From: Guus Sliepen <guus@sliepen.org>
Date: Tue, 13 May 2014 18:29:09 +0000 (+0200)
Subject: Add sanity checks when generating new RSA keys.
X-Git-Tag: release-1.1pre11~114
X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=35437a50e2a46861742b6fb8e49d065aa52a04dc

Add sanity checks when generating new RSA keys.

The key size should be a multiple of 8 bits, and it should be between 1024 and
8192 bits.
---

diff --git a/src/tincctl.c b/src/tincctl.c
index 4864fab3..2f7fe6b0 100644
--- a/src/tincctl.c
+++ b/src/tincctl.c
@@ -417,6 +417,15 @@ static bool rsa_keygen(int bits, bool ask) {
 	FILE *f;
 	char *pubname, *privname;
 
+	// Make sure the key size is a multiple of 8 bits.
+	bits &= ~0x7;
+
+	// Force them to be between 1024 and 8192 bits long.
+	if(bits < 1024)
+		bits = 1024;
+	if(bits > 8192)
+		bits = 8192;
+
 	fprintf(stderr, "Generating %d bits keys:\n", bits);
 
 	if(!(key = rsa_generate(bits, 0x10001))) {