static int generate_dh_params(eventer_t e, int mask, void *cl, struct timeval *now) { int bits = (int)(intptr_t)cl; if(mask != EVENTER_ASYNCH_WORK) return 0; switch(bits) { case 1024: if(!dh1024_tmp) dh1024_tmp = load_dh_params(dh1024_file); if(!dh1024_tmp) { mtevL(mtev_notice, "Generating 1024 bit DH parameters.\n"); dh1024_tmp = DH_generate_parameters(1024, 2, NULL, NULL); mtevL(mtev_notice, "Finished generating 1024 bit DH parameters.\n"); save_dh_params(dh1024_tmp, dh1024_file); } break; case 2048: if(!dh2048_tmp) dh2048_tmp = load_dh_params(dh2048_file); if(!dh2048_tmp) { mtevL(mtev_notice, "Generating 2048 bit DH parameters.\n"); dh2048_tmp = DH_generate_parameters(2048, 2, NULL, NULL); mtevL(mtev_notice, "Finished generating 2048 bit DH parameters.\n"); save_dh_params(dh2048_tmp, dh2048_file); } break; default: mtevFatal(mtev_error, "Unexpected DH parameter request: %d\n", bits); } return 0; }
SecureServer::SecureServer(boost::asio::io_service& ioService, boost::asio::ssl::context& context, const boost::asio::ip::tcp::endpoint& endpoint, const std::string& chain, const std::string& key, const std::string& keyPassword, const std::string& dhFile) throw (boost::system::system_error) : ioService_(ioService), acceptor_(ioService, endpoint), context_(context), keyPassword_(keyPassword) { context_.set_options(context_ops); context_.set_password_callback(boost::bind(&SecureServer::getPassword, this)); context_.use_certificate_chain_file(chain); context_.use_private_key_file(key, boost::asio::ssl::context::pem); if(!boost::filesystem::exists(dhFile)){ std::cerr << "Generating tmp dh file " << dhFile << std::endl; std::unique_ptr<BIO,void(*)(BIO*)> dhBIO(BIO_new_file(dhFile.c_str(),"w"),&BIO_free_all); if(!dhBIO){ throw_system_error_ssl("Could not open "+dhFile+" for writing"); } std::unique_ptr<DH,void(*)(DH*)> dh(DH_generate_parameters(2048, RSA_F4, nullptr, nullptr),&DH_free); if(!dh){ throw_system_error_ssl("Could not DH_generate_parameters"); } if(PEM_write_bio_DHparams(dhBIO.get(),dh.get()) != 1){ throw_system_error_ssl("Could not write DHparams"); } std::cerr << "done" << std::endl; } context_.use_tmp_dh_file(dhFile); }
static int generate_dh_parameters(int bitsize, buffer_t *output, const char **error_r) { DH *dh; unsigned char *p; int len, len2; dh = DH_generate_parameters(bitsize, DH_GENERATOR, NULL, NULL); if (dh == NULL) { *error_r = t_strdup_printf( "DH_generate_parameters(bits=%d, gen=%d) failed: %s", bitsize, DH_GENERATOR, openssl_iostream_error()); return -1; } len = i2d_DHparams(dh, NULL); if (len < 0) { *error_r = t_strdup_printf("i2d_DHparams() failed: %s", openssl_iostream_error()); DH_free(dh); return -1; } buffer_append(output, &bitsize, sizeof(bitsize)); buffer_append(output, &len, sizeof(len)); p = buffer_append_space_unsafe(output, len); len2 = i2d_DHparams(dh, &p); i_assert(len == len2); DH_free(dh); return 0; }
void avjackif::async_handshake(std::string login_username, std::string login_password, boost::asio::yield_context yield_context) { auto dh = DH_new(); DH_generate_parameters(); DH_generate_key(dh); }
void _modinit(module_t *m) { MODULE_TRY_REQUEST_SYMBOL(m, regfuncs, "saslserv/main", "sasl_mech_register_funcs"); if ((base_dhparams = DH_generate_parameters(256, 5, NULL, NULL)) == NULL) return; regfuncs->mech_register(&mech); }
