From: Guus Sliepen Date: Tue, 13 May 2014 18:29:09 +0000 (+0200) Subject: Add sanity checks when generating new RSA keys. X-Git-Tag: release-1.1pre11~114 X-Git-Url: https://git.tinc-vpn.org/git/browse?a=commitdiff_plain;h=35437a50e2a46861742b6fb8e49d065aa52a04dc;p=tinc Add sanity checks when generating new RSA keys. The key size should be a multiple of 8 bits, and it should be between 1024 and 8192 bits. --- diff --git a/src/tincctl.c b/src/tincctl.c index 4864fab3..2f7fe6b0 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -417,6 +417,15 @@ static bool rsa_keygen(int bits, bool ask) { FILE *f; char *pubname, *privname; + // Make sure the key size is a multiple of 8 bits. + bits &= ~0x7; + + // Force them to be between 1024 and 8192 bits long. + if(bits < 1024) + bits = 1024; + if(bits > 8192) + bits = 8192; + fprintf(stderr, "Generating %d bits keys:\n", bits); if(!(key = rsa_generate(bits, 0x10001))) {