diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2002-04-02 20:43:11 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-04-02 20:43:11 +0000 |
| commit | 03f3932829d5246d41c26b3d9f9482c618356430 (patch) | |
| tree | 2e9fc48045d178227c9eafe9788ea543dcccccc9 | |
| parent | 0d0be02a2963db5b4d850bd42c6db1fd2347bb5d (diff) | |
| download | openssh-git-03f3932829d5246d41c26b3d9f9482c618356430.tar.gz | |
- stevesk@cvs.openbsd.org 2002/03/29 19:18:33
[auth-rsa.c ssh-rsa.c ssh.h]
make RSA modulus minimum #define; ok markus@
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | auth-rsa.c | 5 | ||||
| -rw-r--r-- | ssh-rsa.c | 5 | ||||
| -rw-r--r-- | ssh.h | 5 |
4 files changed, 14 insertions, 6 deletions
@@ -16,6 +16,9 @@ - stevesk@cvs.openbsd.org 2002/03/29 19:16:22 [sshd.8] RSA key modulus size minimum 768; ok markus@ + - stevesk@cvs.openbsd.org 2002/03/29 19:18:33 + [auth-rsa.c ssh-rsa.c ssh.h] + make RSA modulus minimum #define; ok markus@ 20020401 - (stevesk) [monitor.c] PAM should work again; will *not* work with @@ -8123,4 +8126,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.2011 2002/04/02 20:39:29 mouring Exp $ +$Id: ChangeLog,v 1.2012 2002/04/02 20:43:11 mouring Exp $ @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.54 2002/03/26 23:13:03 markus Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.55 2002/03/29 19:18:33 stevesk Exp $"); #include <openssl/rsa.h> #include <openssl/md5.h> @@ -33,6 +33,7 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.54 2002/03/26 23:13:03 markus Exp $"); #include "auth.h" #include "hostfile.h" #include "monitor_wrap.h" +#include "ssh.h" /* import */ extern ServerOptions options; @@ -79,7 +80,7 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) int len; /* don't allow short keys */ - if (BN_num_bits(key->rsa->n) < 768) { + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { error("auth_rsa_verify_response: n too small: %d bits", BN_num_bits(key->rsa->n)); return (0); @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.16 2002/02/24 19:14:59 markus Exp $"); +RCSID("$OpenBSD: ssh-rsa.c,v 1.17 2002/03/29 19:18:33 stevesk Exp $"); #include <openssl/evp.h> #include <openssl/err.h> @@ -35,6 +35,7 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.16 2002/02/24 19:14:59 markus Exp $"); #include "key.h" #include "ssh-rsa.h" #include "compat.h" +#include "ssh.h" /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ int @@ -129,7 +130,7 @@ ssh_rsa_verify( error("ssh_rsa_verify: SSH_BUG_SIGBLOB not supported"); return -1; } - if (BN_num_bits(key->rsa->n) < 768) { + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { error("ssh_rsa_verify: n too small: %d bits", BN_num_bits(key->rsa->n)); return -1; @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.65 2002/03/20 19:12:25 stevesk Exp $ */ +/* $OpenBSD: ssh.h,v 1.66 2002/03/29 19:18:33 stevesk Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -106,4 +106,7 @@ */ #define SSH_PRIVSEP_USER "nobody" +/* Minimum modulus size (n) for RSA keys. */ +#define SSH_RSA_MINIMUM_MODULUS_SIZE 768 + #endif /* SSH_H */ |