diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2017-05-07 23:15:59 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-05-08 09:21:22 +1000 |
| commit | bd636f40911094a39c2920bf87d2ec340533c152 (patch) | |
| tree | 53c4c9655827d6433a26a510f46081dfc4b72b6d /sshkey.c | |
| parent | 70c1218fc45757a030285051eb4d209403f54785 (diff) | |
upstream commit
Refuse RSA keys <1024 bits in length. Improve reporting
for keys that do not meet this requirement. ok markus@
Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c
Diffstat (limited to 'sshkey.c')
| -rw-r--r-- | sshkey.c | 29 |
1 files changed, 24 insertions, 5 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshkey.c,v 1.48 2017/04/30 23:18:44 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.c,v 1.49 2017/05/07 23:15:59 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. | 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. |
| @@ -1392,10 +1392,11 @@ rsa_generate_private_key(u_int bits, RSA **rsap) | |||
| 1392 | BIGNUM *f4 = NULL; | 1392 | BIGNUM *f4 = NULL; |
| 1393 | int ret = SSH_ERR_INTERNAL_ERROR; | 1393 | int ret = SSH_ERR_INTERNAL_ERROR; |
| 1394 | 1394 | ||
| 1395 | if (rsap == NULL || | 1395 | if (rsap == NULL) |
| 1396 | bits < SSH_RSA_MINIMUM_MODULUS_SIZE || | ||
| 1397 | bits > SSHBUF_MAX_BIGNUM * 8) | ||
| 1398 | return SSH_ERR_INVALID_ARGUMENT; | 1396 | return SSH_ERR_INVALID_ARGUMENT; |
| 1397 | if (bits < SSH_RSA_MINIMUM_MODULUS_SIZE || | ||
| 1398 | bits > SSHBUF_MAX_BIGNUM * 8) | ||
| 1399 | return SSH_ERR_KEY_LENGTH; | ||
| 1399 | *rsap = NULL; | 1400 | *rsap = NULL; |
| 1400 | if ((private = RSA_new()) == NULL || (f4 = BN_new()) == NULL) { | 1401 | if ((private = RSA_new()) == NULL || (f4 = BN_new()) == NULL) { |
| 1401 | ret = SSH_ERR_ALLOC_FAIL; | 1402 | ret = SSH_ERR_ALLOC_FAIL; |
| @@ -1423,8 +1424,10 @@ dsa_generate_private_key(u_int bits, DSA **dsap) | |||
| 1423 | DSA *private; | 1424 | DSA *private; |
| 1424 | int ret = SSH_ERR_INTERNAL_ERROR; | 1425 | int ret = SSH_ERR_INTERNAL_ERROR; |
| 1425 | 1426 | ||
| 1426 | if (dsap == NULL || bits != 1024) | 1427 | if (dsap == NULL) |
| 1427 | return SSH_ERR_INVALID_ARGUMENT; | 1428 | return SSH_ERR_INVALID_ARGUMENT; |
| 1429 | if (bits != 1024) | ||
| 1430 | return SSH_ERR_KEY_LENGTH; | ||
| 1428 | if ((private = DSA_new()) == NULL) { | 1431 | if ((private = DSA_new()) == NULL) { |
| 1429 | ret = SSH_ERR_ALLOC_FAIL; | 1432 | ret = SSH_ERR_ALLOC_FAIL; |
| 1430 | goto out; | 1433 | goto out; |
| @@ -1876,6 +1879,10 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, | |||
| 1876 | ret = SSH_ERR_INVALID_FORMAT; | 1879 | ret = SSH_ERR_INVALID_FORMAT; |
| 1877 | goto out; | 1880 | goto out; |
| 1878 | } | 1881 | } |
| 1882 | if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { | ||
| 1883 | ret = SSH_ERR_KEY_LENGTH; | ||
| 1884 | goto out; | ||
| 1885 | } | ||
| 1879 | #ifdef DEBUG_PK | 1886 | #ifdef DEBUG_PK |
| 1880 | RSA_print_fp(stderr, key->rsa, 8); | 1887 | RSA_print_fp(stderr, key->rsa, 8); |
| 1881 | #endif | 1888 | #endif |
| @@ -2643,6 +2650,10 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |||
| 2643 | (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || | 2650 | (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || |
| 2644 | (r = rsa_generate_additional_parameters(k->rsa)) != 0) | 2651 | (r = rsa_generate_additional_parameters(k->rsa)) != 0) |
| 2645 | goto out; | 2652 | goto out; |
| 2653 | if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { | ||
| 2654 | r = SSH_ERR_KEY_LENGTH; | ||
| 2655 | goto out; | ||
| 2656 | } | ||
| 2646 | break; | 2657 | break; |
| 2647 | case KEY_RSA_CERT: | 2658 | case KEY_RSA_CERT: |
| 2648 | if ((r = sshkey_froms(buf, &k)) != 0 || | 2659 | if ((r = sshkey_froms(buf, &k)) != 0 || |
| @@ -2653,6 +2664,10 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |||
| 2653 | (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || | 2664 | (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || |
| 2654 | (r = rsa_generate_additional_parameters(k->rsa)) != 0) | 2665 | (r = rsa_generate_additional_parameters(k->rsa)) != 0) |
| 2655 | goto out; | 2666 | goto out; |
| 2667 | if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { | ||
| 2668 | r = SSH_ERR_KEY_LENGTH; | ||
| 2669 | goto out; | ||
| 2670 | } | ||
| 2656 | break; | 2671 | break; |
| 2657 | #endif /* WITH_OPENSSL */ | 2672 | #endif /* WITH_OPENSSL */ |
| 2658 | case KEY_ED25519: | 2673 | case KEY_ED25519: |
| @@ -3427,6 +3442,10 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, | |||
| 3427 | r = SSH_ERR_LIBCRYPTO_ERROR; | 3442 | r = SSH_ERR_LIBCRYPTO_ERROR; |
| 3428 | goto out; | 3443 | goto out; |
| 3429 | } | 3444 | } |
| 3445 | if (BN_num_bits(prv->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { | ||
| 3446 | r = SSH_ERR_KEY_LENGTH; | ||
| 3447 | goto out; | ||
| 3448 | } | ||
| 3430 | } else if (pk->type == EVP_PKEY_DSA && | 3449 | } else if (pk->type == EVP_PKEY_DSA && |
| 3431 | (type == KEY_UNSPEC || type == KEY_DSA)) { | 3450 | (type == KEY_UNSPEC || type == KEY_DSA)) { |
| 3432 | if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { | 3451 | if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { |