X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=secnet.git;a=blobdiff_plain;f=rsa.c;h=03318ba16ba75849207a3be6311729fdceb56d43;hp=0b6f1478837d556fa377ec2d83226f95f9669da9;hb=refs%2Ftags%2Fv0.1.1;hpb=baa06aeb963965b4b6a8a8051ec15b72372080dd

diff --git a/rsa.c b/rsa.c
index 0b6f147..03318ba 100644
--- a/rsa.c
+++ b/rsa.c
@@ -317,19 +317,25 @@ static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
 
     /* Now do trial signature/check to make sure it's a real keypair:
        sign the comment string! */
-    mpz_init(&sig);
-    mpz_init(&plain);
-    mpz_init(&check);
-    read_mpbin(&plain,c,strlen(c));
-    mpz_powm(&sig, &plain, &st->d, &st->n);
-    mpz_powm(&check, &sig, &e, &st->n);
-    if (mpz_cmp(&plain,&check)!=0) {
-	cfgfatal(loc,"rsa-private","file \"%s\" does not contain a "
-		 "valid RSA key!\n",filename);
+    i=list_elem(args,1);
+    if (i && i->type==t_bool && i->data.bool==False) {
+	Message(M_INFO,"rsa-private (%s:%d): skipping RSA key validity "
+		"check\n",loc.file,loc.line);
+    } else {
+	mpz_init(&sig);
+	mpz_init(&plain);
+	mpz_init(&check);
+	read_mpbin(&plain,c,strlen(c));
+	mpz_powm(&sig, &plain, &st->d, &st->n);
+	mpz_powm(&check, &sig, &e, &st->n);
+	if (mpz_cmp(&plain,&check)!=0) {
+	    cfgfatal(loc,"rsa-private","file \"%s\" does not contain a "
+		     "valid RSA key!\n",filename);
+	}
+	mpz_clear(&sig);
+	mpz_clear(&plain);
+	mpz_clear(&check);
     }
-    mpz_clear(&sig);
-    mpz_clear(&plain);
-    mpz_clear(&check);
 
     free(c);
     mpz_clear(&e);