- stevesk@cvs.openbsd.org 2002/03/29 19:16:22
[sshd.8]
RSA key modulus size minimum 768; ok markus@
+ - stevesk@cvs.openbsd.org 2002/03/29 19:18:33
+ [auth-rsa.c ssh-rsa.c ssh.h]
+ make RSA modulus minimum #define; ok markus@
20020401
- (stevesk) [monitor.c] PAM should work again; will *not* work with
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.54 2002/03/26 23:13:03 markus Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.55 2002/03/29 19:18:33 stevesk Exp $");
#include <openssl/rsa.h>
#include <openssl/md5.h>
#include "auth.h"
#include "hostfile.h"
#include "monitor_wrap.h"
+#include "ssh.h"
/* import */
extern ServerOptions options;
int len;
/* don't allow short keys */
- if (BN_num_bits(key->rsa->n) < 768) {
+ if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
error("auth_rsa_verify_response: n too small: %d bits",
BN_num_bits(key->rsa->n));
return (0);
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.16 2002/02/24 19:14:59 markus Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.17 2002/03/29 19:18:33 stevesk Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
#include "key.h"
#include "ssh-rsa.h"
#include "compat.h"
+#include "ssh.h"
/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
int
error("ssh_rsa_verify: SSH_BUG_SIGBLOB not supported");
return -1;
}
- if (BN_num_bits(key->rsa->n) < 768) {
+ if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
error("ssh_rsa_verify: n too small: %d bits",
BN_num_bits(key->rsa->n));
return -1;
-/* $OpenBSD: ssh.h,v 1.65 2002/03/20 19:12:25 stevesk Exp $ */
+/* $OpenBSD: ssh.h,v 1.66 2002/03/29 19:18:33 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
*/
#define SSH_PRIVSEP_USER "nobody"
+/* Minimum modulus size (n) for RSA keys. */
+#define SSH_RSA_MINIMUM_MODULUS_SIZE 768
+
#endif /* SSH_H */
andersk / openssh.git / commitdiff
