Skip to content

Commit

Permalink
agessh: reject small ssh-rsa keys
Browse files Browse the repository at this point in the history 
Fixes #266
  • Loading branch information
@FiloSottile
FiloSottile committed Sep 7, 2021
1 parent b59a9ec commit 6f86a7f
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
3 changes: 3 additions & 0 deletions agessh/agessh.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,9 @@ func NewRSARecipient(pk ssh.PublicKey) (*RSARecipient, error) {
} else {
return nil, errors.New("pk does not implement ssh.CryptoPublicKey")
}
if r.pubKey.Size() < 2048/8 {
return nil, errors.New("RSA key size is too small")
}
return r, nil
}

Expand Down
2 changes: 1 addition & 1 deletion agessh/agessh_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ import (
)

func TestSSHRSARoundTrip(t *testing.T) {
pk, err := rsa.GenerateKey(rand.Reader, 768)
pk, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
t.Fatal(err)
}
Expand Down

0 comments on commit 6f86a7f

Please sign in to comment.