From: Vittorio G (VittGam) Date: Tue, 11 Oct 2016 18:30:41 +0000 (+0200) Subject: tincctl: Avoid falling back to 1024 bits RSA key generation when an invalid key size... X-Git-Tag: release-1.1pre15~56 X-Git-Url: https://git.tinc-vpn.org/git/browse?a=commitdiff_plain;h=9cbd3c2b5b03c29c116a14f196db8a32c7135391;p=tinc tincctl: Avoid falling back to 1024 bits RSA key generation when an invalid key size is specified. Also warn the user if a key smaller than 2048 bits is being generated. Signed-off-by: Vittorio Gambaletta --- diff --git a/src/tincctl.c b/src/tincctl.c index 465c9813..1f0246c0 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -446,11 +446,13 @@ static bool rsa_keygen(int bits, bool ask) { // Make sure the key size is a multiple of 8 bits. bits &= ~0x7; - // Force them to be between 1024 and 8192 bits long. - if(bits < 1024) - bits = 1024; - if(bits > 8192) - bits = 8192; + // Make sure that a valid key size is used. + if(bits < 1024 || bits > 8192) { + fprintf(stderr, "Invalid key size %d specified! It should be between 1024 and 8192 bits.\n", bits); + return false; + } else if(bits < 2048) { + fprintf(stderr, "WARNING: generating a weak %d bits RSA key! 2048 or more bits are recommended.\n", bits); + } fprintf(stderr, "Generating %d bits keys:\n", bits);