Lines 63-76
static unsigned char dh512_g[] =
Link Here
|
63 |
static DH * |
63 |
static DH * |
64 |
get_dh512() |
64 |
get_dh512() |
65 |
{ |
65 |
{ |
66 |
DH *dh = NULL; |
66 |
DH *dh; |
|
|
67 |
BIGNUM *p, *g; |
67 |
|
68 |
|
68 |
if ((dh = DH_new()) == NULL) |
69 |
if ((dh = DH_new()) == NULL) |
69 |
return NULL; |
70 |
return NULL; |
70 |
dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); |
71 |
p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); |
71 |
dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); |
72 |
g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); |
72 |
if ((dh->p == NULL) || (dh->g == NULL)) |
73 |
if (p == NULL || g == NULL) |
|
|
74 |
{ |
75 |
BN_free(p); |
76 |
BN_free(g); |
77 |
DH_free(dh); |
73 |
return NULL; |
78 |
return NULL; |
|
|
79 |
} |
80 |
|
81 |
#if OPENSSL_VERSION_NUMBER >= 0x10100005L |
82 |
DH_set0_pqg(dh, p, NULL, g); |
83 |
#else |
84 |
dh->p = p; |
85 |
dh->g = g; |
86 |
#endif |
87 |
|
74 |
return dh; |
88 |
return dh; |
75 |
} |
89 |
} |
76 |
|
90 |
|
Lines 117-132
get_dh2048()
Link Here
|
117 |
}; |
131 |
}; |
118 |
static unsigned char dh2048_g[]={ 0x02, }; |
132 |
static unsigned char dh2048_g[]={ 0x02, }; |
119 |
DH *dh; |
133 |
DH *dh; |
|
|
134 |
BIGNUM *p, *g; |
120 |
|
135 |
|
121 |
if ((dh=DH_new()) == NULL) |
136 |
if ((dh=DH_new()) == NULL) |
122 |
return(NULL); |
137 |
return(NULL); |
123 |
dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); |
138 |
p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL); |
124 |
dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); |
139 |
g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL); |
125 |
if ((dh->p == NULL) || (dh->g == NULL)) |
140 |
if (p == NULL || g == NULL) |
126 |
{ |
141 |
{ |
|
|
142 |
BN_free(p); |
143 |
BN_free(g); |
127 |
DH_free(dh); |
144 |
DH_free(dh); |
128 |
return(NULL); |
145 |
return NULL; |
129 |
} |
146 |
} |
|
|
147 |
|
148 |
#if OPENSSL_VERSION_NUMBER >= 0x10100005L |
149 |
DH_set0_pqg(dh, p, NULL, g); |
150 |
#else |
151 |
dh->p = p; |
152 |
dh->g = g; |
153 |
#endif |
154 |
|
130 |
return(dh); |
155 |
return(dh); |
131 |
} |
156 |
} |
132 |
# endif /* !NO_DH */ |
157 |
# endif /* !NO_DH */ |
Lines 715-720
static char server_session_id_context[]
Link Here
|
715 |
# define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 0 |
740 |
# define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 0 |
716 |
#endif |
741 |
#endif |
717 |
|
742 |
|
|
|
743 |
static RSA * |
744 |
generate_rsa_key(bits, e) |
745 |
int bits; |
746 |
unsigned long e; |
747 |
{ |
748 |
#if OPENSSL_VERSION_NUMBER < 0x00908000L |
749 |
return RSA_generate_key(bits, e, NULL, NULL); |
750 |
#else |
751 |
BIGNUM *bne; |
752 |
RSA *rsa = NULL; |
753 |
|
754 |
bne = BN_new(); |
755 |
if (bne && BN_set_word(bne, e) != 1) |
756 |
rsa = RSA_new(); |
757 |
if (rsa && RSA_generate_key_ex(rsa, bits, bne, NULL) != 1) |
758 |
{ |
759 |
RSA_free(rsa); |
760 |
rsa = NULL; |
761 |
} |
762 |
BN_free(bne); |
763 |
return rsa; |
764 |
#endif |
765 |
} |
766 |
|
767 |
static DSA * |
768 |
generate_dsa_parameters(bits, seed, seed_len, counter_ret, h_ret) |
769 |
int bits; |
770 |
unsigned char *seed; |
771 |
int seed_len; |
772 |
int *counter_ret; |
773 |
unsigned long *h_ret; |
774 |
{ |
775 |
#if OPENSSL_VERSION_NUMBER < 0x00908000L |
776 |
return DSA_generate_parameters(bits, seed, seed_len, counter_ret, |
777 |
h_ret, NULL, NULL); |
778 |
#else |
779 |
DSA *dsa = DSA_new(); |
780 |
|
781 |
if (dsa && DSA_generate_parameters_ex(dsa, bits, seed, seed_len, |
782 |
counter_ret, h_ret, NULL) != 1) |
783 |
{ |
784 |
