version 1.121, 2022/05/05 01:04:14 |
version 1.122, 2022/09/17 10:30:45 |
|
|
return ret; |
return ret; |
} |
} |
|
|
#ifdef WITH_OPENSSL |
int |
static int |
sshkey_check_rsa_length(const struct sshkey *k, int min_size) |
check_rsa_length(const RSA *rsa) |
|
{ |
{ |
|
#ifdef WITH_OPENSSL |
const BIGNUM *rsa_n; |
const BIGNUM *rsa_n; |
|
int nbits; |
|
|
RSA_get0_key(rsa, &rsa_n, NULL, NULL); |
if (k == NULL || k->rsa == NULL || |
if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE) |
(k->type != KEY_RSA && k->type != KEY_RSA_CERT)) |
|
return 0; |
|
RSA_get0_key(k->rsa, &rsa_n, NULL, NULL); |
|
nbits = BN_num_bits(rsa_n); |
|
if (nbits < SSH_RSA_MINIMUM_MODULUS_SIZE || |
|
(min_size > 0 && nbits < min_size)) |
return SSH_ERR_KEY_LENGTH; |
return SSH_ERR_KEY_LENGTH; |
|
#endif /* WITH_OPENSSL */ |
return 0; |
return 0; |
} |
} |
#endif /* WITH_OPENSSL */ |
|
|
|
static int |
static int |
sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, |
sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, |
|
|
goto out; |
goto out; |
} |
} |
rsa_n = rsa_e = NULL; /* transferred */ |
rsa_n = rsa_e = NULL; /* transferred */ |
if ((ret = check_rsa_length(key->rsa)) != 0) |
if ((ret = sshkey_check_rsa_length(key, 0)) != 0) |
goto out; |
goto out; |
#ifdef DEBUG_PK |
#ifdef DEBUG_PK |
RSA_print_fp(stderr, key->rsa, 8); |
RSA_print_fp(stderr, key->rsa, 8); |
|
|
goto out; |
goto out; |
} |
} |
rsa_p = rsa_q = NULL; /* transferred */ |
rsa_p = rsa_q = NULL; /* transferred */ |
if ((r = check_rsa_length(k->rsa)) != 0) |
if ((r = sshkey_check_rsa_length(k, 0)) != 0) |
goto out; |
goto out; |
if ((r = ssh_rsa_complete_crt_parameters(k, rsa_iqmp)) != 0) |
if ((r = ssh_rsa_complete_crt_parameters(k, rsa_iqmp)) != 0) |
goto out; |
goto out; |
|
|
r = SSH_ERR_LIBCRYPTO_ERROR; |
r = SSH_ERR_LIBCRYPTO_ERROR; |
goto out; |
goto out; |
} |
} |
if ((r = check_rsa_length(prv->rsa)) != 0) |
if ((r = sshkey_check_rsa_length(prv, 0)) != 0) |
goto out; |
goto out; |
} else if (EVP_PKEY_base_id(pk) == EVP_PKEY_DSA && |
} else if (EVP_PKEY_base_id(pk) == EVP_PKEY_DSA && |
(type == KEY_UNSPEC || type == KEY_DSA)) { |
(type == KEY_UNSPEC || type == KEY_DSA)) { |