1 This patch allows one to specify a maximum number of bits
2 for the CGA and RSA key size. RFC specifies that an implementation
3 may optionnaly honor this setting (5.1.3). This is particularly
4 useful on embedded systems where both the entropy and the processing
7 Index: sendd-0.2/sendd/config.c
8 ===================================================================
9 diff -urN sendd-0.2/sendd/config.c sendd-0.2.new/sendd/config.c
10 --- sendd-0.2/sendd/config.c 2008-04-18 16:21:46.000000000 +0200
11 +++ sendd-0.2.new/sendd/config.c 2008-09-09 15:41:11.000000000 +0200
13 SND_CFS(snd_cga_params, NULL, 1),
14 SND_CFIB(snd_full_secure, 1, 0),
15 SND_CFII(snd_min_key_bits, 1024, "bits", 0),
16 + SND_CFII(snd_max_key_bits, 2048, "bits", 0),
17 SND_CFII(snd_nonce_cache_gc_intvl, 2, "seconds", 0),
18 SND_CFII(snd_pfx_cache_gc_intvl, 40, "seconds", 0),
19 SND_CFS(snd_pkixip_conf, NULL, 0),
20 Index: sendd-0.2/sendd/sig_rfc3971.c
21 ===================================================================
22 diff -urN sendd-0.2/sendd/sig_rfc3971.c sendd-0.2.new/sendd/sig_rfc3971.c
23 --- sendd-0.2/sendd/sig_rfc3971.c 2008-04-18 16:21:46.000000000 +0200
24 +++ sendd-0.2.new/sendd/sig_rfc3971.c 2008-09-10 11:14:35.000000000 +0200
29 - int i, real_slen, min_bits;
30 + int i, real_slen, min_bits, max_bits;
31 DEFINE_TIMESTAMP_VARS();
33 DBG_HEXDUMP(&dbg_cryptox, "key: ", key, klen);
35 "minimum: %d)", EVP_PKEY_bits(pub), min_bits);
38 + max_bits = snd_conf_get_int(snd_max_key_bits);
39 + if (EVP_PKEY_bits(pub) > max_bits) {
40 + DBG(&dbg_snd, "Peer key too strong: %d bits (configured "
41 + "maximum: %d)", EVP_PKEY_bits(pub), max_bits);
45 real_slen = EVP_PKEY_size(pub);
46 if (real_slen < slen) {
47 Index: sendd-0.2/sendd/snd_config.h
48 ===================================================================
49 diff -urN sendd-0.2/sendd/snd_config.h sendd-0.2.new/sendd/snd_config.h
50 --- sendd-0.2/sendd/snd_config.h 2008-04-18 16:21:46.000000000 +0200
51 +++ sendd-0.2.new/sendd/snd_config.h 2008-09-09 15:09:45.000000000 +0200
57 snd_nonce_cache_gc_intvl,
58 snd_pfx_cache_gc_intvl,