summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormarkus <markus@openbsd.org>2001-01-16 19:20:06 +0000
committermarkus <markus@openbsd.org>2001-01-16 19:20:06 +0000
commita85896f92111a1f29b045cd5815b3c4b3ea3a1b3 (patch)
tree3651d0249755b8c6f6cf90c407f4171abc8a4dad
parentDon't include machine/elf_machdep.h, not all archs have it yet. (diff)
downloadwireguard-openbsd-a85896f92111a1f29b045cd5815b3c4b3ea3a1b3.tar.xz
wireguard-openbsd-a85896f92111a1f29b045cd5815b3c4b3ea3a1b3.zip
make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from galb@vandyke.com.
note that you have to delete older ssh2-rsa keys, since they are in the wrong format, too. they must be removed from .ssh/authorized_keys2 and .ssh/known_hosts2, etc. (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP .ssh/authorized_keys2) additionally, we now check that BN_num_bits(rsa->n) >= 768.
Diffstat
-rw-r--r--usr.bin/ssh/key.c6
-rw-r--r--usr.bin/ssh/ssh-rsa.c7
2 files changed, 9 insertions, 4 deletions
diff --git a/usr.bin/ssh/key.c b/usr.bin/ssh/key.c
index f9474b16be9..21e13b8631f 100644
--- a/usr.bin/ssh/key.c
+++ b/usr.bin/ssh/key.c
@@ -46,7 +46,7 @@
#include "buffer.h"
#include "bufaux.h"
-RCSID("$OpenBSD: key.c,v 1.13 2000/12/19 23:17:56 markus Exp $");
+RCSID("$OpenBSD: key.c,v 1.14 2001/01/16 19:20:06 markus Exp $");
Key *
key_new(int type)
@@ -555,8 +555,8 @@ key_from_blob(char *blob, int blen)
switch(type){
case KEY_RSA:
key = key_new(type);
- buffer_get_bignum2(&b, key->rsa->n);
buffer_get_bignum2(&b, key->rsa->e);
+ buffer_get_bignum2(&b, key->rsa->n);
#ifdef DEBUG_PK
RSA_print_fp(stderr, key->rsa, 8);
#endif
@@ -608,8 +608,8 @@ key_to_blob(Key *key, u_char **blobp, u_int *lenp)
break;
case KEY_RSA:
buffer_put_cstring(&b, key_ssh_name(key));
- buffer_put_bignum2(&b, key->rsa->n);
buffer_put_bignum2(&b, key->rsa->e);
+ buffer_put_bignum2(&b, key->rsa->n);
break;
default:
error("key_to_blob: illegal key type %d", key->type);
diff --git a/usr.bin/ssh/ssh-rsa.c b/usr.bin/ssh/ssh-rsa.c
index aab9168ebc7..e53af9e0a3b 100644
--- a/usr.bin/ssh/ssh-rsa.c
+++ b/usr.bin/ssh/ssh-rsa.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.3 2001/01/06 11:23:27 markus Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.4 2001/01/16 19:20:06 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -122,6 +122,11 @@ ssh_rsa_verify(
error("ssh_rsa_verify: no RSA key");
return -1;
}
+ if (BN_num_bits(key->rsa->n) < 768) {
+ error("ssh_rsa_verify: n too small: %d bits",
+ BN_num_bits(key->rsa->n));
+ return -1;
+ }
buffer_init(&b);
buffer_append(&b, (char *) signature, signaturelen);
ktype = buffer_get_string(&b, NULL);
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.