1 files changed, 21 insertions, 11 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index b17851946..64fadc7a1 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.135 2005/11/29 02:04:55 dtucker Exp $");
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -35,8 +35,10 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $");
 #endif
 #include "dns.h"
-/* Number of bits in the RSA/DSA key.  This value can be changed on the command line. */
+/* Number of bits in the RSA/DSA key.  This value can be set on the command line. */
-u_int32_t bits = 2048;
+#define DEFAULT_BITS            2048
+#define DEFAULT_BITS_DSA        1024
+u_int32_t bits = 0;
 /*
 * Flag indicating that we just want to change the passphrase.  This can be
@@ -1018,6 +1020,9 @@ main(int ac, char **av)
        extern int optind;
        extern char *optarg;
+        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+        sanitise_stdfd();
        __progname = ssh_get_progname(av[0]);
        SSLeay_add_all_algorithms();
@@ -1041,7 +1046,7 @@ main(int ac, char **av)
            "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
                switch (opt) {
                case 'b':
-                        bits = strtonum(optarg, 512, 32768, &errstr);
+                        bits = strtonum(optarg, 768, 32768, &errstr);
                        if (errstr)
                                fatal("Bits has bad value %s (%s)",
                                        optarg, errstr);
@@ -1214,8 +1219,10 @@ main(int ac, char **av)
                            out_file, strerror(errno));
                        return (1);
                }
+                if (bits == 0)
+                        bits = DEFAULT_BITS;
                if (gen_candidates(out, memory, bits, start) != 0)
-                        fatal("modulus candidate generation failed\n");
+                        fatal("modulus candidate generation failed");
                return (0);
        }
@@ -1238,21 +1245,24 @@ main(int ac, char **av)
                            out_file, strerror(errno));
                }
                if (prime_test(in, out, trials, generator_wanted) != 0)
-                        fatal("modulus screening failed\n");
+                        fatal("modulus screening failed");
                return (0);
        }
        arc4random_stir();
-        if (key_type_name == NULL) {
+        if (key_type_name == NULL)
-                printf("You must specify a key type (-t).\n");
+                key_type_name = "rsa";
-                usage();
-        }
        type = key_type_from_name(key_type_name);
        if (type == KEY_UNSPEC) {
                fprintf(stderr, "unknown key type %s\n", key_type_name);
                exit(1);
        }
+        if (bits == 0)
+                bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS;
+        if (type == KEY_DSA && bits != 1024)
+                fatal("DSA keys must be 1024 bits");
        if (!quiet)
                printf("Generating public/private %s key pair.\n", key_type_name);
        private = key_generate(type, bits);
@@ -1265,7 +1275,7 @@ main(int ac, char **av)
        if (!have_identity)
                ask_filename(pw, "Enter file in which to save the key");
-        /* Create ~/.ssh directory if it doesn\'t already exist. */
+        /* Create ~/.ssh directory if it doesn't already exist. */
        snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);
        if (strstr(identity_file, dotsshdir) != NULL &&
            stat(dotsshdir, &st) < 0) {

diff --git a/ssh-keygen.c b/ssh-keygen.c index b17851946..64fadc7a1 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
12	*/	12	*/
13		13
14	#include "includes.h"	14	#include "includes.h"
15	RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $");	15	RCSID("$OpenBSD: ssh-keygen.c,v 1.135 2005/11/29 02:04:55 dtucker Exp $");
16		16
17	#include <openssl/evp.h>	17	#include <openssl/evp.h>
18	#include <openssl/pem.h>	18	#include <openssl/pem.h>
