/*
- * Copyright (C) 2006-2009 Andre Noll <maan@systemlinux.org>
+ * Copyright (C) 2006 Andre Noll <maan@tuebingen.mpg.de>
*
* Licensed under the GPL v2. For licencing details see COPYING.
*/
#include <regex.h>
#include <sys/types.h>
-#include <dirent.h>
-#include <openssl/rc4.h>
#include "para.h"
#include "error.h"
/* keyword, name, key, perms */
char w[255], n[255], k[255], p[255], tmp[4][255];
struct user *u;
- RSA *rsa;
+ struct asymmetric_key *pubkey;
- ret = para_fgets(line, MAXLINE, file_ptr);
+ ret = para_fgets(line, sizeof(line), file_ptr);
if (ret <= 0)
break;
if (sscanf(line,"%200s %200s %200s %200s", w, n, k, p) < 3)
if (strcmp(w, "user"))
continue;
PARA_DEBUG_LOG("found entry for user %s\n", n);
- ret = get_rsa_key(k, &rsa, LOAD_PUBLIC_KEY);
+ ret = get_asymmetric_key(k, LOAD_PUBLIC_KEY, &pubkey);
if (ret < 0) {
PARA_NOTICE_LOG("skipping entry for user %s: %s\n", n,
para_strerror(-ret));
continue;
}
- if (ret < CHALLENGE_SIZE + 2 * CHALLENGE_SIZE + 41) {
- PARA_WARNING_LOG("rsa key for %s too small\n", n);
- rsa_free(rsa);
+ /*
+ * In order to encrypt len := CHALLENGE_SIZE + 2 * SESSION_KEY_LEN
+ * bytes using RSA_public_encrypt() with EME-OAEP padding mode,
+ * RSA_size(rsa) must be greater than len + 41. So ignore keys
+ * which are too short. For details see RSA_public_encrypt(3).
+ */
+ if (ret <= CHALLENGE_SIZE + 2 * SESSION_KEY_LEN + 41) {
+ PARA_WARNING_LOG("public key %s too short (%d)\n",
+ k, ret);
+ free_asymmetric_key(pubkey);
continue;
}
u = para_malloc(sizeof(*u));
u->name = para_strdup(n);
- u->rsa = rsa;
+ u->pubkey = pubkey;
u->perms = 0;
num = sscanf(p, "%200[A-Z_],%200[A-Z_],%200[A-Z_],%200[A-Z_]",
tmp[0], tmp[1], tmp[2], tmp[3]);
list_for_each_entry_safe(u, tmp, &user_list, node) {
list_del(&u->node);
free(u->name);
- rsa_free(u->rsa);
+ free_asymmetric_key(u->pubkey);
free(u);
}
} else