diff options
author | djm@openbsd.org <djm@openbsd.org> | 2017-05-07 23:15:59 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-05-08 09:21:22 +1000 |
commit | bd636f40911094a39c2920bf87d2ec340533c152 (patch) | |
tree | 53c4c9655827d6433a26a510f46081dfc4b72b6d /ssh-rsa.c | |
parent | 70c1218fc45757a030285051eb4d209403f54785 (diff) |
upstream commit
Refuse RSA keys <1024 bits in length. Improve reporting
for keys that do not meet this requirement. ok markus@
Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c
Diffstat (limited to 'ssh-rsa.c')
-rw-r--r-- | ssh-rsa.c | 10 |
1 files changed, 6 insertions, 4 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-rsa.c,v 1.60 2016/09/12 23:39:34 djm Exp $ */ | 1 | /* $OpenBSD: ssh-rsa.c,v 1.61 2017/05/07 23:15:59 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> | 3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> |
4 | * | 4 | * |
@@ -99,9 +99,10 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |||
99 | else | 99 | else |
100 | hash_alg = rsa_hash_alg_from_ident(alg_ident); | 100 | hash_alg = rsa_hash_alg_from_ident(alg_ident); |
101 | if (key == NULL || key->rsa == NULL || hash_alg == -1 || | 101 | if (key == NULL || key->rsa == NULL || hash_alg == -1 || |
102 | sshkey_type_plain(key->type) != KEY_RSA || | 102 | sshkey_type_plain(key->type) != KEY_RSA) |
103 | BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) | ||
104 | return SSH_ERR_INVALID_ARGUMENT; | 103 | return SSH_ERR_INVALID_ARGUMENT; |
104 | if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) | ||
105 | return SSH_ERR_KEY_LENGTH; | ||
105 | slen = RSA_size(key->rsa); | 106 | slen = RSA_size(key->rsa); |
106 | if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) | 107 | if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) |
107 | return SSH_ERR_INVALID_ARGUMENT; | 108 | return SSH_ERR_INVALID_ARGUMENT; |
@@ -172,9 +173,10 @@ ssh_rsa_verify(const struct sshkey *key, | |||
172 | 173 | ||
173 | if (key == NULL || key->rsa == NULL || | 174 | if (key == NULL || key->rsa == NULL || |
174 | sshkey_type_plain(key->type) != KEY_RSA || | 175 | sshkey_type_plain(key->type) != KEY_RSA || |
175 | BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE || | ||
176 | sig == NULL || siglen == 0) | 176 | sig == NULL || siglen == 0) |
177 | return SSH_ERR_INVALID_ARGUMENT; | 177 | return SSH_ERR_INVALID_ARGUMENT; |
178 | if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) | ||
179 | return SSH_ERR_KEY_LENGTH; | ||
178 | 180 | ||
179 | if ((b = sshbuf_from(sig, siglen)) == NULL) | 181 | if ((b = sshbuf_from(sig, siglen)) == NULL) |
180 | return SSH_ERR_ALLOC_FAIL; | 182 | return SSH_ERR_ALLOC_FAIL; |