- PARA_DEBUG_LOG("found entry for %s\n", n);
- u = para_malloc(sizeof(struct user));
+ PARA_DEBUG_LOG("found entry for user %s\n", n);
+ ret = get_rsa_key(k, &rsa, LOAD_PUBLIC_KEY);
+ if (ret < 0) {
+ PARA_NOTICE_LOG("skipping entry for user %s: %s\n", n,
+ para_strerror(-ret));
+ continue;
+ }
+ /*
+ * In order to encrypt len := CHALLENGE_SIZE + 2 * RC4_KEY_LEN
+ * bytes using RSA_public_encrypt() with EME-OAEP padding mode,
+ * RSA_size(rsa) must be greater than len + 41. So ignore keys
+ * which are too short. For details see RSA_public_encrypt(3).
+ */
+ if (ret <= CHALLENGE_SIZE + 2 * RC4_KEY_LEN + 41) {
+ PARA_WARNING_LOG("rsa key %s too short (%d)\n",
+ k, ret);
+ rsa_free(rsa);
+ continue;
+ }
+ u = para_malloc(sizeof(*u));