void ssl_generate_parameters(int fd, unsigned int dh_length, const char *fname) { int bits; /* this fails in FIPS mode */ (void)generate_dh_parameters(512, fd, fname); if (!generate_dh_parameters(dh_length, fd, fname)) { i_fatal("DH_generate_parameters(bits=%d, gen=%d) failed: %s", dh_length, DH_GENERATOR, ssl_last_error()); } bits = 0; if (write_full(fd, &bits, sizeof(bits)) < 0) i_fatal("write_full() failed for file %s: %m", fname); }
int openssl_iostream_generate_params(buffer_t *output) { unsigned int i; for (i = 0; i < N_ELEMENTS(dh_param_bitsizes); i++) { if (generate_dh_parameters(dh_param_bitsizes[i], output) < 0) return -1; } buffer_append_zero(output, sizeof(int)); return 0; }
bool init() { if (!load_root_ca()) { if (!generate_root_ca()) return false; save_root_ca(); } if (!load_dh_parameters()) { if (!generate_dh_parameters()) return false; save_dh_parameters(); } return true; }
/* * Generate an ephemeral DH key. Because this can take a long * time to compute, we can use precomputed parameters of the * common key sizes. * * Since few sites will bother to precompute these parameter * files, we also provide a fallback to the parameters provided * by the OpenSSL project. * * These values can be static (once loaded or computed) since * the OpenSSL library can efficiently generate random keys from * the information provided. */ static DH * tmp_dh_cb(SSL *s, int is_export, int keylength) { DH *r = NULL; static DH *dh = NULL; static DH *dh512 = NULL; static DH *dh1024 = NULL; static DH *dh2048 = NULL; static DH *dh4096 = NULL; switch (keylength) { case 512: if (dh512 == NULL) dh512 = load_dh_file(keylength); if (dh512 == NULL) dh512 = load_dh_buffer(file_dh512, sizeof file_dh512); r = dh512; break; case 1024: if (dh1024 == NULL) dh1024 = load_dh_file(keylength); if (dh1024 == NULL) dh1024 = load_dh_buffer(file_dh1024, sizeof file_dh1024); r = dh1024; break; case 2048: if (dh2048 == NULL) dh2048 = load_dh_file(keylength); if (dh2048 == NULL) dh2048 = load_dh_buffer(file_dh2048, sizeof file_dh2048); r = dh2048; break; case 4096: if (dh4096 == NULL) dh4096 = load_dh_file(keylength); if (dh4096 == NULL) dh4096 = load_dh_buffer(file_dh4096, sizeof file_dh4096); r = dh4096; break; default: if (dh == NULL) dh = load_dh_file(keylength); r = dh; } /* this may take a long time, but it may be necessary... */ if (r == NULL || 8 * DH_size(r) < keylength) { ereport(DEBUG2, (errmsg_internal("DH: generating parameters (%d bits)", keylength))); r = generate_dh_parameters(keylength, DH_GENERATOR_2); } return r; }