The unified diff between revisions [53b34993..] and [8a7db1e2..] is displayed below. It can also be downloaded as a raw diff.

This diff has been restricted to the following files: 'dropbearkey.c'

#
#
# patch "dropbearkey.c"
#  from [eb8195c08cabcd2516d8fb5a461b4fa29e933cf0]
#    to [85b53ed835885a034bc2d898253a14c051031603]
#
============================================================
--- dropbearkey.c	eb8195c08cabcd2516d8fb5a461b4fa29e933cf0
+++ dropbearkey.c	85b53ed835885a034bc2d898253a14c051031603
@@ -75,6 +75,7 @@ static void printhelp(char * progname) {
 #endif
 					"-f filename	Use filename for the secret key\n"
 					"-s bits	Key size in bits, should be a multiple of 8 (optional)\n"
+					"           (DSS has a fixed size of 1024 bits)\n"
 					"-y		Just print the publickey and fingerprint for the\n		private key in <filename>.\n"
 #ifdef DEBUG_TRACE
 					"-v		verbose\n"
@@ -187,8 +188,11 @@ int main(int argc, char ** argv) {
 			fprintf(stderr, "Bits must be an integer\n");
 			exit(EXIT_FAILURE);
 		}
-
-		if (bits < 512 || bits > 4096 || (bits % 8 != 0)) {
+
+		if (keytype == DROPBEAR_SIGNKEY_DSS && bits != 1024) {
+			fprintf(stderr, "DSS keys have a fixed size of 1024 bits\n");
+			exit(EXIT_FAILURE);
+		} else if (bits < 512 || bits > 4096 || (bits % 8 != 0)) {
 			fprintf(stderr, "Bits must satisfy 512 <= bits <= 4096, and be a"
 					" multiple of 8\n");
 			exit(EXIT_FAILURE);