[MS-BKRP] backupkey server and GnuTLS
Andrew Bartlett
abartlet at samba.org
Fri Nov 13 20:32:53 UTC 2015
On Fri, 2015-11-13 at 11:21 +0100, Andreas Schneider wrote:
> On Friday 13 November 2015 11:53:13 Andrew Bartlett wrote:
> > I think that also fixes some other issues we had. In particular,
> > see
> > the comments around gnutls_privkey_export_rsa_raw() and please add
> > some
> > kind of assertion that this is fixed in the version used.
>
> What do you mean exactly. The bignum conversion issue? bignums are
> always big
> endian.
I'm referring to the comments in
927ea9791e3d1a91516b1cec6918772da83a7fbb
+ /*
+ * Only this GnuTLS export function correctly exports the key,
+ * we can't use gnutls_rsa_params_export_raw() because while
+ * it appears to be fixed in more recent versions, in the
+ * Ubuntu 14.04 version 2.12.23 (at least) it incorrectly
+ * exports one of the key parameters (qInv). Additionally, we
+ * would have to work around subtle differences in big number
+ * representations.
+ *
+ * We need access to the RSA parameters directly (in the
+ * parameter RSA **rsa) as the caller has to manually encode
+ * them in a non-standard data structure.
+ */
As you need new gnutls anyway, I'm not worried, as long as you are
aware so we don't find a workaround and then loose this protection.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list