upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak

OPENSSL=no builds OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e
author: djm@openbsd.org <djm@openbsd.org> 2022-10-28 02:47:04 +0000
committer: Damien Miller <djm@mindrot.org> 2022-10-28 13:49:01 +1100
commit: 25c8a2bbcc10c493d27faea57c42a6bf13fa51f2 (patch)
tree: 1a320800f1c1d12bde24fecf5f431e5e106700e6 /sshkey.c
parent: 1192588546c29ceec10775125f396555ea71850f (diff)
download: openssh-git-25c8a2bbcc10c493d27faea57c42a6bf13fa51f2.tar.gz
1 files changed, 20 insertions, 1 deletions
diff --git a/sshkey.c b/sshkey.c
index f6a54fa3..43712253 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.133 2022/10/28 00:44:44 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.134 2022/10/28 02:47:04 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -1319,6 +1319,25 @@ sshkey_cert_type(const struct sshkey *k)
 	}
 }
 
+int
+sshkey_check_rsa_length(const struct sshkey *k, int min_size)
+{
+#ifdef WITH_OPENSSL
+	const BIGNUM *rsa_n;
+	int nbits;
+
+	if (k == NULL || k->rsa == NULL ||
+	    (k->type != KEY_RSA && k->type != KEY_RSA_CERT))
+		return 0;
+	RSA_get0_key(k->rsa, &rsa_n, NULL, NULL);
+	nbits = BN_num_bits(rsa_n);
+	if (nbits < SSH_RSA_MINIMUM_MODULUS_SIZE ||
+	    (min_size > 0 && nbits < min_size))
+		return SSH_ERR_KEY_LENGTH;
+#endif /* WITH_OPENSSL */
+	return 0;
+}
+
 #ifdef WITH_OPENSSL
 # ifdef OPENSSL_HAS_ECC
 int
author	djm@openbsd.org <djm@openbsd.org>	2022-10-28 02:47:04 +0000
committer	Damien Miller <djm@mindrot.org>	2022-10-28 13:49:01 +1100
commit	25c8a2bbcc10c493d27faea57c42a6bf13fa51f2 (patch)
tree	1a320800f1c1d12bde24fecf5f431e5e106700e6 /sshkey.c
parent	1192588546c29ceec10775125f396555ea71850f (diff)
download	openssh-git-25c8a2bbcc10c493d27faea57c42a6bf13fa51f2.tar.gz