Fix check for short rsa keys.

author Andre Noll <maan@systemlinux.org>

Fri, 4 Sep 2009 07:23:05 +0000 (09:23 +0200)

committer Andre Noll <maan@systemlinux.org>

Fri, 4 Sep 2009 07:23:05 +0000 (09:23 +0200)
author Andre Noll <maan@systemlinux.org>
Fri, 4 Sep 2009 07:23:05 +0000 (09:23 +0200)
committer Andre Noll <maan@systemlinux.org>
Fri, 4 Sep 2009 07:23:05 +0000 (09:23 +0200)
diff --git a/user_list.c b/user_list.c

index 3c0b4f856546a2173c77696f80e0c554a646985c..f1b4b212e11f3e1d807d9a78d1ac31b6d17cf9ca 100644 (file)
--- a/user_list.c
+++ b/user_list.c
@@ -18,6 +18,7 @@
  #include "string.h"
  #include "list.h"
  #include "user_list.h"
+#include "rc4.h"
  
  static struct list_head user_list;
  
@@ -56,8 +57,15 @@ static void populate_user_list(char *user_list_file)
                                 para_strerror(-ret));
                         continue;
                 }
-               if (ret < CHALLENGE_SIZE + 2 * CHALLENGE_SIZE + 41) {
-                       PARA_WARNING_LOG("rsa key for %s too small\n", n);
+               /*
+                * In order to encrypt len := CHALLENGE_SIZE + 2 * RC4_KEY_LEN
+                * bytes using RSA_public_encrypt() with EME-OAEP padding mode,
+                * RSA_size(rsa) must be greater than len + 41. So ignore keys
+                * which are too short. For details see RSA_public_encrypt(3).
+                */
+               if (ret <= CHALLENGE_SIZE + 2 * RC4_KEY_LEN + 41) {
+                       PARA_WARNING_LOG("rsa key %s too short (%d)\n",
+                               k, ret);
                         rsa_free(rsa);
                         continue;
                 }
author	Andre Noll <maan@systemlinux.org>
	Fri, 4 Sep 2009 07:23:05 +0000 (09:23 +0200)
committer	Andre Noll <maan@systemlinux.org>
	Fri, 4 Sep 2009 07:23:05 +0000 (09:23 +0200)