X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/2bb50d2302c5f752784af71d7c08b6b7985c5c24..ca24b5507e1129858ef7c87a4549f0e44237a7b1:/key.c

diff --git a/key.c b/key.c
index 7a062ea8..5aea416b 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.75 2008/06/12 06:32:59 grunk Exp $ */
+/* $OpenBSD: key.c,v 1.82 2010/01/13 01:10:56 dtucker Exp $ */
 /*
  * read_bignum():
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -11,6 +11,7 @@
  *
  *
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -173,6 +174,7 @@ key_equal(const Key *a, const Key *b)
 	default:
 		fatal("key_equal: bad key type %d", a->type);
 	}
+	/* NOTREACHED */
 }
 
 u_char*
@@ -367,7 +369,8 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k)
 			y = MIN(y, FLDSIZE_Y - 1);
 
 			/* augment the field */
-			field[x][y]++;
+			if (field[x][y] < len - 2)
+				field[x][y]++;
 			input = input >> 2;
 		}
 	}
@@ -377,11 +380,11 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k)
 	field[x][y] = len;
 
 	/* fill in retval */
-	snprintf(retval, 10, "+--[%4s]", key_type(k));
+	snprintf(retval, FLDSIZE_X, "+--[%4s %4u]", key_type(k), key_size(k));
 	p = strchr(retval, '\0');
 
 	/* output upper border */
-	for (i = 0; i < FLDSIZE_X - 8; i++)
+	for (i = p - retval - 1; i < FLDSIZE_X; i++)
 		*p++ = '-';
 	*p++ = '+';
 	*p++ = '\n';
@@ -425,7 +428,7 @@ key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
 		retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len, k);
 		break;
 	default:
-		fatal("key_fingerprint_ex: bad digest representation %d",
+		fatal("key_fingerprint: bad digest representation %d",
 		    dgst_rep);
 		break;
 	}
@@ -519,6 +522,12 @@ key_read(Key *ret, char **cpp)
 			return -1;
 		if (!read_bignum(cpp, ret->rsa->n))
 			return -1;
+		/* validate the claimed number of bits */
+		if ((u_int)BN_num_bits(ret->rsa->n) != bits) {
+			verbose("key_read: claimed key size %d does not match "
+			   "actual %d", bits, BN_num_bits(ret->rsa->n));
+			return -1;
+		}
 		success = 1;
 		break;
 	case KEY_UNSPEC:
@@ -682,7 +691,7 @@ rsa_generate_private_key(u_int bits)
 {
 	RSA *private;
 
-	private = RSA_generate_key(bits, 35, NULL, NULL);
+	private = RSA_generate_key(bits, RSA_F4, NULL, NULL);
 	if (private == NULL)
 		fatal("rsa_generate_private_key: key generation failed.");
 	return private;