bakabtw/packages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
packages/ipv6/send/patches/002-handle_max_bits_conf.patch
florian f851fd4589 Add send (rfc3971 implementation) 
git-svn-id: svn://svn.openwrt.org/openwrt/packages@13020 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-10-21 17:03:18 +00:00

60 lines
2.3 KiB
Diff
Raw Blame History

This patch allows one to specify a maximum number of bits
for the CGA and RSA key size. RFC specifies that an implementation
may optionnaly honor this setting (5.1.3). This is particularly
useful on embedded systems where both the entropy and the processing
power are limited.
Index: sendd-0.2/sendd/config.c
===================================================================
diff -urN sendd-0.2/sendd/config.c sendd-0.2.new/sendd/config.c
--- sendd-0.2/sendd/config.c 2008-04-18 16:21:46.000000000 +0200
+++ sendd-0.2.new/sendd/config.c 2008-09-09 15:41:11.000000000 +0200
@@ -82,6 +82,7 @@
SND_CFS(snd_cga_params, NULL, 1),
SND_CFIB(snd_full_secure, 1, 0),
SND_CFII(snd_min_key_bits, 1024, "bits", 0),
+ SND_CFII(snd_max_key_bits, 2048, "bits", 0),
SND_CFII(snd_nonce_cache_gc_intvl, 2, "seconds", 0),
SND_CFII(snd_pfx_cache_gc_intvl, 40, "seconds", 0),
SND_CFS(snd_pkixip_conf, NULL, 0),
Index: sendd-0.2/sendd/sig_rfc3971.c
===================================================================
diff -urN sendd-0.2/sendd/sig_rfc3971.c sendd-0.2.new/sendd/sig_rfc3971.c
--- sendd-0.2/sendd/sig_rfc3971.c 2008-04-18 16:21:46.000000000 +0200
+++ sendd-0.2.new/sendd/sig_rfc3971.c 2008-09-10 11:14:35.000000000 +0200
@@ -147,7 +147,7 @@
EVP_MD_CTX ctx[1];
EVP_PKEY *pub;
int rv = -1;
- int i, real_slen, min_bits;
+ int i, real_slen, min_bits, max_bits;
DEFINE_TIMESTAMP_VARS();
DBG_HEXDUMP(&dbg_cryptox, "key: ", key, klen);
@@ -164,6 +164,12 @@
"minimum: %d)", EVP_PKEY_bits(pub), min_bits);
return (-1);
}
+ max_bits = snd_conf_get_int(snd_max_key_bits);
+ if (EVP_PKEY_bits(pub) > max_bits) {
+ DBG(&dbg_snd, "Peer key too strong: %d bits (configured "
+ "maximum: %d)", EVP_PKEY_bits(pub), max_bits);
+ return (-1);
+ }
real_slen = EVP_PKEY_size(pub);
if (real_slen < slen) {
Index: sendd-0.2/sendd/snd_config.h
===================================================================
diff -urN sendd-0.2/sendd/snd_config.h sendd-0.2.new/sendd/snd_config.h
--- sendd-0.2/sendd/snd_config.h 2008-04-18 16:21:46.000000000 +0200
+++ sendd-0.2.new/sendd/snd_config.h 2008-09-09 15:09:45.000000000 +0200
@@ -42,6 +42,7 @@
snd_cga_params,
snd_full_secure,
snd_min_key_bits,
+ snd_max_key_bits,
snd_nonce_cache_gc_intvl,
snd_pfx_cache_gc_intvl,
snd_pkixip_conf,
Reference in New Issue View Git Blame Copy Permalink