keys: warn when loaded key is shorter than 80 bits
Consider 80 bits as the absolute minimum for a secure symmetric key. If a loaded key is shorter, send a warning to the system log to encourage the admin to replace it with a longer key.
This commit is contained in:
Miroslav Lichvar
parent
54c8732c46
commit
0d12410eaa
1 changed files with 5 additions and 0 deletions
5
keys.c
5
keys.c
|
|
@ -39,6 +39,8 @@
|
|||
#include "local.h"
|
||||
#include "logging.h"
|
||||
|
||||
/* Consider 80 bits as the absolute minimum for a secure key */
|
||||
#define MIN_SECURE_KEY_LENGTH 10
|
||||
|
||||
typedef struct {
|
||||
uint32_t id;
|
||||
|
|
@ -196,6 +198,9 @@ KEY_Reload(void)
|
|||
continue;
|
||||
}
|
||||
|
||||
if (key.len < MIN_SECURE_KEY_LENGTH)
|
||||
LOG(LOGS_WARN, LOGF_Keys, "Key %"PRIu32" is too short", key_id);
|
||||
|
||||
key.id = key_id;
|
||||
key.val = MallocArray(char, key.len);
|
||||
memcpy(key.val, keyval, key.len);
|
||||
|
|
|
|||
Loading…
Reference in a new issue