static fr_tls_server_conf_t *construct_tls(TIDC_INSTANCE *inst,
home_server_t *hs,
TID_SRVR_BLK *server)
{
fr_tls_server_conf_t *tls;
unsigned char *key_buf = NULL;
ssize_t keylen;
char *hexbuf = NULL;
DH *aaa_server_dh;
tls = talloc_zero( hs, fr_tls_server_conf_t);
if (!tls) return NULL;
aaa_server_dh = tid_srvr_get_dh(server);
keylen = tr_compute_dh_key(&key_buf, aaa_server_dh->pub_key,
tidc_get_dh(inst));
if (keylen <= 0) {
DEBUG2("DH error");
goto error;
}
hexbuf = talloc_size(tls, keylen*2 + 1);
if (!hexbuf) goto error;
tr_bin_to_hex(key_buf, keylen, hexbuf, 2*keylen + 1);
tls->psk_password = hexbuf;
tls->psk_identity = talloc_strdup(tls, tid_srvr_get_key_name(server)->buf);
tls->cipher_list = talloc_strdup(tls, "PSK");
tls->fragment_size = 4200;
tls->ctx = tls_init_ctx(tls, 1);
if (!tls->ctx) goto error;
memset(key_buf, 0, keylen);
tr_dh_free(key_buf);
return tls;
error:
if (key_buf) {
memset(key_buf, 0, keylen);
tr_dh_free(key_buf);
}
if (hexbuf) memset(hexbuf, 0, keylen*2);
if (tls) talloc_free(tls);
return NULL;
}
void
tr_cryptoDestruct (tr_crypto * crypto)
{
tr_dh_secret_free (crypto->mySecret);
tr_dh_free (crypto->dh);
tr_rc4_free (crypto->enc_key);
tr_rc4_free (crypto->dec_key);
}
