From 24fc1bdf6005736f5f7579a2dc684ac39d104828 Mon Sep 17 00:00:00 2001 From: Ben Kibbey Date: Mon, 10 Nov 2008 21:42:58 -0500 Subject: [PATCH] A somewhat important fix for generating RSA key exchange parameters. --- src/pwmd.c | 16 ++++++++++++++++ src/tls.c | 3 --- src/tls.h | 1 + 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/src/pwmd.c b/src/pwmd.c index 74666657..bc35f35c 100644 --- a/src/pwmd.c +++ b/src/pwmd.c @@ -2361,6 +2361,21 @@ int main(int argc, char *argv[]) } gnutls_certificate_set_dh_params(x509_cred, dh_params); + ret = gnutls_rsa_params_init(&rsa_params); + + if (ret != GNUTLS_E_SUCCESS) { + warnx("%s", gnutls_strerror(ret)); + goto do_exit; + } + + ret = gnutls_rsa_params_generate2(rsa_params, 512); + + if (ret != GNUTLS_E_SUCCESS) { + warnx("%s", gnutls_strerror(ret)); + goto do_exit; + } + + gnutls_certificate_set_rsa_export_params(x509_cred, rsa_params); gnutls_certificate_set_params_function(x509_cred, tls_get_params); if (listen(sockfd_r, 0) == -1) { @@ -2407,6 +2422,7 @@ do_exit: #ifdef WITH_GNUTLS if (sockfd_r != -1) { gnutls_dh_params_deinit(dh_params); + gnutls_rsa_params_deinit(rsa_params); if (x509_cred) gnutls_certificate_free_credentials(x509_cred); diff --git a/src/tls.c b/src/tls.c index c37c87e0..352109e6 100644 --- a/src/tls.c +++ b/src/tls.c @@ -84,12 +84,9 @@ fail: gint tls_get_params(gnutls_session_t ses, gnutls_params_type_t type, gnutls_params_st *st) { -#if 0 if (type == GNUTLS_PARAMS_RSA_EXPORT) st->params.rsa_export = rsa_params; else if (type == GNUTLS_PARAMS_DH) -#endif - if (type == GNUTLS_PARAMS_DH) st->params.dh = dh_params; else return -1; diff --git a/src/tls.h b/src/tls.h index aff326fa..27821dc0 100644 --- a/src/tls.h +++ b/src/tls.h @@ -27,6 +27,7 @@ struct tls_s { }; gnutls_dh_params_t dh_params; +gnutls_rsa_params_t rsa_params; gnutls_certificate_credentials_t x509_cred; struct tls_s *tls_init(gint fd); -- 2.11.4.GIT