@@ -35,8 +35,10 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $");
35	#endif	35	#endif
36	#include "dns.h"	36	#include "dns.h"
37		37
38	/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */	38	/* Number of bits in the RSA/DSA key. This value can be set on the command line. */
39	u_int32_t bits = 2048;	39	#define DEFAULT_BITS 2048
		40	#define DEFAULT_BITS_DSA 1024
		41	u_int32_t bits = 0;
40		42
41	/*	43	/*
42	* Flag indicating that we just want to change the passphrase. This can be	44	* Flag indicating that we just want to change the passphrase. This can be
@@ -1018,6 +1020,9 @@ main(int ac, char **av)
1018	extern int optind;	1020	extern int optind;
1019	extern char *optarg;	1021	extern char *optarg;
1020		1022
		1023	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
		1024	sanitise_stdfd();
		1025
1021	__progname = ssh_get_progname(av[0]);	1026	__progname = ssh_get_progname(av[0]);
1022		1027
1023	SSLeay_add_all_algorithms();	1028	SSLeay_add_all_algorithms();
@@ -1041,7 +1046,7 @@ main(int ac, char **av)
1041	"degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {	1046	"degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
1042	switch (opt) {	1047	switch (opt) {
1043	case 'b':	1048	case 'b':
1044	bits = strtonum(optarg, 512, 32768, &errstr);	1049	bits = strtonum(optarg, 768, 32768, &errstr);
1045	if (errstr)	1050	if (errstr)
1046	fatal("Bits has bad value %s (%s)",	1051	fatal("Bits has bad value %s (%s)",
1047	optarg, errstr);	1052	optarg, errstr);
@@ -1214,8 +1219,10 @@ main(int ac, char **av)
1214	out_file, strerror(errno));	1219	out_file, strerror(errno));
1215	return (1);	1220	return (1);
1216	}	1221	}
		1222	if (bits == 0)
		1223	bits = DEFAULT_BITS;
1217	if (gen_candidates(out, memory, bits, start) != 0)	1224	if (gen_candidates(out, memory, bits, start) != 0)
1218	fatal("modulus candidate generation failed\n");	1225	fatal("modulus candidate generation failed");
1219		1226
1220	return (0);	1227	return (0);
1221	}	1228	}
@@ -1238,21 +1245,24 @@ main(int ac, char **av)
1238	out_file, strerror(errno));	1245	out_file, strerror(errno));
1239	}	1246	}
1240	if (prime_test(in, out, trials, generator_wanted) != 0)	1247	if (prime_test(in, out, trials, generator_wanted) != 0)
1241	fatal("modulus screening failed\n");	1248	fatal("modulus screening failed");
1242	return (0);	1249	return (0);
1243	}	1250	}
1244		1251
1245	arc4random_stir();	1252	arc4random_stir();
1246		1253
1247	if (key_type_name == NULL) {	1254	if (key_type_name == NULL)
1248	printf("You must specify a key type (-t).\n");	1255	key_type_name = "rsa";
1249	usage();	1256
1250	}
1251	type = key_type_from_name(key_type_name);	1257	type = key_type_from_name(key_type_name);
1252	if (type == KEY_UNSPEC) {	1258	if (type == KEY_UNSPEC) {
1253	fprintf(stderr, "unknown key type %s\n", key_type_name);	1259	fprintf(stderr, "unknown key type %s\n", key_type_name);
1254	exit(1);	1260	exit(1);
1255	}	1261	}
		1262	if (bits == 0)
		1263	bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS;
		1264	if (type == KEY_DSA && bits != 1024)
		1265	fatal("DSA keys must be 1024 bits");
1256	if (!quiet)	1266	if (!quiet)
1257	printf("Generating public/private %s key pair.\n", key_type_name);	1267	printf("Generating public/private %s key pair.\n", key_type_name);
1258	private = key_generate(type, bits);	1268	private = key_generate(type, bits);
@@ -1265,7 +1275,7 @@ main(int ac, char **av)
1265	if (!have_identity)	1275	if (!have_identity)
1266	ask_filename(pw, "Enter file in which to save the key");	1276	ask_filename(pw, "Enter file in which to save the key");
1267		1277
1268	/* Create ~/.ssh directory if it doesn\'t already exist. */	1278	/* Create ~/.ssh directory if it doesn't already exist. */
1269	snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);	1279	snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);
1270	if (strstr(identity_file, dotsshdir) != NULL &&	1280	if (strstr(identity_file, dotsshdir) != NULL &&
1271	stat(dotsshdir, &st) < 0) {	1281	stat(dotsshdir, &st) < 0) {