Bug#391837: Remove RSA_EXPORT support
Andreas Metzler
ametzler at downhill.at.eu.org
Mon Oct 9 17:39:45 UTC 2006
On 2006-10-08 Florian Weimer <fw at deneb.enyo.de> wrote:
> Package: exim4-daemon-heavy
> Severity: wishlist
[...]
> This patch removes blocking on /dev/random from the DH parameter
> generation. Exim still consumes lots of entropy, but it will never
> block. The only remaining problem is lack of locking, which will lead
> to wasted CPU cycles when multiple Exim process try to generate new DH
> parameters. However, CPU cycles grow much faster than random bits.
[...]
> - DEBUG(D_tls) debug_printf("generating %d bit RSA key...\n", RSA_BITS);
> - ret = gnutls_rsa_params_generate2(rsa_params, RSA_BITS);
> - if (ret < 0) return tls_error(US"RSA key generation", host, ret);
> -
> DEBUG(D_tls) debug_printf("generating %d bit Diffie-Hellman key...\n",
> DH_BITS);
> ret = gnutls_dh_params_generate2(dh_params, DH_BITS);
[...]
Hello,
I might just be too stupid today, but afaict the patch does not change
generation of dh_params at all, it is still done exactly the same way
as before, by calling gnutls_dh_params_generate2().
cu andreas
--
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken. (c) Jasper Ffforde
More information about the Pkg-exim4-maintainers
mailing list