diff options
| author |   markus <markus@openbsd.org> | 2001-01-16 19:20:06 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2001-01-16 19:20:06 +0000 |
| commit | a85896f92111a1f29b045cd5815b3c4b3ea3a1b3 (patch) | |
| tree | 3651d0249755b8c6f6cf90c407f4171abc8a4dad /usr.bin/ssh/ssh-rsa.c | |
| parent | Don't include machine/elf_machdep.h, not all archs have it yet. (diff) | |
| download | wireguard-openbsd-a85896f92111a1f29b045cd5815b3c4b3ea3a1b3.tar.xz wireguard-openbsd-a85896f92111a1f29b045cd5815b3c4b3ea3a1b3.zip | |
make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from galb@vandyke.com.
note that you have to delete older ssh2-rsa keys, since they are in the
wrong format, too. they must be removed from .ssh/authorized_keys2
and .ssh/known_hosts2, etc.
(cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP .ssh/authorized_keys2)
additionally, we now check that BN_num_bits(rsa->n) >= 768.
Diffstat (limited to 'usr.bin/ssh/ssh-rsa.c')
| -rw-r--r-- | usr.bin/ssh/ssh-rsa.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.bin/ssh/ssh-rsa.c b/usr.bin/ssh/ssh-rsa.c index aab9168ebc7..e53af9e0a3b 100644 --- a/usr.bin/ssh/ssh-rsa.c +++ b/usr.bin/ssh/ssh-rsa.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.3 2001/01/06 11:23:27 markus Exp $"); +RCSID("$OpenBSD: ssh-rsa.c,v 1.4 2001/01/16 19:20:06 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -122,6 +122,11 @@ ssh_rsa_verify( error("ssh_rsa_verify: no RSA key"); return -1; } + if (BN_num_bits(key->rsa->n) < 768) { + error("ssh_rsa_verify: n too small: %d bits", + BN_num_bits(key->rsa->n)); + return -1; + } buffer_init(&b); buffer_append(&b, (char *) signature, signaturelen); ktype = buffer_get_string(&b, NULL); |