tincctl: Avoid falling back to 1024 bits RSA key generation when an invalid key size is specified.

Also warn the user if a key smaller than 2048 bits is being generated.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
This commit is contained in:
Vittorio G (VittGam) 2016-10-11 20:30:41 +02:00 committed by GitHub
parent c7c5c74d4a
commit 9cbd3c2b5b

View file

@ -446,11 +446,13 @@ static bool rsa_keygen(int bits, bool ask) {
// Make sure the key size is a multiple of 8 bits.
bits &= ~0x7;
// Force them to be between 1024 and 8192 bits long.
if(bits < 1024)
bits = 1024;
if(bits > 8192)
bits = 8192;
// Make sure that a valid key size is used.
if(bits < 1024 || bits > 8192) {
fprintf(stderr, "Invalid key size %d specified! It should be between 1024 and 8192 bits.\n", bits);
return false;
} else if(bits < 2048) {
fprintf(stderr, "WARNING: generating a weak %d bits RSA key! 2048 or more bits are recommended.\n", bits);
}
fprintf(stderr, "Generating %d bits keys:\n", bits);