else
strftime(default_comment, 30, "rsa-key-%Y%m%d", tm);
- random_init();
+ random_ref();
entropy = get_random_data(bits / 8);
random_add_heavynoise(entropy, bits / 8);
memset(entropy, 0, bits/8);
if (!load_encrypted) {
void *vblob;
char *blob;
- int n, bloblen;
+ int n, l, bloblen;
ret = rsakey_pubblob(&infilename, &vblob, &bloblen, &error);
blob = (char *)vblob;
n = 4; /* skip modulus bits */
- n += ssh1_read_bignum(blob + n, &ssh1key->exponent);
- n += ssh1_read_bignum(blob + n, &ssh1key->modulus);
+
+ l = ssh1_read_bignum(blob + n, bloblen - n,
+ &ssh1key->exponent);
+ if (l < 0) {
+ error = "SSH1 public key blob was too short";
+ } else {
+ n += l;
+ l = ssh1_read_bignum(blob + n, bloblen - n,
+ &ssh1key->modulus);
+ if (l < 0) {
+ error = "SSH1 public key blob was too short";
+ } else
+ n += l;
+ }
ssh1key->comment = NULL;
ssh1key->private_exponent = NULL;
} else {