tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[ssh-keygen.1 ssh-keygen.c] 

Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
     increase minumum RSA key size to 768 bits and update man page to reflect
     these.  Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
     ok djm@, grudging ok deraadt@.
This commit is contained in:
Darren Tucker 2005-11-28 16:41:46 +11:00
parent b1a8777f3a
commit 9f647335d2
3 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ChangeLog
View File

@ -1,6 +1,13 @@
20051128
- (dtucker) [regress/yes-head.sh] Work around breakage caused by some
versions of GNU head. Based on patch from zappaman at buraphalinux.org
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2005/11/28 05:16:53
[ssh-keygen.1 ssh-keygen.c]
Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
increase minumum RSA key size to 768 bits and update man page to reflect
these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
ok djm@, grudging ok deraadt@.
20051126
- (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer,
@ -3362,4 +3369,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.4009 2005/11/28 05:41:03 dtucker Exp $
$Id: ChangeLog,v 1.4010 2005/11/28 05:41:46 dtucker Exp $

6
ssh-keygen.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.71 2005/10/31 19:55:25 jmc Exp $
.\" $OpenBSD: ssh-keygen.1,v 1.72 2005/11/28 05:16:53 dtucker Exp $
.\"
.\" -*- nroff -*-
.\"
@ -190,9 +190,9 @@ command.
Show the bubblebabble digest of specified private or public key file.
.It Fl b Ar bits
Specifies the number of bits in the key to create.
Minimum is 512 bits.
For RSA keys, the minimum size is 768 bits and the default is 2048 bits.
Generally, 2048 bits is considered sufficient.
The default is 2048 bits.
DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
.It Fl C Ar comment
Provides a new comment.
.It Fl c

6
ssh-keygen.c
View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-keygen.c,v 1.133 2005/10/31 11:12:49 djm Exp $");
RCSID("$OpenBSD: ssh-keygen.c,v 1.134 2005/11/28 05:16:53 dtucker Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@ -1046,7 +1046,7 @@ main(int ac, char **av)
"degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
switch (opt) {
case 'b':
bits = strtonum(optarg, 512, 32768, &errstr);
bits = strtonum(optarg, 768, 32768, &errstr);
if (errstr)
fatal("Bits has bad value %s (%s)",
optarg, errstr);
@ -1259,6 +1259,8 @@ main(int ac, char **av)
fprintf(stderr, "unknown key type %s\n", key_type_name);
exit(1);
}
if (type == KEY_DSA && bits != 1024)
fatal("DSA keys must be 1024 bits");
if (!quiet)
printf("Generating public/private %s key pair.\n", key_type_name);
if (bits == 0)