2 files changed, 18 insertions, 3 deletions

diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c
index 9896d8dce..2aadf2fc4 100644
--- a/src/util/crypto_rsa.c
+++ b/src/util/crypto_rsa.c
@@ -222,7 +222,6 @@ GNUNET_CRYPTO_rsa_private_key_decode (const char *buf,
                               size_t len)
 {
   struct GNUNET_CRYPTO_rsa_PrivateKey *key;
-
   key = GNUNET_new (struct GNUNET_CRYPTO_rsa_PrivateKey);
   if (0 !=
       gcry_sexp_new (&key->sexp,
@@ -230,11 +229,18 @@ GNUNET_CRYPTO_rsa_private_key_decode (const char *buf,
                      len,
                      0))
   {
-    GNUNET_break_op (0);
+    LOG (GNUNET_ERROR_TYPE_WARNING,
+         "Decoded private key is not valid\n");
     GNUNET_free (key);
     return NULL;
   }
-  /* FIXME: verify that this is an RSA private key */
+  if (0 != gcry_pk_testkey (key->sexp))
+  {
+    LOG (GNUNET_ERROR_TYPE_WARNING,
+         "Decoded private key is not valid\n");
+    GNUNET_CRYPTO_rsa_private_key_free (key);
+    return NULL;
+  }
   return key;
 }
 
diff --git a/src/util/test_crypto_rsa.c b/src/util/test_crypto_rsa.c
index fc41dc24f..b2d749ab9 100644
--- a/src/util/test_crypto_rsa.c
+++ b/src/util/test_crypto_rsa.c
@@ -54,6 +54,15 @@ main (int argc,
   char *enc;
   enc = NULL;
   size = GNUNET_CRYPTO_rsa_private_key_encode (priv, &enc);
+  /* Decoding */
+  GNUNET_CRYPTO_rsa_private_key_free (priv);
+  priv = NULL;
+  priv = GNUNET_CRYPTO_rsa_private_key_decode (enc, size);
+  GNUNET_assert (NULL != priv);
+  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
+                              enc, size);
+  GNUNET_assert (NULL == GNUNET_CRYPTO_rsa_private_key_decode (enc, size));
+  (void) fprintf (stderr, "The above warning is expected.\n");
   GNUNET_free (enc);
 
   /* try ordinary sig first */