diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-01-22 17:42:12 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-01-22 17:42:12 +0000 |
commit | 207eddade48a93f73eb01298b7d3667a589aa2a7 (patch) | |
tree | db4c11c38de93e338a0a652d73337b7bfb030762 /lib/gnutls_dh_primes.c | |
parent | 065f1d588dca3295501e271578f117e5326c008b (diff) | |
download | gnutls-207eddade48a93f73eb01298b7d3667a589aa2a7.tar.gz |
Improved the SRP support, to prevent attackers guessing the
available usernames by brute force. The g,n values sent are now
obtained by the password conf file. (they were static ones)
Diffstat (limited to 'lib/gnutls_dh_primes.c')
-rw-r--r-- | lib/gnutls_dh_primes.c | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c index 641de737f0..7ef003324e 100644 --- a/lib/gnutls_dh_primes.c +++ b/lib/gnutls_dh_primes.c @@ -417,52 +417,6 @@ GNUTLS_MPI gnutls_get_dh_params(gnutls_dh_params dh_primes, return g; } -/* returns g and p, depends on the requested bits. - * We only support limited key sizes. - */ -int _gnutls_get_rnd_srp_params(gnutls_datum *g, gnutls_datum* p, int bits) -{ - int i; - - if (_gnutls_dh_default_params == NULL) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - } - - g->data = p->data = NULL; - g->size = p->size = 0; - - bits = normalize_bits(bits); - - i = 0; - do { - if (_gnutls_dh_default_params[i].bits == bits) { - if (_gnutls_set_datum( p, _gnutls_dh_default_params[i].prime.data, - _gnutls_dh_default_params[i].prime.size) < 0) { - return GNUTLS_E_MEMORY_ERROR; - } - - if (_gnutls_set_datum( g, _gnutls_dh_default_params[i].generator.data, - _gnutls_dh_default_params[i].generator.size) < 0) { - _gnutls_free_datum( p); - return GNUTLS_E_MEMORY_ERROR; - } - - break; - } - i++; - } while (_gnutls_dh_default_params[i].bits != 0); - - if (g->data == NULL || p->data == NULL) { - gnutls_assert(); - _gnutls_free_datum(g); - _gnutls_free_datum(p); - return GNUTLS_E_INTERNAL_ERROR; - } - - return 0; -} - /* These should be added in gcrypt.h */ GNUTLS_MPI _gcry_generate_elg_prime(int mode, unsigned pbits, unsigned qbits, GNUTLS_MPI g, |