/* * Generate an empheral DH key. Because this can take a long * time to compute, we can use precomputed parameters of the * common key sizes. * * Since few sites will bother to precompute these parameter * files, we also provide a fallback to the parameters provided * by the OpenSSL project. * * These values can be static (once loaded or computed) since * the OpenSSL library can efficiently generate random keys from * the information provided. */ static DH * tmp_dh_cb(SSL *s, int is_export, int keylength) { DH *r = NULL; static DH *dh = NULL; static DH *dh512 = NULL; static DH *dh1024 = NULL; static DH *dh2048 = NULL; static DH *dh4096 = NULL; switch (keylength) { case 512: if (dh512 == NULL) dh512 = load_dh_file(keylength); if (dh512 == NULL) dh512 = load_dh_buffer(file_dh512, sizeof file_dh512); r = dh512; break; case 1024: if (dh1024 == NULL) dh1024 = load_dh_file(keylength); if (dh1024 == NULL) dh1024 = load_dh_buffer(file_dh1024, sizeof file_dh1024); r = dh1024; break; case 2048: if (dh2048 == NULL) dh2048 = load_dh_file(keylength); if (dh2048 == NULL) dh2048 = load_dh_buffer(file_dh2048, sizeof file_dh2048); r = dh2048; break; case 4096: if (dh4096 == NULL) dh4096 = load_dh_file(keylength); if (dh4096 == NULL) dh4096 = load_dh_buffer(file_dh4096, sizeof file_dh4096); r = dh4096; break; default: if (dh == NULL) dh = load_dh_file(keylength); r = dh; } /* this may take a long time, but it may be necessary... */ if (r == NULL || 8 * DH_size(r) < keylength) r = DH_generate_parameters(keylength, DH_GENERATOR_2, NULL, NULL); return r; }
void _modinit(module_t *m) { MODULE_TRY_REQUEST_SYMBOL(m, mechanisms, "saslserv/main", "sasl_mechanisms"); if ((base_dhparams = DH_generate_parameters(256, 5, NULL, NULL)) == NULL) return; mnode = mowgli_node_create(); mowgli_node_add(&mech, mnode, mechanisms); }
/* DH: generate shared parameters */ static int dh_test() { DH *dh; ERR_clear_error(); dh = DH_generate_parameters(256, 2, NULL, NULL); if (dh) return 1; return 0; }
bool diffie_hellman::generate_params( int s, uint8_t g ) { DH* dh = DH_generate_parameters( s, g, NULL, NULL ); p.resize( BN_num_bytes( dh->p ) ); if( p.size() ) BN_bn2bin( dh->p, (unsigned char*)&p.front() ); this->g = g; int check; DH_check(dh,&check); DH_free(dh); if( check & DH_CHECK_P_NOT_SAFE_PRIME ) return valid = false; return valid = true; }
static DH * dh_generate(int size, int gen) { #if defined(HAVE_DH_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB BN_GENCB cb; struct ossl_generate_cb_arg cb_arg; struct dh_blocking_gen_arg gen_arg; DH *dh = DH_new(); if (!dh) return 0; memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg)); if (rb_block_given_p()) cb_arg.yield = 1; BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg); gen_arg.dh = dh; gen_arg.size = size; gen_arg.gen = gen; gen_arg.cb = &cb; if (cb_arg.yield == 1) { /* we cannot release GVL when callback proc is supplied */ dh_blocking_gen(&gen_arg); } else { /* there's a chance to unblock */ rb_thread_call_without_gvl(dh_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg); } if (!gen_arg.result) { DH_free(dh); if (cb_arg.state) rb_jump_tag(cb_arg.state); return 0; } #else DH *dh; dh = DH_generate_parameters(size, gen, rb_block_given_p() ? ossl_generate_cb : NULL, NULL); if (!dh) return 0; #endif if (!DH_generate_key(dh)) { DH_free(dh); return 0; } return dh; }
/* * Private */ static DH * dh_generate(int size, int gen) { DH *dh; dh = DH_generate_parameters(size, gen, rb_block_given_p() ? ossl_generate_cb : NULL, NULL); if (!dh) return 0; if (!DH_generate_key(dh)) { DH_free(dh); return 0; } return dh; }
/* * Generate DH parameters. * * Last resort if we can't load precomputed nor hardcoded * parameters. */ static DH * generate_dh_parameters(int prime_len, int generator) { #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) DH *dh; if ((dh = DH_new()) == NULL) return NULL; if (DH_generate_parameters_ex(dh, prime_len, generator, NULL)) return dh; DH_free(dh); return NULL; #else return DH_generate_parameters(prime_len, generator, NULL, NULL); #endif }
