diff options
author | djm@openbsd.org <djm@openbsd.org> | 2022-10-28 02:47:04 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2022-10-28 13:49:01 +1100 |
commit | 25c8a2bbcc10c493d27faea57c42a6bf13fa51f2 (patch) | |
tree | 1a320800f1c1d12bde24fecf5f431e5e106700e6 /sshkey.c | |
parent | 1192588546c29ceec10775125f396555ea71850f (diff) | |
download | openssh-git-25c8a2bbcc10c493d27faea57c42a6bf13fa51f2.tar.gz |
upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak
OPENSSL=no builds
OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e
Diffstat (limited to 'sshkey.c')
-rw-r--r-- | sshkey.c | 21 |
1 files changed, 20 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.133 2022/10/28 00:44:44 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.134 2022/10/28 02:47:04 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -1319,6 +1319,25 @@ sshkey_cert_type(const struct sshkey *k) } } +int +sshkey_check_rsa_length(const struct sshkey *k, int min_size) +{ +#ifdef WITH_OPENSSL + const BIGNUM *rsa_n; + int nbits; + + if (k == NULL || k->rsa == NULL || + (k->type != KEY_RSA && k->type != KEY_RSA_CERT)) + return 0; + RSA_get0_key(k->rsa, &rsa_n, NULL, NULL); + nbits = BN_num_bits(rsa_n); + if (nbits < SSH_RSA_MINIMUM_MODULUS_SIZE || + (min_size > 0 && nbits < min_size)) + return SSH_ERR_KEY_LENGTH; +#endif /* WITH_OPENSSL */ + return 0; +} + #ifdef WITH_OPENSSL # ifdef OPENSSL_HAS_ECC int |