lib-ssl-iostream: Added dh_length parameter to ssl_iostream_generate_params()

author Timo Sirainen <tss@iki.fi>

Sat, 1 Nov 2014 00:04:58 +0000 (17:04 -0700)

committer Timo Sirainen <tss@iki.fi>

Sat, 1 Nov 2014 00:04:58 +0000 (17:04 -0700)
author Timo Sirainen <tss@iki.fi>
Sat, 1 Nov 2014 00:04:58 +0000 (17:04 -0700)
committer Timo Sirainen <tss@iki.fi>
Sat, 1 Nov 2014 00:04:58 +0000 (17:04 -0700)
diff --git a/src/lib-ssl-iostream/iostream-openssl-params.c b/src/lib-ssl-iostream/iostream-openssl-params.c

index 022005f7982a9fa22a23507877c4275111120098..44c3f83c2ecc507be171c1f40e74af638ef6b200 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl-params.c
+++ b/src/lib-ssl-iostream/iostream-openssl-params.c
@@ -8,8 +8,6 @@
     default.. */
  #define DH_GENERATOR 2
  
-static int dh_param_bitsizes[] = { 512, 1024 };
-
  static int
  generate_dh_parameters(int bitsize, buffer_t *output, const char **error_r)
  {
@@ -43,13 +41,13 @@ generate_dh_parameters(int bitsize, buffer_t *output, const char **error_r)
         return 0;
  }
  
-int openssl_iostream_generate_params(buffer_t *output, const char **error_r)
+int openssl_iostream_generate_params(buffer_t *output, unsigned int dh_length,
+                                    const char **error_r)
  {
-       unsigned int i;
-
-       for (i = 0; i < N_ELEMENTS(dh_param_bitsizes); i++) {
-               if (generate_dh_parameters(dh_param_bitsizes[i],
-                                          output, error_r) < 0)
+       if (generate_dh_parameters(512, output, error_r) < 0)
+               return -1;
+       if (dh_length != 512) {
+               if (generate_dh_parameters(dh_length, output, error_r) < 0)
                         return -1;
         }
         buffer_append_zero(output, sizeof(int));
diff --git a/src/lib-ssl-iostream/iostream-openssl.h b/src/lib-ssl-iostream/iostream-openssl.h

index 4e032189117dcc72d97d83cd4459784e9abae151..fac2880c888fa838085f0ef25d58e2c4b36b91fe 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl.h
+++ b/src/lib-ssl-iostream/iostream-openssl.h
@@ -93,7 +93,8 @@ int openssl_iostream_handle_write_error(struct ssl_iostream *ssl_io, int ret,
  const char *openssl_iostream_error(void);
  const char *openssl_iostream_key_load_error(void);
  
-int openssl_iostream_generate_params(buffer_t *output, const char **error_r);
+int openssl_iostream_generate_params(buffer_t *output, unsigned int dh_length,
+                                    const char **error_r);
  int openssl_iostream_context_import_params(struct ssl_iostream_context *ctx,
                                            const buffer_t *input);
  void openssl_iostream_context_free_params(struct ssl_iostream_context *ctx);
diff --git a/src/lib-ssl-iostream/iostream-ssl-private.h b/src/lib-ssl-iostream/iostream-ssl-private.h

index 30968d5f65a4436283aa3b7eb4c30d7475273a54..d20d606ddc055124911f614d1e016c3826a8d91d 100644 (file)
--- a/src/lib-ssl-iostream/iostream-ssl-private.h
+++ b/src/lib-ssl-iostream/iostream-ssl-private.h
@@ -13,7 +13,8 @@ struct iostream_ssl_vfuncs {
                                    const char **error_r);
         void (*context_deinit)(struct ssl_iostream_context *ctx);
  
-       int (*generate_params)(buffer_t *output, const char **error_r);
+       int (*generate_params)(buffer_t *output, unsigned int dh_length,
+                              const char **error_r);
         int (*context_import_params)(struct ssl_iostream_context *ctx,
                                      const buffer_t *input);
  
diff --git a/src/lib-ssl-iostream/iostream-ssl.c b/src/lib-ssl-iostream/iostream-ssl.c

index 6a2c0fc9ae9ba24df470c5dcfc70ed6696bdd4e1..03399f59ba463134c304f27637c7c3b058e29be9 100644 (file)
--- a/src/lib-ssl-iostream/iostream-ssl.c
+++ b/src/lib-ssl-iostream/iostream-ssl.c
@@ -82,13 +82,14 @@ void ssl_iostream_context_deinit(struct ssl_iostream_context **_ctx)
         ssl_vfuncs->context_deinit(ctx);
  }
  
-int ssl_iostream_generate_params(buffer_t *output, const char **error_r)
+int ssl_iostream_generate_params(buffer_t *output, unsigned int dh_length,
+                                const char **error_r)
  {
         if (!ssl_module_loaded) {
                 if (ssl_module_load(error_r) < 0)
                         return -1;
         }
-       return ssl_vfuncs->generate_params(output, error_r);
+       return ssl_vfuncs->generate_params(output, dh_length, error_r);
  }
  
  int ssl_iostream_context_import_params(struct ssl_iostream_context *ctx,
diff --git a/src/lib-ssl-iostream/iostream-ssl.h b/src/lib-ssl-iostream/iostream-ssl.h

index 36507068f92c662cad774f7998b6621d9f71a5b0..2ad941406cbccb8db6c1206e143359443e937ea6 100644 (file)
--- a/src/lib-ssl-iostream/iostream-ssl.h
+++ b/src/lib-ssl-iostream/iostream-ssl.h
@@ -64,7 +64,8 @@ const char *ssl_iostream_get_server_name(struct ssl_iostream *ssl_io);
  const char *ssl_iostream_get_security_string(struct ssl_iostream *ssl_io);
  const char *ssl_iostream_get_last_error(struct ssl_iostream *ssl_io);
  
-int ssl_iostream_generate_params(buffer_t *output, const char **error_r);
+int ssl_iostream_generate_params(buffer_t *output, unsigned int dh_length,
+                                const char **error_r);
  int ssl_iostream_context_import_params(struct ssl_iostream_context *ctx,
                                        const buffer_t *input);
author	Timo Sirainen <tss@iki.fi>
	Sat, 1 Nov 2014 00:04:58 +0000 (17:04 -0700)
committer	Timo Sirainen <tss@iki.fi>
	Sat, 1 Nov 2014 00:04:58 +0000 (17:04 -0700)
src/lib-ssl-iostream/iostream-openssl-params.c		patch \| blob \| blame \| history
src/lib-ssl-iostream/iostream-openssl.h		patch \| blob \| blame \| history
src/lib-ssl-iostream/iostream-ssl-private.h		patch \| blob \| blame \| history
src/lib-ssl-iostream/iostream-ssl.c		patch \| blob \| blame \| history
src/lib-ssl-iostream/iostream-ssl.h		patch \| blob \| blame \| history