server/tun-slip.c: Pass correct stdout to child process.

[tripe] / server / keymgmt.c

diff --git a/server/keymgmt.c b/server/keymgmt.c
index 422b01fee80a0fb1cb2168a847941ed34f6e1fb8..ce0d4561d7384cab066caf758121bd86cf188ede 100644 (file)
--- a/server/keymgmt.c
+++ b/server/keymgmt.c
@@ -1,6 +1,4 @@
 /* -*-c-*-
- *
- * $Id$
  *
  * Key loading and storing
  *
@@ -249,7 +247,8 @@ static const char *algs_check(algswitch *a, const group *g)
   /* --- Derive the key sizes --- *
    *
    * Must ensure that we have non-empty keys.  This isn't ideal, but it
-   * provides a handy sanity check.
+   * provides a handy sanity check.  Also must be based on a 64- or 128-bit
+   * block cipher or we can't do the data expiry properly.
    */
 
   a->hashsz = a->h->hashsz;
@@ -258,6 +257,11 @@ static const char *algs_check(algswitch *a, const group *g)
   if ((a->mksz = keysz(a->hashsz, a->m->keysz)) == 0)
     return ("no key size found for MAC");
 
+  /* --- Derive the data limit --- */
+
+  if (a->c->blksz < 16) a->expsz = MEG(64);
+  else a->expsz = MEG(2048);
+
   /* --- Ensure that the tag size is sane --- */
 
   if (a->tagsz > a->m->hashsz) return ("tag length too large");