+ len = RSA_size(myself->connection->rsa_key);
+
+ /* Check if the length of the meta key is all right */
+
+ if(strlen(buffer) != len*2)
+ {
+ syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength");
+ return -1;
+ }
+
+ /* Allocate buffers for the meta key */
+cp
+ if(!c->inkey)
+ c->inkey = xmalloc(len);
+
+ if(!c->inctx)
+ c->inctx = xmalloc(sizeof(*c->inctx));
+
+ /* Convert the challenge from hexadecimal back to binary */
+cp
+ hex2bin(buffer,buffer,len);
+
+ /* Decrypt the meta key */
+cp
+ if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) /* See challenge() */
+ {
+ syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname);
+ return -1;
+ }
+
+ if(debug_lvl >= DEBUG_SCARY_THINGS)
+ {
+ bin2hex(c->inkey, buffer, len);
+ buffer[len*2] = '\0';
+ syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer);
+ }
+
+ /* All incoming requests will now be encrypted. */
+cp
+ EVP_DecryptInit(c->inctx, EVP_bf_cfb(),
+ c->inkey + len - EVP_bf_cfb()->key_len,
+ c->inkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len);
+
+ c->status.decryptin = 1;
+
+ c->allow_request = CHALLENGE;
+cp
+ return send_challenge(c);