mirror of git://anongit.mindrot.org/openssh.git
[ssh-keygen.1 ssh-keygen.c]
Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2, increase minumum RSA key size to 768 bits and update man page to reflect these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com), ok djm@, grudging ok deraadt@.
This commit is contained in:
parent
b1a8777f3a
commit
9f647335d2
|
@ -1,6 +1,13 @@
|
|||
20051128
|
||||
- (dtucker) [regress/yes-head.sh] Work around breakage caused by some
|
||||
versions of GNU head. Based on patch from zappaman at buraphalinux.org
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
- dtucker@cvs.openbsd.org 2005/11/28 05:16:53
|
||||
[ssh-keygen.1 ssh-keygen.c]
|
||||
Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
|
||||
increase minumum RSA key size to 768 bits and update man page to reflect
|
||||
these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
|
||||
ok djm@, grudging ok deraadt@.
|
||||
|
||||
20051126
|
||||
- (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer,
|
||||
|
@ -3362,4 +3369,4 @@
|
|||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.4009 2005/11/28 05:41:03 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.4010 2005/11/28 05:41:46 dtucker Exp $
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.\" $OpenBSD: ssh-keygen.1,v 1.71 2005/10/31 19:55:25 jmc Exp $
|
||||
.\" $OpenBSD: ssh-keygen.1,v 1.72 2005/11/28 05:16:53 dtucker Exp $
|
||||
.\"
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
|
@ -190,9 +190,9 @@ command.
|
|||
Show the bubblebabble digest of specified private or public key file.
|
||||
.It Fl b Ar bits
|
||||
Specifies the number of bits in the key to create.
|
||||
Minimum is 512 bits.
|
||||
For RSA keys, the minimum size is 768 bits and the default is 2048 bits.
|
||||
Generally, 2048 bits is considered sufficient.
|
||||
The default is 2048 bits.
|
||||
DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
|
||||
.It Fl C Ar comment
|
||||
Provides a new comment.
|
||||
.It Fl c
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.133 2005/10/31 11:12:49 djm Exp $");
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.134 2005/11/28 05:16:53 dtucker Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
|
@ -1046,7 +1046,7 @@ main(int ac, char **av)
|
|||
"degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
|
||||
switch (opt) {
|
||||
case 'b':
|
||||
bits = strtonum(optarg, 512, 32768, &errstr);
|
||||
bits = strtonum(optarg, 768, 32768, &errstr);
|
||||
if (errstr)
|
||||
fatal("Bits has bad value %s (%s)",
|
||||
optarg, errstr);
|
||||
|
@ -1259,6 +1259,8 @@ main(int ac, char **av)
|
|||
fprintf(stderr, "unknown key type %s\n", key_type_name);
|
||||
exit(1);
|
||||
}
|
||||
if (type == KEY_DSA && bits != 1024)
|
||||
fatal("DSA keys must be 1024 bits");
|
||||
if (!quiet)
|
||||
printf("Generating public/private %s key pair.\n", key_type_name);
|
||||
if (bits == 0)
|
||||
|
|
Loading…
Reference in New Issue