- (bal) Minor Makefile.in tweak. dirname may not exist on some

[openssh.git] / ssh-rsa.c

diff --git a/ssh-rsa.c b/ssh-rsa.c
index 0f44051bcead73780f89898dcb86316b27d2d6ef..2dc34106667a4f8a709d9c1cb9aa53b37397f8d6 100644 (file)
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -23,23 +23,17 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.2 2000/12/19 23:17:58 markus Exp $");
-
-#include "ssh.h"
-#include "xmalloc.h"
-#include "buffer.h"
-#include "bufaux.h"
+RCSID("$OpenBSD: ssh-rsa.c,v 1.5 2001/01/21 19:05:58 markus Exp $");
 
 #include <openssl/evp.h>
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
 #include <openssl/err.h>
 
+#include "xmalloc.h"
+#include "log.h"
+#include "buffer.h"
+#include "bufaux.h"
 #include "key.h"
 
-#define INTBLOB_LEN    20
-#define SIGBLOB_LEN    (2*INTBLOB_LEN)
-
 /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
 int
 ssh_rsa_sign(
@@ -125,6 +119,11 @@ ssh_rsa_verify(
                error("ssh_rsa_verify: no RSA key");
                return -1;
        }
+       if (BN_num_bits(key->rsa->n) < 768) {
+               error("ssh_rsa_verify: n too small: %d bits",
+                   BN_num_bits(key->rsa->n));
+               return -1;
+       }
        buffer_init(&b);
        buffer_append(&b, (char *) signature, signaturelen);
        ktype = buffer_get_string(&b, NULL);