Overview

File openssh-rsa512-6.6.patch of Package openssh

diff -uwr openssh-6.6p1.orig/ssh-rsa.c openssh-6.6p1/ssh-rsa.c
--- openssh-6.6p1.orig/ssh-rsa.c	2014-02-04 01:20:15.000000000 +0100
+++ openssh-6.6p1/ssh-rsa.c	2015-11-11 17:43:36.418385736 +0100
@@ -35,6 +35,7 @@
 #include "digest.h"
 
 static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *);
+int ssh_rsa_minimum_modulus_size = SSH_RSA_MINIMUM_MODULUS_SIZE;
 
 /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
 int
@@ -125,10 +126,10 @@
 		return -1;
 	}
 
-	if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
+	if (BN_num_bits(key->rsa->n) < ssh_rsa_minimum_modulus_size) {
 		error("%s: RSA modulus too small: %d < minimum %d bits",
 		    __func__, BN_num_bits(key->rsa->n),
-		    SSH_RSA_MINIMUM_MODULUS_SIZE);
+		    ssh_rsa_minimum_modulus_size);
 		return -1;
 	}
 	buffer_init(&b);
diff -uwr openssh-6.6p1.orig/ssh.1 openssh-6.6p1/ssh.1
--- openssh-6.6p1.orig/ssh.1	2013-12-18 07:46:28.000000000 +0100
+++ openssh-6.6p1/ssh.1	2015-11-11 17:44:53.185593681 +0100
@@ -667,6 +667,11 @@
 directive in
 .Xr ssh_config 5
 for more information.
+.It Fl z Ar rsa_minimum_modulus_size
+Use
+.Ar rsa_minimum_modulus_size
+as the minimum size of the RSA modulus (useful for older switches and
+other network appliances).
 .It Fl x
 Disables X11 forwarding.
 .It Fl Y
diff -uwr openssh-6.6p1.orig/ssh.c openssh-6.6p1/ssh.c
--- openssh-6.6p1.orig/ssh.c	2014-02-27 00:17:13.000000000 +0100
+++ openssh-6.6p1/ssh.c	2015-11-11 17:49:40.921871494 +0100
@@ -189,6 +189,7 @@
 /* mux.c */
 extern int muxserver_sock;
 extern u_int muxclient_command;
+extern int ssh_rsa_minimum_modulus_size;
 
 /* Prints a help message to the user.  This function never returns. */
 
@@ -204,6 +205,8 @@
 "           [-Q cipher | cipher-auth | mac | kex | key]\n"
 "           [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port]\n"
 "           [-w local_tun[:remote_tun]] [user@]hostname [command]\n"
+"           [-z ssh_rsa_minimum_modulus_size]\n"
+
 	);
 	exit(255);
 }
@@ -500,7 +503,8 @@
 	argv0 = av[0];
 
  again:
-	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
+	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvxz:"
+
 	    "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
 		switch (opt) {
 		case '1':
@@ -796,6 +800,9 @@
 		case 'F':
 			config = optarg;
 			break;
+		case 'z':
+			ssh_rsa_minimum_modulus_size = atoi(optarg);
+			break;
 		default:
 			usage();
 		}
diff -uwr openssh-6.6p1.orig/ssh.h openssh-6.6p1/ssh.h
--- openssh-6.6p1.orig/ssh.h	2010-06-26 01:50:30.000000000 +0200
+++ openssh-6.6p1/ssh.h	2015-11-11 17:50:42.900655133 +0100
@@ -93,7 +93,7 @@
 #endif
 
 /* Minimum modulus size (n) for RSA keys. */
-#define SSH_RSA_MINIMUM_MODULUS_SIZE	768
+#define SSH_RSA_MINIMUM_MODULUS_SIZE	512
 
 /* Listen backlog for sshd, ssh-agent and forwarding sockets */
 #define SSH_LISTEN_BACKLOG		128
openSUSE Build Service is sponsored by
Places