summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2002-04-02 20:43:11 +0000
committerBen Lindstrom <mouring@eviladmin.org>2002-04-02 20:43:11 +0000
commit03f3932829d5246d41c26b3d9f9482c618356430 (patch)
tree2e9fc48045d178227c9eafe9788ea543dcccccc9
parent0d0be02a2963db5b4d850bd42c6db1fd2347bb5d (diff)
- stevesk@cvs.openbsd.org 2002/03/29 19:18:33
[auth-rsa.c ssh-rsa.c ssh.h] make RSA modulus minimum #define; ok markus@
-rw-r--r--ChangeLog5
-rw-r--r--auth-rsa.c5
-rw-r--r--ssh-rsa.c5
-rw-r--r--ssh.h5
4 files changed, 14 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog
index cf13f1cf5..edfb4506e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,9 @@
16 - stevesk@cvs.openbsd.org 2002/03/29 19:16:22 16 - stevesk@cvs.openbsd.org 2002/03/29 19:16:22
17 [sshd.8] 17 [sshd.8]
18 RSA key modulus size minimum 768; ok markus@ 18 RSA key modulus size minimum 768; ok markus@
19 - stevesk@cvs.openbsd.org 2002/03/29 19:18:33
20 [auth-rsa.c ssh-rsa.c ssh.h]
21 make RSA modulus minimum #define; ok markus@
19 22
2020020401 2320020401
21 - (stevesk) [monitor.c] PAM should work again; will *not* work with 24 - (stevesk) [monitor.c] PAM should work again; will *not* work with
@@ -8123,4 +8126,4 @@
8123 - Wrote replacements for strlcpy and mkdtemp 8126 - Wrote replacements for strlcpy and mkdtemp
8124 - Released 1.0pre1 8127 - Released 1.0pre1
8125 8128
8126$Id: ChangeLog,v 1.2011 2002/04/02 20:39:29 mouring Exp $ 8129$Id: ChangeLog,v 1.2012 2002/04/02 20:43:11 mouring Exp $
diff --git a/auth-rsa.c b/auth-rsa.c
index 5b98f2cf2..493f14b11 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
14 */ 14 */
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$OpenBSD: auth-rsa.c,v 1.54 2002/03/26 23:13:03 markus Exp $"); 17RCSID("$OpenBSD: auth-rsa.c,v 1.55 2002/03/29 19:18:33 stevesk Exp $");
18 18
19#include <openssl/rsa.h> 19#include <openssl/rsa.h>
20#include <openssl/md5.h> 20#include <openssl/md5.h>
@@ -33,6 +33,7 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.54 2002/03/26 23:13:03 markus Exp $");
33#include "auth.h" 33#include "auth.h"
34#include "hostfile.h" 34#include "hostfile.h"
35#include "monitor_wrap.h" 35#include "monitor_wrap.h"
36#include "ssh.h"
36 37
37/* import */ 38/* import */
38extern ServerOptions options; 39extern ServerOptions options;
@@ -79,7 +80,7 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16])
79 int len; 80 int len;
80 81
81 /* don't allow short keys */ 82 /* don't allow short keys */
82 if (BN_num_bits(key->rsa->n) < 768) { 83 if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
83 error("auth_rsa_verify_response: n too small: %d bits", 84 error("auth_rsa_verify_response: n too small: %d bits",
84 BN_num_bits(key->rsa->n)); 85 BN_num_bits(key->rsa->n));
85 return (0); 86 return (0);
diff --git a/ssh-rsa.c b/ssh-rsa.c
index 8e79d4e1d..b2fcc3408 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: ssh-rsa.c,v 1.16 2002/02/24 19:14:59 markus Exp $"); 26RCSID("$OpenBSD: ssh-rsa.c,v 1.17 2002/03/29 19:18:33 stevesk Exp $");
27 27
28#include <openssl/evp.h> 28#include <openssl/evp.h>
29#include <openssl/err.h> 29#include <openssl/err.h>
@@ -35,6 +35,7 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.16 2002/02/24 19:14:59 markus Exp $");
35#include "key.h" 35#include "key.h"
36#include "ssh-rsa.h" 36#include "ssh-rsa.h"
37#include "compat.h" 37#include "compat.h"
38#include "ssh.h"
38 39
39/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ 40/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
40int 41int
@@ -129,7 +130,7 @@ ssh_rsa_verify(
129 error("ssh_rsa_verify: SSH_BUG_SIGBLOB not supported"); 130 error("ssh_rsa_verify: SSH_BUG_SIGBLOB not supported");
130 return -1; 131 return -1;
131 } 132 }
132 if (BN_num_bits(key->rsa->n) < 768) { 133 if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
133 error("ssh_rsa_verify: n too small: %d bits", 134 error("ssh_rsa_verify: n too small: %d bits",
134 BN_num_bits(key->rsa->n)); 135 BN_num_bits(key->rsa->n));
135 return -1; 136 return -1;
diff --git a/ssh.h b/ssh.h
index 078c9f7c7..c5b500345 100644
--- a/ssh.h
+++ b/ssh.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.h,v 1.65 2002/03/20 19:12:25 stevesk Exp $ */ 1/* $OpenBSD: ssh.h,v 1.66 2002/03/29 19:18:33 stevesk Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -106,4 +106,7 @@
106 */ 106 */
107#define SSH_PRIVSEP_USER "nobody" 107#define SSH_PRIVSEP_USER "nobody"
108 108
109/* Minimum modulus size (n) for RSA keys. */
110#define SSH_RSA_MINIMUM_MODULUS_SIZE 768
111
109#endif /* SSH_H */ 112#endif /* SSH_H */