diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2001-01-16 19:20:07 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2001-01-16 19:20:07 +0000 |
| commit | 579bd1399734a5a0e75a849cb3a0183ffe6dd446 (patch) | |
| tree | 43f00587093c57cf791b90781deb9e47b53a3b19 /usr.bin | |
| parent | 4e0f5f585fbefc79085eb78c8f03c7db9002ff13 (diff) | |
make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from galb@vandyke.com.
note that you have to delete older ssh2-rsa keys, since they are in the
wrong format, too. they must be removed from .ssh/authorized_keys2
and .ssh/known_hosts2, etc.
(cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP .ssh/authorized_keys2)
additionally, we now check that BN_num_bits(rsa->n) >= 768.
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/key.c | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-rsa.c | 7 |
2 files changed, 9 insertions, 4 deletions
diff --git a/usr.bin/ssh/key.c b/usr.bin/ssh/key.c index f9474b16be9..21e13b8631f 100644 --- a/usr.bin/ssh/key.c +++ b/usr.bin/ssh/key.c @@ -46,7 +46,7 @@ #include "buffer.h" #include "bufaux.h" -RCSID("$OpenBSD: key.c,v 1.13 2000/12/19 23:17:56 markus Exp $"); +RCSID("$OpenBSD: key.c,v 1.14 2001/01/16 19:20:06 markus Exp $"); Key * key_new(int type) @@ -555,8 +555,8 @@ key_from_blob(char *blob, int blen) switch(type){ case KEY_RSA: key = key_new(type); - buffer_get_bignum2(&b, key->rsa->n); buffer_get_bignum2(&b, key->rsa->e); + buffer_get_bignum2(&b, key->rsa->n); #ifdef DEBUG_PK RSA_print_fp(stderr, key->rsa, 8); #endif @@ -608,8 +608,8 @@ key_to_blob(Key *key, u_char **blobp, u_int *lenp) break; case KEY_RSA: buffer_put_cstring(&b, key_ssh_name(key)); - buffer_put_bignum2(&b, key->rsa->n); buffer_put_bignum2(&b, key->rsa->e); + buffer_put_bignum2(&b, key->rsa->n); break; default: error("key_to_blob: illegal key type %d", key->type); diff --git a/usr.bin/ssh/ssh-rsa.c b/usr.bin/ssh/ssh-rsa.c index aab9168ebc7..e53af9e0a3b 100644 --- a/usr.bin/ssh/ssh-rsa.c +++ b/usr.bin/ssh/ssh-rsa.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.3 2001/01/06 11:23:27 markus Exp $"); +RCSID("$OpenBSD: ssh-rsa.c,v 1.4 2001/01/16 19:20:06 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -122,6 +122,11 @@ ssh_rsa_verify( error("ssh_rsa_verify: no RSA key"); return -1; } + if (BN_num_bits(key->rsa->n) < 768) { + error("ssh_rsa_verify: n too small: %d bits", + BN_num_bits(key->rsa->n)); + return -1; + } buffer_init(&b); buffer_append(&b, (char *) signature, signaturelen); ktype = buffer_get_string(&b, NULL); |