lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-06 13:20:57 +03:00
Code Activity

pki: Use constant for minimal RSA key size in FIPS

Browse Source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2025-11-06 16:24:16 +01:00
parent ae33ced0dc
commit 63fbf00efe
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
include/libssh/pki.h
View File

@@ -46,8 +46,9 @@
#define MAX_PUBKEY_SIZE 0x100000 /* 1M */ #define MAX_PUBKEY_SIZE 0x100000 /* 1M */
#define MAX_PRIVKEY_SIZE 0x400000 /* 4M */ #define MAX_PRIVKEY_SIZE 0x400000 /* 4M */
#define RSA_MIN_KEY_SIZE 1024 #define RSA_MIN_KEY_SIZE 1024
#define RSA_DEFAULT_KEY_SIZE 3072 #define RSA_MIN_FIPS_KEY_SIZE 2048
#define RSA_DEFAULT_KEY_SIZE 3072
#define SSH_KEY_FLAG_EMPTY 0x0 #define SSH_KEY_FLAG_EMPTY 0x0
#define SSH_KEY_FLAG_PUBLIC 0x0001 #define SSH_KEY_FLAG_PUBLIC 0x0001

2
src/pki.c
View File

@@ -449,7 +449,7 @@ bool ssh_key_size_allowed_rsa(int min_size, ssh_key key)
if (min_size < RSA_MIN_KEY_SIZE) { if (min_size < RSA_MIN_KEY_SIZE) {
if (ssh_fips_mode()) { if (ssh_fips_mode()) {
min_size = 2048; min_size = RSA_MIN_FIPS_KEY_SIZE;
} else { } else {
min_size = RSA_MIN_KEY_SIZE; min_size = RSA_MIN_KEY_SIZE;
} }