NOEXPORT void cron_dh_param(void) { SERVICE_OPTIONS *opt; DH *dh; if(!dh_needed) return; s_log(LOG_NOTICE, "Updating DH parameters"); #if OPENSSL_VERSION_NUMBER>=0x0090800fL /* generate 2048-bit DH parameters */ dh=DH_new(); if(!dh) { sslerror("DH_new"); return; } if(!DH_generate_parameters_ex(dh, 2048, 2, NULL)) { DH_free(dh); sslerror("DH_generate_parameters_ex"); return; } #else /* OpenSSL older than 0.9.8 */ dh=DH_generate_parameters(2048, 2, NULL, NULL); if(!dh) { sslerror("DH_generate_parameters"); return; } #endif /* update global dh_params for future configuration reloads */ enter_critical_section(CRIT_DH); /* it only needs an rwlock here */ DH_free(dh_params); dh_params=dh; leave_critical_section(CRIT_DH); /* set for all sections that require it */ for(opt=service_options.next; opt; opt=opt->next) if(opt->option.dh_needed) SSL_CTX_set_tmp_dh(opt->ctx, dh); s_log(LOG_NOTICE, "DH parameters updated"); }
static bool generate_dh_parameters(int bitsize, int fd, const char *fname) { DH *dh = DH_generate_parameters(bitsize, DH_GENERATOR, NULL, NULL); unsigned char *buf, *p; int len; if (dh == NULL) return FALSE; len = i2d_DHparams(dh, NULL); if (len < 0) i_fatal("i2d_DHparams() failed: %s", ssl_last_error()); buf = p = i_malloc(len); len = i2d_DHparams(dh, &p); if (write_full(fd, &bitsize, sizeof(bitsize)) < 0 || write_full(fd, &len, sizeof(len)) < 0 || write_full(fd, buf, len) < 0) i_fatal("write_full() failed for file %s: %m", fname); i_free(buf); return TRUE; }
bool OSSLDH::generateParameters(AsymmetricParameters** ppParams, void* parameters /* = NULL */, RNG* rng /* = NULL*/) { if ((ppParams == NULL) || (parameters == NULL)) { return false; } size_t bitLen = (size_t) parameters; if (bitLen < getMinKeySize() || bitLen > getMaxKeySize()) { ERROR_MSG("This DH key size is not supported"); return false; } DH* dh = DH_generate_parameters(bitLen, 2, NULL, NULL); if (dh == NULL) { ERROR_MSG("Failed to generate %d bit DH parameters", bitLen); return false; } // Store the DH parameters DHParameters* params = new DHParameters(); ByteString p = OSSL::bn2ByteString(dh->p); params->setP(p); ByteString g = OSSL::bn2ByteString(dh->g); params->setG(g); *ppParams = params; DH_free(dh); return true; }
static isc_result_t openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) { DH *dh = NULL; #if OPENSSL_VERSION_NUMBER > 0x00908000L BN_GENCB *cb; #if OPENSSL_VERSION_NUMBER < 0x10100000L BN_GENCB _cb; #endif union { void *dptr; void (*fptr)(int); } u; #else UNUSED(callback); #endif if (generator == 0) { if (key->key_size == 768 || key->key_size == 1024 || key->key_size == 1536) { dh = DH_new(); if (dh == NULL) return (dst__openssl_toresult(ISC_R_NOMEMORY)); if (key->key_size == 768) dh->p = bn768; else if (key->key_size == 1024) dh->p = bn1024; else dh->p = bn1536; dh->g = bn2; } else generator = 2; } if (generator != 0) { #if OPENSSL_VERSION_NUMBER > 0x00908000L dh = DH_new(); if (dh == NULL) return (dst__openssl_toresult(ISC_R_NOMEMORY)); cb = BN_GENCB_new(); #if OPENSSL_VERSION_NUMBER >= 0x10100000L if (cb == NULL) { DH_free(dh); return (dst__openssl_toresult(ISC_R_NOMEMORY)); } #endif if (callback == NULL) { BN_GENCB_set_old(cb, NULL, NULL); } else { u.fptr = callback; BN_GENCB_set(cb, &progress_cb, u.dptr); } if (!DH_generate_parameters_ex(dh, key->key_size, generator, cb)) { DH_free(dh); BN_GENCB_free(cb); return (dst__openssl_toresult2( "DH_generate_parameters_ex", DST_R_OPENSSLFAILURE)); } BN_GENCB_free(cb); #else dh = DH_generate_parameters(key->key_size, generator, NULL, NULL); if (dh == NULL) return (dst__openssl_toresult2( "DH_generate_parameters", DST_R_OPENSSLFAILURE)); #endif } if (DH_generate_key(dh) == 0) { DH_free(dh); return (dst__openssl_toresult2("DH_generate_key", DST_R_OPENSSLFAILURE)); } dh->flags &= ~DH_FLAG_CACHE_MONT_P; key->keydata.dh = dh; return (ISC_R_SUCCESS); }
dh_key dh_key::generate_parameters(int prime_len, int generator, generate_callback_type callback, void* callback_arg) { return take_ownership(DH_generate_parameters(prime_len, generator, callback, callback_arg)); }
