Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/master/ssl-init-openssl.c @ 9259:ea2eed32d59e HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cache file: If offset isn't 32bit aligned, assume it's corrupted.
author Timo Sirainen <tss@iki.fi>
date Sun, 26 Jul 2009 22:40:02 -0400
parents b9faf4db2a9f
children 00cd9aacd03c
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
8590
b9faf4db2a9f Updated copyright notices to include year 2009.
Timo Sirainen <tss@iki.fi>
parents: 7086
diff changeset
1 /* Copyright (c) 2002-2009 Dovecot authors, see the included COPYING file */
622
235188ee7a05 Support for OpenSSL.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
2
235188ee7a05 Support for OpenSSL.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3 #include "common.h"
3888
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
4 #include "write-full.h"
622
235188ee7a05 Support for OpenSSL.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
5 #include "ssl-init.h"
235188ee7a05 Support for OpenSSL.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
6
1529
edffbb824d96 was missing #ifdef HAVE_OPENSSL
Timo Sirainen <tss@iki.fi>
parents: 1501
diff changeset
7 #ifdef HAVE_OPENSSL
edffbb824d96 was missing #ifdef HAVE_OPENSSL
Timo Sirainen <tss@iki.fi>
parents: 1501
diff changeset
8
4298
2e4639fd3c7c Give a nicer error message if i2d_DHparams() returns 0, which apparently it
Timo Sirainen <tss@iki.fi>
parents: 3888
diff changeset
9 #include <openssl/err.h>
3888
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
10 #include <openssl/ssl.h>
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
11
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
12 /* 2 or 5. Haven't seen their difference explained anywhere, but 2 is the
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
13 default.. */
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
14 #define DH_GENERATOR 2
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
15
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
16 static int dh_param_bitsizes[] = { 512, 1024 };
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
17
4299
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
18 static const char *ssl_last_error(void)
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
19 {
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
20 unsigned long err;
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
21 char *buf;
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
22 size_t err_size = 256;
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
23
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
24 err = ERR_get_error();
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
25 if (err == 0)
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
26 return strerror(errno);
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
27
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
28 buf = t_malloc(err_size);
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
29 buf[err_size-1] = '\0';
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
30 ERR_error_string_n(err, buf, err_size-1);
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
31 return buf;
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
32 }
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
33
3888
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
34 static void generate_dh_parameters(int bitsize, int fd, const char *fname)
622
235188ee7a05 Support for OpenSSL.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
35 {
3888
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
36 DH *dh = DH_generate_parameters(bitsize, DH_GENERATOR, NULL, NULL);
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
37 unsigned char *buf, *p;
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
38 int len;
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
39
4299
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
40 if (dh == NULL) {
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
41 i_fatal("DH_generate_parameters(bits=%d, gen=%d) failed: %s",
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
42 bitsize, DH_GENERATOR, ssl_last_error());
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
43 }
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
44
3888
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
45 len = i2d_DHparams(dh, NULL);
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
46 if (len < 0)
4299
dacf4dc615ec Reversed last change. Instead handle DH_generate_parameters() call's failure.
Timo Sirainen <tss@iki.fi>
parents: 4298
diff changeset
47 i_fatal("i2d_DHparams() failed: %s", ssl_last_error());
3888
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
48
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
49 buf = p = i_malloc(len);
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
50 len = i2d_DHparams(dh, &p);
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
51
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
52 if (write_full(fd, &bitsize, sizeof(bitsize)) < 0 ||
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
53 write_full(fd, &len, sizeof(len)) < 0 ||
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
54 write_full(fd, buf, len) < 0)
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
55 i_fatal("write_full() failed for file %s: %m", fname);
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
56 i_free(buf);
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
57 }
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
58
6418
46d9ee79f292 Removed _ prefix from all public APIs.
Timo Sirainen <tss@iki.fi>
parents: 5089
diff changeset
59 void ssl_generate_parameters(int fd, const char *fname)
3888
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
60 {
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
61 unsigned int i;
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
62 int bits;
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
63
6494
59490181469e Use N_ELEMENTS() macro instead of doing sizeof()/sizeof([0]) ourself.
Timo Sirainen <tss@iki.fi>
parents: 6429
diff changeset
64 for (i = 0; i < N_ELEMENTS(dh_param_bitsizes); i++)
3888
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
65 generate_dh_parameters(dh_param_bitsizes[i], fd, fname);
650701d41cdf Generate DH parameters and use them. Changed default regeneration time to 1
Timo Sirainen <tss@iki.fi>
parents: 1529
diff changeset
66 bits = 0;
5089
18559c7e3a15 Cleanups and minor fixes
Timo Sirainen <tss@iki.fi>
parents: 4299
diff changeset
67 if (write_full(fd, &bits, sizeof(bits)) < 0)
18559c7e3a15 Cleanups and minor fixes
Timo Sirainen <tss@iki.fi>
parents: 4299
diff changeset
68 i_fatal("write_full() failed for file %s: %m", fname);
622
235188ee7a05 Support for OpenSSL.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
69 }
1529
edffbb824d96 was missing #ifdef HAVE_OPENSSL
Timo Sirainen <tss@iki.fi>
parents: 1501
diff changeset
70
edffbb824d96 was missing #ifdef HAVE_OPENSSL
Timo Sirainen <tss@iki.fi>
parents: 1501
diff changeset
71 #endif