From 1eb54458cc96368931157ac8ee6aca84ffb46a7e Mon Sep 17 00:00:00 2001
From: djm <djm@openbsd.org>
Date: Fri, 28 Oct 2022 02:47:04 +0000
Subject: [PATCH] put sshkey_check_rsa_length() back in sshkey.c to unbreak
 OPENSSL=no builds

---
 usr.bin/ssh/ssh-rsa.c | 22 +---------------------
 usr.bin/ssh/sshkey.c  | 22 ++++++++++++++++++++--
 2 files changed, 21 insertions(+), 23 deletions(-)

diff --git a/usr.bin/ssh/ssh-rsa.c b/usr.bin/ssh/ssh-rsa.c
index 31c9add11ac..2839d6801de 100644
--- a/usr.bin/ssh/ssh-rsa.c
+++ b/usr.bin/ssh/ssh-rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-rsa.c,v 1.77 2022/10/28 00:44:44 djm Exp $ */
+/* $OpenBSD: ssh-rsa.c,v 1.78 2022/10/28 02:47:04 djm Exp $ */
 /*
  * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
  *
@@ -32,26 +32,6 @@
 
 static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *);
 
-int
-sshkey_check_rsa_length(const struct sshkey *k, int min_size)
-{
-#ifdef WITH_OPENSSL
-	const BIGNUM *rsa_n;
-	int nbits;
-
-	if (k == NULL || k->rsa == NULL ||
-	    (k->type != KEY_RSA && k->type != KEY_RSA_CERT))
-		return 0;
-	RSA_get0_key(k->rsa, &rsa_n, NULL, NULL);
-	nbits = BN_num_bits(rsa_n);
-	if (nbits < SSH_RSA_MINIMUM_MODULUS_SIZE ||
-	    (min_size > 0 && nbits < min_size))
-		return SSH_ERR_KEY_LENGTH;
-#endif /* WITH_OPENSSL */
-	return 0;
-}
-
-
 static u_int
 ssh_rsa_size(const struct sshkey *key)
 {
diff --git a/usr.bin/ssh/sshkey.c b/usr.bin/ssh/sshkey.c
index c61b4e2fb55..6396db4fa41 100644
--- a/usr.bin/ssh/sshkey.c
+++ b/usr.bin/ssh/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.133 2022/10/28 00:44:44 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.134 2022/10/28 02:47:04 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -1290,6 +1290,25 @@ sshkey_cert_type(const struct sshkey *k)
 	}
 }
 
+int
+sshkey_check_rsa_length(const struct sshkey *k, int min_size)
+{
+#ifdef WITH_OPENSSL
+	const BIGNUM *rsa_n;
+	int nbits;
+
+	if (k == NULL || k->rsa == NULL ||
+	    (k->type != KEY_RSA && k->type != KEY_RSA_CERT))
+		return 0;
+	RSA_get0_key(k->rsa, &rsa_n, NULL, NULL);
+	nbits = BN_num_bits(rsa_n);
+	if (nbits < SSH_RSA_MINIMUM_MODULUS_SIZE ||
+	    (min_size > 0 && nbits < min_size))
+		return SSH_ERR_KEY_LENGTH;
+#endif /* WITH_OPENSSL */
+	return 0;
+}
+
 #ifdef WITH_OPENSSL
 int
 sshkey_ecdsa_key_to_nid(EC_KEY *k)
@@ -1332,7 +1351,6 @@ sshkey_ecdsa_key_to_nid(EC_KEY *k)
 	}
 	return nids[i];
 }
-
 #endif /* WITH_OPENSSL */
 
 int
-- 
2.20.1