|
Lines 63-76
static unsigned char dh512_g[] =
Link Here
|
| 63 |
static DH * |
63 |
static DH * |
| 64 |
get_dh512() |
64 |
get_dh512() |
| 65 |
{ |
65 |
{ |
| 66 |
DH *dh = NULL; |
66 |
DH *dh; |
|
|
67 |
BIGNUM *p, *g; |
| 67 |
|
68 |
|
| 68 |
if ((dh = DH_new()) == NULL) |
69 |
if ((dh = DH_new()) == NULL) |
| 69 |
return NULL; |
70 |
return NULL; |
| 70 |
dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); |
71 |
p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); |
| 71 |
dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); |
72 |
g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); |
| 72 |
if ((dh->p == NULL) || (dh->g == NULL)) |
73 |
if (p == NULL || g == NULL) |
|
|
74 |
{ |
| 75 |
BN_free(p); |
| 76 |
BN_free(g); |
| 77 |
DH_free(dh); |
| 73 |
return NULL; |
78 |
return NULL; |
|
|
79 |
} |
| 80 |
|
| 81 |
#if OPENSSL_VERSION_NUMBER >= 0x10100005L |
| 82 |
DH_set0_pqg(dh, p, NULL, g); |
| 83 |
#else |
| 84 |
dh->p = p; |
| 85 |
dh->g = g; |
| 86 |
#endif |
| 87 |
|
| 74 |
return dh; |
88 |
return dh; |
| 75 |
} |
89 |
} |
| 76 |
|
90 |
|
|
Lines 117-132
get_dh2048()
Link Here
|
| 117 |
}; |
131 |
}; |
| 118 |
static unsigned char dh2048_g[]={ 0x02, }; |
132 |
static unsigned char dh2048_g[]={ 0x02, }; |
| 119 |
DH *dh; |
133 |
DH *dh; |
|
|
134 |
BIGNUM *p, *g; |
| 120 |
|
135 |
|
| 121 |
if ((dh=DH_new()) == NULL) |
136 |
if ((dh=DH_new()) == NULL) |
| 122 |
return(NULL); |
137 |
return(NULL); |
| 123 |
dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); |
138 |
p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL); |
| 124 |
dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); |
139 |
g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL); |
| 125 |
if ((dh->p == NULL) || (dh->g == NULL)) |
140 |
if (p == NULL || g == NULL) |
| 126 |
{ |
141 |
{ |
|
|
142 |
BN_free(p); |
| 143 |
BN_free(g); |
| 127 |
DH_free(dh); |
144 |
DH_free(dh); |
| 128 |
return(NULL); |
145 |
return NULL; |
| 129 |
} |
146 |
} |
|
|
147 |
|
| 148 |
#if OPENSSL_VERSION_NUMBER >= 0x10100005L |
| 149 |
DH_set0_pqg(dh, p, NULL, g); |
| 150 |
#else |
| 151 |
dh->p = p; |
| 152 |
dh->g = g; |
| 153 |
#endif |
| 154 |
|
| 130 |
return(dh); |
155 |
return(dh); |
| 131 |
} |
156 |
} |
| 132 |
# endif /* !NO_DH */ |
157 |
# endif /* !NO_DH */ |
|
Lines 715-720
static char server_session_id_context[]
Link Here
|
| 715 |
# define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 0 |
740 |
# define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 0 |
| 716 |
#endif |
741 |
#endif |
| 717 |
|
742 |
|
|
|
743 |
static RSA * |
| 744 |
generate_rsa_key(bits, e) |
| 745 |
int bits; |
| 746 |
unsigned long e; |
| 747 |
{ |
| 748 |
#if OPENSSL_VERSION_NUMBER < 0x00908000L |
| 749 |
return RSA_generate_key(bits, e, NULL, NULL); |
| 750 |
#else |
| 751 |
BIGNUM *bne; |
| 752 |
RSA *rsa = NULL; |
| 753 |
|
| 754 |
bne = BN_new(); |
| 755 |
if (bne && BN_set_word(bne, e) != 1) |
| 756 |
rsa = RSA_new(); |
| 757 |
if (rsa && RSA_generate_key_ex(rsa, bits, bne, NULL) != 1) |
| 758 |
{ |
| 759 |
RSA_free(rsa); |
| 760 |
rsa = NULL; |
| 761 |
} |
| 762 |
BN_free(bne); |
| 763 |
return rsa; |
| 764 |
#endif |
| 765 |
} |
| 766 |
|
| 767 |
static DSA * |
| 768 |
generate_dsa_parameters(bits, seed, seed_len, counter_ret, h_ret) |
| 769 |
int bits; |
| 770 |
unsigned char *seed; |
| 771 |
int seed_len; |
| 772 |
int *counter_ret; |
| 773 |
unsigned long *h_ret; |
| 774 |
{ |
| 775 |
#if OPENSSL_VERSION_NUMBER < 0x00908000L |
| 776 |
return DSA_generate_parameters(bits, seed, seed_len, counter_ret, |
| 777 |
h_ret, NULL, NULL); |
| 778 |
#else |
| 779 |
DSA *dsa = DSA_new(); |
| 780 |
|
| 781 |
if (dsa && DSA_generate_parameters_ex(dsa, bits, seed, seed_len, |
| 782 |
counter_ret, h_ret, NULL) != 1) |
