[Bug 3050] "Bits has bad value 99999 (too large)" and "key bits exceeds maximum 16384"

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sun Aug 4 10:33:27 AEST 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=3050

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to zaomir from comment #0)
> Why are these two error messages in different formats?

They're different because they're getting caught be different checks.

> libres-MacBook:~ libre$ ssh-keygen -b 99999
> Bits has bad value 99999 (too large)

This is the general sanity check in the getopt parsing:

    bits = (u_int32_t)strtonum(optarg, 10, 32768, &errstr);
    if (errstr)
        fatal("Bits has bad value %s (%s)",
            optarg, errstr);

> libres-MacBook:~ libre$ ssh-keygen -b 32768
> key bits exceeds maximum 16384

This one is in the key-specific checks (type_bits_valid()), and these
limits are imposed by the build of OpenSSL:

   maxbits = (type == KEY_DSA) ?
       OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
   if (*bitsp > maxbits)
      fatal("key bits exceeds maximum %d", maxbits);

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list