Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 03f3932829d5246d41c26b3d9f9482c618356430^! / .
commit03f3932829d5246d41c26b3d9f9482c618356430[log] [tgz]
authorBen Lindstrom <mouring@eviladmin.org>Tue Apr 02 20:43:11 2002 +0000
committerBen Lindstrom <mouring@eviladmin.org>Tue Apr 02 20:43:11 2002 +0000
tree2e9fc48045d178227c9eafe9788ea543dcccccc9
parent0d0be02a2963db5b4d850bd42c6db1fd2347bb5d [diff]
   - stevesk@cvs.openbsd.org 2002/03/29 19:18:33
     [auth-rsa.c ssh-rsa.c ssh.h]
     make RSA modulus minimum #define; ok markus@

diff --git a/ChangeLog b/ChangeLog
index cf13f1c..edfb450 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -16,6 +16,9 @@
    - stevesk@cvs.openbsd.org 2002/03/29 19:16:22
      [sshd.8]
      RSA key modulus size minimum 768; ok markus@
+   - stevesk@cvs.openbsd.org 2002/03/29 19:18:33
+     [auth-rsa.c ssh-rsa.c ssh.h]
+     make RSA modulus minimum #define; ok markus@
 
 20020401
  - (stevesk) [monitor.c] PAM should work again; will *not* work with
@@ -8123,4 +8126,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.2011 2002/04/02 20:39:29 mouring Exp $
+$Id: ChangeLog,v 1.2012 2002/04/02 20:43:11 mouring Exp $

diff --git a/auth-rsa.c b/auth-rsa.c
index 5b98f2c..493f14b 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c

@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.54 2002/03/26 23:13:03 markus Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.55 2002/03/29 19:18:33 stevesk Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/md5.h>
@@ -33,6 +33,7 @@
 #include "auth.h"
 #include "hostfile.h"
 #include "monitor_wrap.h"
+#include "ssh.h"
 
 /* import */
 extern ServerOptions options;
@@ -79,7 +80,7 @@
 	int len;
 
 	/* don't allow short keys */
-	if (BN_num_bits(key->rsa->n) < 768) {
+	if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
 		error("auth_rsa_verify_response: n too small: %d bits",
 		    BN_num_bits(key->rsa->n));
 		return (0);

diff --git a/ssh-rsa.c b/ssh-rsa.c
index 8e79d4e..b2fcc34 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.16 2002/02/24 19:14:59 markus Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.17 2002/03/29 19:18:33 stevesk Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -35,6 +35,7 @@
 #include "key.h"
 #include "ssh-rsa.h"
 #include "compat.h"
+#include "ssh.h"
 
 /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
 int
@@ -129,7 +130,7 @@
 		error("ssh_rsa_verify: SSH_BUG_SIGBLOB not supported");
 		return -1;
 	}
-	if (BN_num_bits(key->rsa->n) < 768) {
+	if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
 		error("ssh_rsa_verify: n too small: %d bits",
 		    BN_num_bits(key->rsa->n));
 		return -1;

diff --git a/ssh.h b/ssh.h
index 078c9f7..c5b5003 100644
--- a/ssh.h
+++ b/ssh.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ssh.h,v 1.65 2002/03/20 19:12:25 stevesk Exp $	*/
+/*	$OpenBSD: ssh.h,v 1.66 2002/03/29 19:18:33 stevesk Exp $	*/
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -106,4 +106,7 @@
  */
 #define SSH_PRIVSEP_USER		"nobody"
 
+/* Minimum modulus size (n) for RSA keys. */
+#define SSH_RSA_MINIMUM_MODULUS_SIZE	768
+
 #endif				/* SSH_H */