- djm@cvs.openbsd.org 2010/01/13 03:48:13

[openssh.git] / key.c

diff --git a/key.c b/key.c
index 76d6af92bd9d9bf3b0db9930b9805b91952f6034..5aea416b33ea7575027ec769c5b963308296d307 100644 (file)
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.79 2008/07/25 07:05:16 grunk Exp $ */
+/* $OpenBSD: key.c,v 1.82 2010/01/13 01:10:56 dtucker Exp $ */
 /*
  * read_bignum():
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -428,7 +428,7 @@ key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
                retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len, k);
                break;
        default:
-               fatal("key_fingerprint_ex: bad digest representation %d",
+               fatal("key_fingerprint: bad digest representation %d",
                    dgst_rep);
                break;
        }
@@ -522,6 +522,12 @@ key_read(Key *ret, char **cpp)
                        return -1;
                if (!read_bignum(cpp, ret->rsa->n))
                        return -1;
+               /* validate the claimed number of bits */
+               if ((u_int)BN_num_bits(ret->rsa->n) != bits) {
+                       verbose("key_read: claimed key size %d does not match "
+                          "actual %d", bits, BN_num_bits(ret->rsa->n));
+                       return -1;
+               }
                success = 1;
                break;
        case KEY_UNSPEC:
@@ -685,7 +691,7 @@ rsa_generate_private_key(u_int bits)
 {
        RSA *private;
 
-       private = RSA_generate_key(bits, 35, NULL, NULL);
+       private = RSA_generate_key(bits, RSA_F4, NULL, NULL);
        if (private == NULL)
                fatal("rsa_generate_private_key: key generation failed.");
        return private;