| 783 |
{ |
| 784 |
DSA_free(dsa); |
| 785 |
dsa = NULL; |
| 786 |
} |
| 787 |
return dsa; |
| 788 |
#endif |
| 789 |
} |
| 790 |
|
| 718 |
bool |
791 |
bool |
| 719 |
inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) |
792 |
inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) |
| 720 |
SSL_CTX **ctx; |
793 |
SSL_CTX **ctx; |
|
Lines 926-932
inittls(ctx, req, options, srv, certfile
Link Here
|
| 926 |
{ |
999 |
{ |
| 927 |
/* get a pointer to the current certificate validation store */ |
1000 |
/* get a pointer to the current certificate validation store */ |
| 928 |
store = SSL_CTX_get_cert_store(*ctx); /* does not fail */ |
1001 |
store = SSL_CTX_get_cert_store(*ctx); /* does not fail */ |
| 929 |
crl_file = BIO_new(BIO_s_file_internal()); |
1002 |
crl_file = BIO_new(BIO_s_file()); |
| 930 |
if (crl_file != NULL) |
1003 |
if (crl_file != NULL) |
| 931 |
{ |
1004 |
{ |
| 932 |
if (BIO_read_filename(crl_file, CRLFile) >= 0) |
1005 |
if (BIO_read_filename(crl_file, CRLFile) >= 0) |
|
Lines 1003-1010
inittls(ctx, req, options, srv, certfile
Link Here
|
| 1003 |
if (bitset(TLS_I_RSA_TMP, req) |
1076 |
if (bitset(TLS_I_RSA_TMP, req) |
| 1004 |
# if SM_CONF_SHM |
1077 |
# if SM_CONF_SHM |
| 1005 |
&& ShmId != SM_SHM_NO_ID && |
1078 |
&& ShmId != SM_SHM_NO_ID && |
| 1006 |
(rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, |
1079 |
(rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4)) == NULL |
| 1007 |
NULL)) == NULL |
|
|
| 1008 |
# else /* SM_CONF_SHM */ |
1080 |
# else /* SM_CONF_SHM */ |
| 1009 |
&& 0 /* no shared memory: no need to generate key now */ |
1081 |
&& 0 /* no shared memory: no need to generate key now */ |
| 1010 |
# endif /* SM_CONF_SHM */ |
1082 |
# endif /* SM_CONF_SHM */ |
|
Lines 1210-1217
inittls(ctx, req, options, srv, certfile
Link Here
|
| 1210 |
sm_dprintf("inittls: Generating %d bit DH parameters\n", bits); |
1282 |
sm_dprintf("inittls: Generating %d bit DH parameters\n", bits); |
| 1211 |
|
1283 |
|
| 1212 |
/* this takes a while! */ |
1284 |
/* this takes a while! */ |
| 1213 |
dsa = DSA_generate_parameters(bits, NULL, 0, NULL, |
1285 |
dsa = generate_dsa_parameters(bits, NULL, 0, NULL, |
| 1214 |
NULL, 0, NULL); |
1286 |
NULL); |
| 1215 |
dh = DSA_dup_DH(dsa); |
1287 |
dh = DSA_dup_DH(dsa); |
| 1216 |
DSA_free(dsa); |
1288 |
DSA_free(dsa); |
| 1217 |
} |
1289 |
} |
|
Lines 1747-1753
tmp_rsa_key(s, export, keylength)
Link Here
|
| 1747 |
|
1819 |
|
| 1748 |
if (rsa_tmp != NULL) |
1820 |
if (rsa_tmp != NULL) |
| 1749 |
RSA_free(rsa_tmp); |
1821 |
RSA_free(rsa_tmp); |
| 1750 |
rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL); |
1822 |
rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4); |
| 1751 |
if (rsa_tmp == NULL) |
1823 |
if (rsa_tmp == NULL) |
| 1752 |
{ |
1824 |
{ |
| 1753 |
if (LogLevel > 0) |
1825 |
if (LogLevel > 0) |
|
Lines 1974-1984
x509_verify_cb(ok, ctx)
Link Here
|
| 1974 |
{ |
2046 |
{ |
| 1975 |
if (LogLevel > 13) |
2047 |
if (LogLevel > 13) |
| 1976 |
tls_verify_log(ok, ctx, "x509"); |
2048 |
tls_verify_log(ok, ctx, "x509"); |
|
|
2049 |
#if OPENSSL_VERSION_NUMBER >= 0x10100005L |
| 2050 |
if (X509_STORE_CTX_get_error(ctx) == |
| 2051 |
X509_V_ERR_UNABLE_TO_GET_CRL) |
| 2052 |
{ |
| 2053 |
X509_STORE_CTX_set_error(ctx, 0); |
| 2054 |
return 1; /* override it */ |
| 2055 |
} |
| 2056 |
#else |
| 1977 |
if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL) |
2057 |
if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL) |
| 1978 |
{ |
2058 |
{ |
| 1979 |
ctx->error = 0; |
2059 |
ctx->error = 0; |
| 1980 |
return 1; /* override it */ |
2060 |
return 1; /* override it */ |
| 1981 |
} |
2061 |
} |
|
|
2062 |
#endif |
| 1982 |
} |
2063 |
} |
| 1983 |
return ok; |
2064 |
return ok; |
| 1984 |
} |
2065 |
} |
