Overview

File openssh-rsa512-7.2.patch of Package openssh

diff -urw openssh-7.2p2.orig/auth-rsa.c openssh-7.2p2/auth-rsa.c
--- openssh-7.2p2.orig/auth-rsa.c	2017-01-06 10:42:46.000000000 +0100
+++ openssh-7.2p2/auth-rsa.c	2017-01-06 10:58:23.310563095 +0100
@@ -53,6 +53,8 @@
 
 #include "fips.h"
 
+extern int ssh_rsa_minimum_modulus_size = SSH_RSA_MINIMUM_MODULUS_SIZE;
+
 /* import */
 extern ServerOptions options;
 
@@ -107,10 +109,10 @@
 #endif
 
 	/* don't allow short keys */
-	if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
+	if (BN_num_bits(key->rsa->n) < ssh_rsa_minimum_modulus_size) {
 		error("%s: RSA modulus too small: %d < minimum %d bits",
 		    __func__,
-		    BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
+		    BN_num_bits(key->rsa->n), ssh_rsa_minimum_modulus_size);
 		return (0);
 	}
 
diff -urw openssh-7.2p2.orig/ssh.1 openssh-7.2p2/ssh.1
--- openssh-7.2p2.orig/ssh.1	2017-01-06 10:42:46.000000000 +0100
+++ openssh-7.2p2/ssh.1	2017-01-06 10:47:00.098435549 +0100
@@ -174,6 +174,11 @@
 keyword in
 .Xr ssh_config 5
 for more information.
+.It Fl z Ar rsa_minimum_modulus_size
+Use
+.Ar rsa_minimum_modulus_size
+as the minimum size of the RSA modulus (useful for older switches and
+other network appliances).
 .Pp
 .It Fl D Xo
 .Sm off
diff -urw openssh-7.2p2.orig/ssh.c openssh-7.2p2/ssh.c
--- openssh-7.2p2.orig/ssh.c	2017-01-06 10:42:46.000000000 +0100
+++ openssh-7.2p2/ssh.c	2017-01-06 10:58:09.938482846 +0100
@@ -195,6 +195,7 @@
 /* mux.c */
 extern int muxserver_sock;
 extern u_int muxclient_command;
+int ssh_rsa_minimum_modulus_size;
 
 /* Prints a help message to the user.  This function never returns. */
 
@@ -208,6 +209,7 @@
 "           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
 "           [-Q query_option] [-R address] [-S ctl_path] [-W host:port]\n"
 "           [-w local_tun[:remote_tun]] [user@]hostname [command]\n"
+"           [-z ssh_rsa_minimum_modulus_size]\n"
 	);
 	exit(255);
 }
@@ -608,7 +610,7 @@
 
  again:
 	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
-	    "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
+	    "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYyz:")) != -1) {
 		switch (opt) {
 		case '1':
 			if (fips_mode())
@@ -924,6 +926,9 @@
 		case 'F':
 			config = optarg;
 			break;
+		case 'z':
+			ssh_rsa_minimum_modulus_size = atoi(optarg);
+			break;
 		default:
 			usage();
 		}
diff -urw openssh-7.2p2.orig/ssh.h openssh-7.2p2/ssh.h
--- openssh-7.2p2.orig/ssh.h	2016-03-09 19:04:48.000000000 +0100
+++ openssh-7.2p2/ssh.h	2017-01-06 10:48:58.831157658 +0100
@@ -99,7 +99,7 @@
 #endif
 
 /* Minimum modulus size (n) for RSA keys. */
-#define SSH_RSA_MINIMUM_MODULUS_SIZE	768
+#define SSH_RSA_MINIMUM_MODULUS_SIZE	512
 
 /* Listen backlog for sshd, ssh-agent and forwarding sockets */
 #define SSH_LISTEN_BACKLOG		128
diff -urw openssh-7.2p2.orig/sshkey.h openssh-7.2p2/sshkey.h
--- openssh-7.2p2.orig/sshkey.h	2017-01-06 10:42:46.000000000 +0100
+++ openssh-7.2p2/sshkey.h	2017-01-06 14:19:57.970659136 +0100
@@ -46,7 +46,7 @@
 # define EC_POINT	void
 #endif /* WITH_OPENSSL */
 
-#define SSH_RSA_MINIMUM_MODULUS_SIZE	768
+#define SSH_RSA_MINIMUM_MODULUS_SIZE	512
 #define SSH_KEY_MAX_SIGN_DATA_SIZE	(1 << 20)
 
 struct sshbuf;
openSUSE Build Service is sponsored by
Places