127 | fatal("DSA keys must be 1024 bits"); |
2128 | else if (type != KEY_ECDSA && bits < 768) | ||
2129 | fatal("Key must at least be 768 bits"); | ||
2128 | else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(bits) == -1) | 2130 | else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(bits) == -1) |
2129 | fatal("Invalid ECDSA key length - valid lengths are " | 2131 | fatal("Invalid ECDSA key length - valid lengths are " |
2130 | "256, 384 or 521 bits"); | 2132 | "256, 384 or 521 bits"); |