From 353b91a4e76096d9335a5e54229aed728999e261 Mon Sep 17 00:00:00 2001
From: Andre Noll <maan@systemlinux.org>
Date: Fri, 4 Sep 2009 09:23:05 +0200
Subject: [PATCH 1/1] Fix check for short rsa keys.

And add a comment that explains the magic constant 41.
---
 user_list.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/user_list.c b/user_list.c
index 3c0b4f85..f1b4b212 100644
--- a/user_list.c
+++ b/user_list.c
@@ -18,6 +18,7 @@
 #include "string.h"
 #include "list.h"
 #include "user_list.h"
+#include "rc4.h"
 
 static struct list_head user_list;
 
@@ -56,8 +57,15 @@ static void populate_user_list(char *user_list_file)
 				para_strerror(-ret));
 			continue;
 		}
-		if (ret < CHALLENGE_SIZE + 2 * CHALLENGE_SIZE + 41) {
-			PARA_WARNING_LOG("rsa key for %s too small\n", n);
+		/*
+		 * In order to encrypt len := CHALLENGE_SIZE + 2 * RC4_KEY_LEN
+		 * bytes using RSA_public_encrypt() with EME-OAEP padding mode,
+		 * RSA_size(rsa) must be greater than len + 41. So ignore keys
+		 * which are too short. For details see RSA_public_encrypt(3).
+		 */
+		if (ret <= CHALLENGE_SIZE + 2 * RC4_KEY_LEN + 41) {
+			PARA_WARNING_LOG("rsa key %s too short (%d)\n",
+				k, ret);
 			rsa_free(rsa);
 			continue;
 		}
-- 
2.39.2