diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-27 17:38:43 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-27 17:38:43 +0000 |
commit | e1f9e324e975af50e44ab373e3fa3b1104ffb30f (patch) | |
tree | 6a59f751176ea21962d6cfe243b1f3894cb8e191 /auth-rsa.c | |
parent | 57686a82a5a055f53f3ae351bce21a7a93d38304 (diff) |
- markus@cvs.openbsd.org 2002/03/26 23:13:03
[auth-rsa.c]
disallow RSA keys < 768 for protocol 1, too (rhosts-rsa and rsa auth)
Diffstat (limited to 'auth-rsa.c')
-rw-r--r-- | auth-rsa.c | 9 |
1 files changed, 8 insertions, 1 deletions
@@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.53 2002/03/25 09:21:13 markus Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.54 2002/03/26 23:13:03 markus Exp $"); #include <openssl/rsa.h> #include <openssl/md5.h> @@ -78,6 +78,13 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) MD5_CTX md; int len; + /* don't allow short keys */ + if (BN_num_bits(key->rsa->n) < 768) { + error("auth_rsa_verify_response: n too small: %d bits", + BN_num_bits(key->rsa->n)); + return (0); + } + /* The response is MD5 of decrypted challenge plus session id. */ len = BN_num_bytes(challenge); if (len <= 0 || len > 32) |