int main(int argc, char *argv[]) { DH *a; DH *b=NULL; char buf[12]; unsigned char *abuf=NULL,*bbuf=NULL; int i,alen,blen,aout,bout,ret=1; BIO *out; CRYPTO_malloc_debug_init(); CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); #ifdef OPENSSL_SYS_WIN32 CRYPTO_malloc_init(); #endif RAND_seed(rnd_seed, sizeof rnd_seed); out=BIO_new(BIO_s_file()); if (out == NULL) EXIT(1); BIO_set_fp(out,stdout,BIO_NOCLOSE); a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out); if (a == NULL) goto err; if (!DH_check(a, &i)) goto err; if (i & DH_CHECK_P_NOT_PRIME) BIO_puts(out, "p value is not prime\n"); if (i & DH_CHECK_P_NOT_SAFE_PRIME) BIO_puts(out, "p value is not a safe prime\n"); if (i & DH_UNABLE_TO_CHECK_GENERATOR) BIO_puts(out, "unable to check the generator value\n"); if (i & DH_NOT_SUITABLE_GENERATOR) BIO_puts(out, "the g value is not a generator\n"); BIO_puts(out,"\np ="); BN_print(out,a->p); BIO_puts(out,"\ng ="); BN_print(out,a->g); BIO_puts(out,"\n"); b=DH_new(); if (b == NULL) goto err; b->p=BN_dup(a->p); b->g=BN_dup(a->g); if ((b->p == NULL) || (b->g == NULL)) goto err; /* Set a to run with normal modexp and b to use constant time */ a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME; b->flags |= DH_FLAG_NO_EXP_CONSTTIME; if (!DH_generate_key(a)) goto err; BIO_puts(out,"pri 1="); BN_print(out,a->priv_key); BIO_puts(out,"\npub 1="); BN_print(out,a->pub_key); BIO_puts(out,"\n"); if (!DH_generate_key(b)) goto err; BIO_puts(out,"pri 2="); BN_print(out,b->priv_key); BIO_puts(out,"\npub 2="); BN_print(out,b->pub_key); BIO_puts(out,"\n"); alen=DH_size(a); abuf=(unsigned char *)OPENSSL_malloc(alen); aout=DH_compute_key(abuf,b->pub_key,a); BIO_puts(out,"key1 ="); for (i=0; i<aout; i++) { sprintf(buf,"%02X",abuf[i]); BIO_puts(out,buf); } BIO_puts(out,"\n"); blen=DH_size(b); bbuf=(unsigned char *)OPENSSL_malloc(blen); bout=DH_compute_key(bbuf,a->pub_key,b); BIO_puts(out,"key2 ="); for (i=0; i<bout; i++) { sprintf(buf,"%02X",bbuf[i]); BIO_puts(out,buf); } BIO_puts(out,"\n"); if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0)) { fprintf(stderr,"Error in DH routines\n"); ret=1; } else ret=0; err: ERR_print_errors_fp(stderr); if (abuf != NULL) OPENSSL_free(abuf); if (bbuf != NULL) OPENSSL_free(bbuf); if(b != NULL) DH_free(b); if(a != NULL) DH_free(a); BIO_free(out); CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); CRYPTO_mem_leaks_fp(stderr); EXIT(ret); return(ret); }
int MAIN(int argc, char **argv) { ENGINE *e = NULL; DH *dh=NULL; int ret=1,num=DEFBITS; int g=2; char *outfile=NULL; char *inrand=NULL; char *engine=NULL; BIO *out=NULL; apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; argv++; argc--; for (;;) { if (argc <= 0) break; if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (strcmp(*argv,"-2") == 0) g=2; /* else if (strcmp(*argv,"-3") == 0) g=3; */ else if (strcmp(*argv,"-5") == 0) g=5; else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; inrand= *(++argv); } else break; argv++; argc--; } if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0))) { bad: BIO_printf(bio_err,"usage: gendh [args] [numbits]\n"); BIO_printf(bio_err," -out file - output the key to 'file\n"); BIO_printf(bio_err," -2 - use 2 as the generator value\n"); /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */ BIO_printf(bio_err," -5 - use 5 as the generator value\n"); BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); goto end; } e = setup_engine(bio_err, engine, 0); out=BIO_new(BIO_s_file()); if (out == NULL) { ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { perror(outfile); goto end; } } if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); } if (inrand != NULL) BIO_printf(bio_err,"%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); BIO_printf(bio_err,"This is going to take a long time\n"); dh=DH_generate_parameters(num,g,dh_cb,bio_err); if (dh == NULL) goto end; app_RAND_write_file(NULL, bio_err); if (!PEM_write_bio_DHparams(out,dh)) goto end; ret=0; end: if (ret != 0) ERR_print_errors(bio_err); if (out != NULL) BIO_free_all(out); if (dh != NULL) DH_free(dh); apps_shutdown(); OPENSSL_EXIT(ret); }