- millert@cvs.openbsd.org 2001/03/04 17:42:28

[openssh.git] / ssh-rsa.c

diff --git a/ssh-rsa.c b/ssh-rsa.c
index aab9168ebc7347ec846e117b6926b555b034f0db..9de0e7b0890ee625330f89ac1dbb56823a9dff0d 100644 (file)
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -23,19 +23,17 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.3 2001/01/06 11:23:27 markus Exp $");
-
-#include "ssh.h"
-#include "xmalloc.h"
-#include "buffer.h"
-#include "bufaux.h"
+RCSID("$OpenBSD: ssh-rsa.c,v 1.6 2001/02/08 19:30:52 itojun Exp $");
 
 #include <openssl/evp.h>
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
 #include <openssl/err.h>
 
+#include "xmalloc.h"
+#include "log.h"
+#include "buffer.h"
+#include "bufaux.h"
 #include "key.h"
+#include "ssh-rsa.h"
 
 /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
 int
@@ -122,6 +120,11 @@ ssh_rsa_verify(
                error("ssh_rsa_verify: no RSA key");
                return -1;
        }
+       if (BN_num_bits(key->rsa->n) < 768) {
+               error("ssh_rsa_verify: n too small: %d bits",
+                   BN_num_bits(key->rsa->n));
+               return -1;
+       }
        buffer_init(&b);
        buffer_append(&b, (char *) signature, signaturelen);
        ktype = buffer_get_string(&b, NULL);