void ssl_generate_parameters(int fd, unsigned int dh_length, const char *fname) { int bits; /* this fails in FIPS mode */ (void)generate_dh_parameters(512, fd, fname); if (!generate_dh_parameters(dh_length, fd, fname)) { i_fatal("DH_generate_parameters(bits=%d, gen=%d) failed: %s", dh_length, DH_GENERATOR, ssl_last_error()); } bits = 0; if (write_full(fd, &bits, sizeof(bits)) < 0) i_fatal("write_full() failed for file %s: %m", fname); }
static bool generate_dh_parameters(int bitsize, int fd, const char *fname) { DH *dh = DH_generate_parameters(bitsize, DH_GENERATOR, NULL, NULL); unsigned char *buf, *p; int len; if (dh == NULL) return FALSE; len = i2d_DHparams(dh, NULL); if (len < 0) i_fatal("i2d_DHparams() failed: %s", ssl_last_error()); buf = p = i_malloc(len); len = i2d_DHparams(dh, &p); if (write_full(fd, &bitsize, sizeof(bitsize)) < 0 || write_full(fd, &len, sizeof(len)) < 0 || write_full(fd, buf, len) < 0) i_fatal("write_full() failed for file %s: %m", fname); i_free(buf); return TRUE; }
void random_fill(void *buf, size_t size) { if (RAND_bytes(buf, size) != 1) i_fatal("RAND_pseudo_bytes() failed: %s", ssl_last_error()); }