shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 12:20:42 +09:00
Code Issues Packages Projects Releases Wiki Activity

Bump minimal RSA key size to 1024

Browse Source 
Fixes: #326

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2025-11-06 10:18:28 +01:00
parent cefc4f8c97
commit ee6e2c69e1
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/libssh/pki.h
View File

@@ -46,7 +46,7 @@
#define MAX_PUBKEY_SIZE 0x100000 /* 1M */ #define MAX_PUBKEY_SIZE 0x100000 /* 1M */
#define MAX_PRIVKEY_SIZE 0x400000 /* 4M */ #define MAX_PRIVKEY_SIZE 0x400000 /* 4M */
#define RSA_MIN_KEY_SIZE 768 #define RSA_MIN_KEY_SIZE 1024
#define RSA_DEFAULT_KEY_SIZE 3072 #define RSA_DEFAULT_KEY_SIZE 3072
#define SSH_KEY_FLAG_EMPTY 0x0 #define SSH_KEY_FLAG_EMPTY 0x0

8
src/options.c
View File

@@ -593,10 +593,10 @@ int ssh_options_set_algo(ssh_session session,
* - SSH_OPTIONS_RSA_MIN_SIZE * - SSH_OPTIONS_RSA_MIN_SIZE
* Set the minimum RSA key size in bits to be accepted by the * Set the minimum RSA key size in bits to be accepted by the
* client for both authentication and hostkey verification. * client for both authentication and hostkey verification.
* The values under 768 bits are not accepted even with this * The values under 1024 bits are not accepted even with this
* configuration option as they are considered completely broken. * configuration option as they are considered completely broken.
* Setting 0 will revert the value to defaults. * Setting 0 will revert the value to defaults.
* Default is 1024 bits or 2048 bits in FIPS mode. * Default is 3072 bits or 2048 bits in FIPS mode.
* (int) * (int)
* - SSH_OPTIONS_IDENTITY_AGENT * - SSH_OPTIONS_IDENTITY_AGENT
@@ -2201,11 +2201,11 @@ static int ssh_bind_set_algo(ssh_bind sshbind,
* - SSH_BIND_OPTIONS_RSA_MIN_SIZE * - SSH_BIND_OPTIONS_RSA_MIN_SIZE
* Set the minimum RSA key size in bits to be accepted by * Set the minimum RSA key size in bits to be accepted by
* the server for both authentication and hostkey * the server for both authentication and hostkey
* operations. The values under 768 bits are not accepted * operations. The values under 1024 bits are not accepted
* even with this configuration option as they are * even with this configuration option as they are
* considered completely broken. Setting 0 will revert * considered completely broken. Setting 0 will revert
* the value to defaults. * the value to defaults.
* Default is 1024 bits or 2048 bits in FIPS mode. * Default is 3072 bits or 2048 bits in FIPS mode.
* (int) * (int)
* *
* *

2
src/pki.c
View File

@@ -451,7 +451,7 @@ bool ssh_key_size_allowed_rsa(int min_size, ssh_key key)
if (ssh_fips_mode()) { if (ssh_fips_mode()) {
min_size = 2048; min_size = 2048;
} else { } else {
min_size = 1024; min_size = RSA_MIN_KEY_SIZE;
} }
} }
return (key_size >= min_size); return (key_size >= min_size);