DSA_free(dsa); |
785 |
dsa = NULL; |
786 |
} |
787 |
return dsa; |
788 |
#endif |
789 |
} |
790 |
|
718 |
bool |
791 |
bool |
719 |
inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) |
792 |
inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) |
720 |
SSL_CTX **ctx; |
793 |
SSL_CTX **ctx; |
Lines 926-932
inittls(ctx, req, options, srv, certfile
Link Here
|
926 |
{ |
999 |
{ |
927 |
/* get a pointer to the current certificate validation store */ |
1000 |
/* get a pointer to the current certificate validation store */ |
928 |
store = SSL_CTX_get_cert_store(*ctx); /* does not fail */ |
1001 |
store = SSL_CTX_get_cert_store(*ctx); /* does not fail */ |
929 |
crl_file = BIO_new(BIO_s_file_internal()); |
1002 |
crl_file = BIO_new(BIO_s_file()); |
930 |
if (crl_file != NULL) |
1003 |
if (crl_file != NULL) |
931 |
{ |
1004 |
{ |
932 |
if (BIO_read_filename(crl_file, CRLFile) >= 0) |
1005 |
if (BIO_read_filename(crl_file, CRLFile) >= 0) |
Lines 1003-1010
inittls(ctx, req, options, srv, certfile
Link Here
|
1003 |
if (bitset(TLS_I_RSA_TMP, req) |
1076 |
if (bitset(TLS_I_RSA_TMP, req) |
1004 |
# if SM_CONF_SHM |
1077 |
# if SM_CONF_SHM |
1005 |
&& ShmId != SM_SHM_NO_ID && |
1078 |
&& ShmId != SM_SHM_NO_ID && |
1006 |
(rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, |
1079 |
(rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4)) == NULL |
1007 |
NULL)) == NULL |
|
|
1008 |
# else /* SM_CONF_SHM */ |
1080 |
# else /* SM_CONF_SHM */ |
1009 |
&& 0 /* no shared memory: no need to generate key now */ |
1081 |
&& 0 /* no shared memory: no need to generate key now */ |
1010 |
# endif /* SM_CONF_SHM */ |
1082 |
# endif /* SM_CONF_SHM */ |
Lines 1210-1217
inittls(ctx, req, options, srv, certfile
Link Here
|
1210 |
sm_dprintf("inittls: Generating %d bit DH parameters\n", bits); |
1282 |
sm_dprintf("inittls: Generating %d bit DH parameters\n", bits); |
1211 |
|
1283 |
|
1212 |
/* this takes a while! */ |
1284 |
/* this takes a while! */ |
1213 |
dsa = DSA_generate_parameters(bits, NULL, 0, NULL, |
1285 |
dsa = generate_dsa_parameters(bits, NULL, 0, NULL, |
1214 |
NULL, 0, NULL); |
1286 |
NULL); |
1215 |
dh = DSA_dup_DH(dsa); |
1287 |
dh = DSA_dup_DH(dsa); |
1216 |
DSA_free(dsa); |
1288 |
DSA_free(dsa); |
1217 |
} |
1289 |
} |
Lines 1747-1753
tmp_rsa_key(s, export, keylength)
Link Here
|
1747 |
|
1819 |
|
1748 |
if (rsa_tmp != NULL) |
1820 |
if (rsa_tmp != NULL) |
1749 |
RSA_free(rsa_tmp); |
1821 |
RSA_free(rsa_tmp); |
1750 |
rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL); |
1822 |
rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4); |
1751 |
if (rsa_tmp == NULL) |
1823 |
if (rsa_tmp == NULL) |
1752 |
{ |
1824 |
{ |
1753 |
if (LogLevel > 0) |
1825 |
if (LogLevel > 0) |
Lines 1974-1984
x509_verify_cb(ok, ctx)
Link Here
|
1974 |
{ |
2046 |
{ |
1975 |
if (LogLevel > 13) |
2047 |
if (LogLevel > 13) |
1976 |
tls_verify_log(ok, ctx, "x509"); |
2048 |
tls_verify_log(ok, ctx, "x509"); |
|
|
2049 |
#if OPENSSL_VERSION_NUMBER >= 0x10100005L |
2050 |
if (X509_STORE_CTX_get_error(ctx) == |
2051 |
X509_V_ERR_UNABLE_TO_GET_CRL) |
2052 |
{ |
2053 |
X509_STORE_CTX_set_error(ctx, 0); |
2054 |
return 1; /* override it */ |
2055 |
} |
2056 |
#else |
1977 |
if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL) |
2057 |
if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL) |
1978 |
{ |
2058 |
{ |
1979 |
ctx->error = 0; |
2059 |
ctx->error = 0; |
1980 |
return 1; /* override it */ |
2060 |
return 1; /* override it */ |
1981 |
} |
2061 |
} |
|
|
2062 |
#endif |
1982 |
} |
2063 |
} |
1983 |
return ok; |
2064 |
return ok; |
1984 |
} |
2065 |
} |