- markus@cvs.openbsd.org 2002/03/26 23:13:03

     [auth-rsa.c]
     disallow RSA keys < 768 for protocol 1, too (rhosts-rsa and rsa auth)

2 files changed, 12 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 46b6d0f4..3bf991d6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,9 @@
    - markus@cvs.openbsd.org 2002/03/26 22:50:39
      [channels.h]
      CHANNEL_EFD_OUTPUT_ACTIVE is false for CHAN_CLOSE_RCVD, too
+   - markus@cvs.openbsd.org 2002/03/26 23:13:03
+     [auth-rsa.c]
+     disallow RSA keys < 768 for protocol 1, too (rhosts-rsa and rsa auth)
 
 20020325
  - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h"
@@ -8080,4 +8083,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1998 2002/03/27 17:36:41 mouring Exp $
+$Id: ChangeLog,v 1.1999 2002/03/27 17:38:43 mouring Exp $
diff --git a/auth-rsa.c b/auth-rsa.c
index c51400c2..5b98f2cf 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.53 2002/03/25 09:21:13 markus Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.54 2002/03/26 23:13:03 markus Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/md5.h>
@@ -78,6 +78,13 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16])
 	MD5_CTX md;
 	int len;
 
+	/* don't allow short keys */
+	if (BN_num_bits(key->rsa->n) < 768) {
+		error("auth_rsa_verify_response: n too small: %d bits",
+		    BN_num_bits(key->rsa->n));
+		return (0);
+	}
+
 	/* The response is MD5 of decrypted challenge plus session id. */
 	len = BN_num_bytes(challenge);
 	if (len <= 0 || len > 32)