From a85896f92111a1f29b045cd5815b3c4b3ea3a1b3 Mon Sep 17 00:00:00 2001 From: markus Date: Tue, 16 Jan 2001 19:20:06 +0000 Subject: make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from galb@vandyke.com. note that you have to delete older ssh2-rsa keys, since they are in the wrong format, too. they must be removed from .ssh/authorized_keys2 and .ssh/known_hosts2, etc. (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP .ssh/authorized_keys2) additionally, we now check that BN_num_bits(rsa->n) >= 768. --- usr.bin/ssh/ssh-rsa.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'usr.bin/ssh/ssh-rsa.c') diff --git a/usr.bin/ssh/ssh-rsa.c b/usr.bin/ssh/ssh-rsa.c index aab9168ebc7..e53af9e0a3b 100644 --- a/usr.bin/ssh/ssh-rsa.c +++ b/usr.bin/ssh/ssh-rsa.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.3 2001/01/06 11:23:27 markus Exp $"); +RCSID("$OpenBSD: ssh-rsa.c,v 1.4 2001/01/16 19:20:06 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -122,6 +122,11 @@ ssh_rsa_verify( error("ssh_rsa_verify: no RSA key"); return -1; } + if (BN_num_bits(key->rsa->n) < 768) { + error("ssh_rsa_verify: n too small: %d bits", + BN_num_bits(key->rsa->n)); + return -1; + } buffer_init(&b); buffer_append(&b, (char *) signature, signaturelen); ktype = buffer_get_string(&b, NULL); -- cgit v1.2.3-59-g8ed1b