diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-27 17:38:43 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-27 17:38:43 +0000 |
| commit | e1f9e324e975af50e44ab373e3fa3b1104ffb30f (patch) | |
| tree | 6a59f751176ea21962d6cfe243b1f3894cb8e191 /auth-rsa.c | |
| parent | 57686a82a5a055f53f3ae351bce21a7a93d38304 (diff) | |
- markus@cvs.openbsd.org 2002/03/26 23:13:03
[auth-rsa.c]
disallow RSA keys < 768 for protocol 1, too (rhosts-rsa and rsa auth)
Diffstat (limited to 'auth-rsa.c')
| -rw-r--r-- | auth-rsa.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/auth-rsa.c b/auth-rsa.c index c51400c2a..5b98f2cf2 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
| @@ -14,7 +14,7 @@ | |||
| 14 | */ | 14 | */ |
| 15 | 15 | ||
| 16 | #include "includes.h" | 16 | #include "includes.h" |
| 17 | RCSID("$OpenBSD: auth-rsa.c,v 1.53 2002/03/25 09:21:13 markus Exp $"); | 17 | RCSID("$OpenBSD: auth-rsa.c,v 1.54 2002/03/26 23:13:03 markus Exp $"); |
| 18 | 18 | ||
| 19 | #include <openssl/rsa.h> | 19 | #include <openssl/rsa.h> |
| 20 | #include <openssl/md5.h> | 20 | #include <openssl/md5.h> |
| @@ -78,6 +78,13 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) | |||
| 78 | MD5_CTX md; | 78 | MD5_CTX md; |
| 79 | int len; | 79 | int len; |
| 80 | 80 | ||
| 81 | /* don't allow short keys */ | ||
| 82 | if (BN_num_bits(key->rsa->n) < 768) { | ||
| 83 | error("auth_rsa_verify_response: n too small: %d bits", | ||
| 84 | BN_num_bits(key->rsa->n)); | ||
| 85 | return (0); | ||
| 86 | } | ||
| 87 | |||
| 81 | /* The response is MD5 of decrypted challenge plus session id. */ | 88 | /* The response is MD5 of decrypted challenge plus session id. */ |
| 82 | len = BN_num_bytes(challenge); | 89 | len = BN_num_bytes(challenge); |
| 83 | if (len <= 0 || len > 32) | 90 | if (len <= 0 || len > 32) |