Bug 1516

Summary:

ssh-keygen should warn about keys larger than OPENSSL_RSA_MAX_MODULUS_BITS

Product:

Portable OpenSSH

Reporter:

Tomas Mraz <t8m>

Component:

ssh-keygen

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

CLOSED FIXED

Severity:

minor

CC:

djm

Priority:

Version:

5.1p1

Hardware:

All

OS:

All

URL:

http://www.hermann-uwe.de/blog/creating-32768-bit-rsa-keys-for-fun-and-profit

Bug Depends on:

Bug Blocks:

1708

Attachments:

Description	Flags
keygen-max-bits.diff	dtucker: ok+

Description Tomas Mraz 2008-08-29 16:58:11 AEST

When ssh-keygen generates key which is larger than OPENSSL_RSA_MAX_MODULUS_BITS (as defined in the current OpenSSL releases) it should warn the user that the key will probably not be usable. The current OpenSSL releases check if the key is larger and the signature verification functions will fail for such keys to prevent CVE-2006-2940.

Comment 1 Damien Miller 2010-04-23 11:43:18 AEST

Created attachment 1843 [details]
keygen-max-bits.diff

limit maximum key size

Comment 2 Damien Miller 2010-04-24 08:49:01 AEST

Patch applied. Will be in OpenSSH 5.6 - thanks.

Comment 3 Damien Miller 2011-01-24 12:34:02 AEDT

Move resolved bugs to CLOSED after 5.7 release