void ssl_generate_parameters(int fd, unsigned int dh_length, const char *fname)
{
int bits;
/* this fails in FIPS mode */
(void)generate_dh_parameters(512, fd, fname);
if (!generate_dh_parameters(dh_length, fd, fname)) {
i_fatal("DH_generate_parameters(bits=%d, gen=%d) failed: %s",
dh_length, DH_GENERATOR, ssl_last_error());
}
bits = 0;
if (write_full(fd, &bits, sizeof(bits)) < 0)
i_fatal("write_full() failed for file %s: %m", fname);
}
static bool generate_dh_parameters(int bitsize, int fd, const char *fname)
{
DH *dh = DH_generate_parameters(bitsize, DH_GENERATOR, NULL, NULL);
unsigned char *buf, *p;
int len;
if (dh == NULL)
return FALSE;
len = i2d_DHparams(dh, NULL);
if (len < 0)
i_fatal("i2d_DHparams() failed: %s", ssl_last_error());
buf = p = i_malloc(len);
len = i2d_DHparams(dh, &p);
if (write_full(fd, &bitsize, sizeof(bitsize)) < 0 ||
write_full(fd, &len, sizeof(len)) < 0 ||
write_full(fd, buf, len) < 0)
i_fatal("write_full() failed for file %s: %m", fname);
i_free(buf);
return TRUE;
}
void random_fill(void *buf, size_t size)
{
if (RAND_bytes(buf, size) != 1)
i_fatal("RAND_pseudo_bytes() failed: %s", ssl_last_error());
}
