-/* $OpenBSD: key.c,v 1.79 2008/07/25 07:05:16 grunk Exp $ */
+/* $OpenBSD: key.c,v 1.82 2010/01/13 01:10:56 dtucker Exp $ */
/*
* read_bignum():
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len, k);
break;
default:
- fatal("key_fingerprint_ex: bad digest representation %d",
+ fatal("key_fingerprint: bad digest representation %d",
dgst_rep);
break;
}
return -1;
if (!read_bignum(cpp, ret->rsa->n))
return -1;
+ /* validate the claimed number of bits */
+ if ((u_int)BN_num_bits(ret->rsa->n) != bits) {
+ verbose("key_read: claimed key size %d does not match "
+ "actual %d", bits, BN_num_bits(ret->rsa->n));
+ return -1;
+ }
success = 1;
break;
case KEY_UNSPEC:
{
RSA *private;
- private = RSA_generate_key(bits, 35, NULL, NULL);
+ private = RSA_generate_key(bits, RSA_F4, NULL, NULL);
if (private == NULL)
fatal("rsa_generate_private_key: key generation failed.");
return private;