From 57477cb7caa7d48b93ab4c3bf3e4db5468dcb3ed Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Sat, 2 Apr 2016 08:00:37 +0100
Subject: [PATCH] Warn about short RSA/DSA keys in PuTTYgen.

It's only a warning; Windows PuTTYgen puts it up as a message box, and
will still generate the key if you click yes, and Unix PuTTYgen just
prints the warning and gets on with generation anyway. But it might
help encourage people to move away from 1024-bit keys, if they're
still using them.
---
 cmdgen.c          |  9 ++++++++-
 windows/winpgen.c | 14 +++++++++++++-
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/cmdgen.c b/cmdgen.c
index 94ce49ea..265e5adc 100644
--- a/cmdgen.c
+++ b/cmdgen.c
@@ -223,6 +223,8 @@ static char *readpassphrase(const char *filename)
     return line;
 }
 
+#define DEFAULT_RSADSA_BITS 2048
+
 int main(int argc, char **argv)
 {
     char *infile = NULL;
@@ -500,7 +502,7 @@ int main(int argc, char **argv)
             bits = 256;
             break;
           default:
-            bits = 2048;
+            bits = DEFAULT_RSADSA_BITS;
             break;
         }
     }
@@ -520,6 +522,11 @@ int main(int argc, char **argv)
             fprintf(stderr, "puttygen: cannot generate %s keys shorter than"
                     " 256 bits\n", (keytype == DSA ? "DSA" : "RSA"));
             errs = TRUE;
+        } else if (bits < DEFAULT_RSADSA_BITS) {
+            fprintf(stderr, "puttygen: warning: %s keys shorter than"
+                    " %d bits are probably not secure\n",
+                    (keytype == DSA ? "DSA" : "RSA"), DEFAULT_RSADSA_BITS);
+            /* but this is just a warning, so proceed anyway */
         }
     }
 
diff --git a/windows/winpgen.c b/windows/winpgen.c
index c4f3d57f..277c0914 100644
--- a/windows/winpgen.c
+++ b/windows/winpgen.c
@@ -1115,6 +1115,7 @@ static INT_PTR CALLBACK MainDlgProc(HWND hwnd, UINT msg,
                 } else if (IsDlgButtonChecked(hwnd, IDC_KEYSSH2ED25519)) {
                     state->keytype = ED25519;
                 }
+
 		if ((state->keytype == RSA || state->keytype == DSA) &&
                     state->key_bits < 256) {
                     char *message = dupprintf
@@ -1128,7 +1129,18 @@ static INT_PTR CALLBACK MainDlgProc(HWND hwnd, UINT msg,
 			break;
 		    state->key_bits = DEFAULT_KEY_BITS;
 		    SetDlgItemInt(hwnd, IDC_BITS, DEFAULT_KEY_BITS, FALSE);
-		}
+		} else if ((state->keytype == RSA || state->keytype == DSA) &&
+                           state->key_bits < DEFAULT_KEY_BITS) {
+                    char *message = dupprintf
+                        ("Keys shorter than %d bits are not recommended. "
+                         "Really generate this key?", DEFAULT_KEY_BITS);
+		    int ret = MessageBox(hwnd, message, "PuTTYgen Warning",
+					 MB_ICONWARNING | MB_OKCANCEL);
+                    sfree(message);
+		    if (ret != IDOK)
+			break;
+                }
+
 		ui_set_state(hwnd, state, 1);
 		SetDlgItemText(hwnd, IDC_GENERATING, entropy_msg);
 		state->key_exists = FALSE;
-- 
2.45.2