Added RSA key generator.
This commit is contained in:
Markus Makela
parent
bb427128a9
commit
2cf92a1894
@ -69,6 +69,9 @@ extern int lm_enabled_logfiles_bitmask;
|
||||
extern size_t log_ses_count[];
|
||||
extern __thread log_info_t tls_log_info;
|
||||
|
||||
static RSA *rsa_512 = NULL;
|
||||
static RSA *rsa_1024 = NULL;
|
||||
|
||||
/** To be used with configuration type checks */
|
||||
typedef struct typelib_st {
|
||||
int tl_nelems;
|
||||
@ -418,6 +421,17 @@ serviceStart(SERVICE *service)
|
||||
SERV_PROTOCOL *port;
|
||||
int listeners = 0;
|
||||
|
||||
if(service->ssl_mode != SSL_DISABLED)
|
||||
{
|
||||
if(serviceInitSSL(service) != 0)
|
||||
{
|
||||
LOGIF(LE, (skygw_log_write_flush(LOGFILE_ERROR,
|
||||
"%s: SSL initialization failed. Service not started.",
|
||||
service->name)));
|
||||
service->state = SERVICE_STATE_FAILED;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
if ((service->router_instance = service->router->createInstance(service,
|
||||
service->routerOptions)) == NULL)
|
||||
{
|
||||
@ -1839,9 +1853,44 @@ int *data;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* @param s
|
||||
* @param is_export
|
||||
* @param keylength
|
||||
* @return
|
||||
*/
|
||||
RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength)
|
||||
{
|
||||
RSA *rsa_tmp=NULL;
|
||||
|
||||
switch (keylength) {
|
||||
case 512:
|
||||
if (rsa_512)
|
||||
rsa_tmp = rsa_512;
|
||||
else { /* generate on the fly, should not happen in this example */
|
||||
rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL);
|
||||
rsa_512 = rsa_tmp; /* Remember for later reuse */
|
||||
}
|
||||
break;
|
||||
case 1024:
|
||||
if (rsa_1024)
|
||||
rsa_tmp=rsa_1024;
|
||||
break;
|
||||
default:
|
||||
/* Generating a key on the fly is very costly, so use what is there */
|
||||
if (rsa_1024)
|
||||
rsa_tmp=rsa_1024;
|
||||
else
|
||||
rsa_tmp=rsa_512; /* Use at least a shorter key */
|
||||
}
|
||||
return(rsa_tmp);
|
||||
}
|
||||
|
||||
int serviceInitSSL(SERVICE* service)
|
||||
{
|
||||
DH* dh;
|
||||
RSA* rsa;
|
||||
|
||||
if(!service->ssl_init_done)
|
||||
{
|
||||
@ -1878,12 +1927,21 @@ int serviceInitSSL(SERVICE* service)
|
||||
|
||||
service->ctx = SSL_CTX_new(service->method);
|
||||
|
||||
/** Enable the Diffie-Hellman algorithms */
|
||||
if((dh = ssl_get_dh2236()) != NULL)
|
||||
if(rsa_512 == NULL)
|
||||
{
|
||||
SSL_CTX_set_tmp_dh(service->ctx,dh);
|
||||
DH_free(dh);
|
||||
rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL);
|
||||
if (rsa_512 == NULL)
|
||||
skygw_log_write(LE,"Error: 512-bit RSA key generation failed.");
|
||||
}
|
||||
if(rsa_1024 == NULL)
|
||||
{
|
||||
rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL);
|
||||
if (rsa_1024 == NULL)
|
||||
skygw_log_write(LE,"Error: 1024-bit RSA key generation failed.");
|
||||
}
|
||||
|
||||
if(rsa_512 != NULL && rsa_1024 != NULL)
|
||||
SSL_CTX_set_tmp_rsa_callback(service->ctx,tmp_rsa_callback);
|
||||
|
||||
if (SSL_CTX_use_certificate_file(service->ctx, service->ssl_cert, SSL_FILETYPE_PEM) <= 0) {
|
||||
skygw_log_write(LE,"Error: Failed to set server SSL certificate.");
|
||||
@ -1919,6 +1977,10 @@ int serviceInitSSL(SERVICE* service)
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Generated by OpenSSL.
|
||||
* @return
|
||||
*/
|
||||
DH *ssl_get_dh2236()
|
||||
{
|
||||
static unsigned char dh2236_p[]={
|
||||
@ -1958,4 +2020,4 @@ DH *ssl_get_dh2236()
|
||||
if ((dh->p == NULL) || (dh->g == NULL))
|
||||
{ DH_free(dh); return(NULL); }
|
||||
return(dh);
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user