- djm@cvs.openbsd.org 2005/06/17 02:44:33

     [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean

1 files changed, 4 insertions, 2 deletions

diff --git a/auth-rsa.c b/auth-rsa.c
index 4378008d3..d9c9652dc 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.62 2004/12/11 01:48:56 dtucker Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.63 2005/06/17 02:44:32 djm Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/md5.h>
@@ -205,6 +205,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
         while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
                 char *cp;
                 char *key_options;
+                int keybits;
 
                 /* Skip leading whitespace, empty and comment lines. */
                 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -243,7 +244,8 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
                         continue;
 
                 /* check the real bits  */
-                if (bits != BN_num_bits(key->rsa->n))
+                keybits = BN_num_bits(key->rsa->n);
+                if (keybits < 0 || bits != (u_int)keybits)
                         logit("Warning: %s, line %lu: keysize mismatch: "
                             "actual %d vs. announced %d.",
                             file, linenum, BN_num_bits(key->rsa->n), bits);