1516 – ssh-keygen should warn about keys larger than OPENSSL_RSA_MAX_MODULUS_BITS

Bug 1516 - ssh-keygen should warn about keys larger than OPENSSL_RSA_MAX_MODULUS_BITS

Summary: ssh-keygen should warn about keys larger than OPENSSL_RSA_MAX_MODULUS_BITS

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh-keygen (show other bugs)
Version:	5.1p1
Hardware:	All All

Importance:	P2 minor
Assignee:	Assigned to nobody

URL:	http://www.hermann-uwe.de/blog/creati...
Keywords:

Depends on:
Blocks:	V_5_6
	Show dependency tree / graph

Reported:	2008-08-29 16:58 AEST by Tomas Mraz
Modified:	2011-01-24 12:34 AEDT (History)
CC List:	1 user (show)

See Also:

Attachments
keygen-max-bits.diff (981 bytes, patch) 2010-04-23 11:43 AEST, Damien Miller	dtucker: ok+	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tomas Mraz 2008-08-29 16:58:11 AEST

When ssh-keygen generates key which is larger than OPENSSL_RSA_MAX_MODULUS_BITS (as defined in the current OpenSSL releases) it should warn the user that the key will probably not be usable. The current OpenSSL releases check if the key is larger and the signature verification functions will fail for such keys to prevent CVE-2006-2940.

Comment 1 Damien Miller 2010-04-23 11:43:18 AEST

Created attachment 1843 [details]
keygen-max-bits.diff

limit maximum key size

Comment 2 Damien Miller 2010-04-24 08:49:01 AEST

Patch applied. Will be in OpenSSH 5.6 - thanks.

Comment 3 Damien Miller 2011-01-24 12:34:02 AEDT

Move resolved bugs to CLOSED after 5.7 release