[dovecot-cvs] dovecot/src/master auth-process.c,1.44,1.45
login-process.c,1.44,1.45 ssl-init-openssl.c,1.2,1.3
cras at procontrol.fi
cras at procontrol.fi
Fri May 23 18:40:53 EEST 2003
Update of /home/cvs/dovecot/src/master
In directory danu:/tmp/cvs-serv28910/master
Modified Files:
auth-process.c login-process.c ssl-init-openssl.c
Log Message:
Removed I/O priorities. They were pretty much useless and were just getting
in way.
Index: auth-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/auth-process.c,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -d -r1.44 -r1.45
--- auth-process.c 8 May 2003 04:28:30 -0000 1.44
+++ auth-process.c 23 May 2003 14:40:50 -0000 1.45
@@ -207,7 +207,7 @@
MAX_INBUF_SIZE, FALSE);
p->output = o_stream_create_file(fd, default_pool,
sizeof(struct auth_master_request)*100,
- IO_PRIORITY_DEFAULT, FALSE);
+ FALSE);
p->requests = hash_create(default_pool, default_pool, 0, NULL, NULL);
p->next = group->processes;
Index: login-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/login-process.c,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -d -r1.44 -r1.45
--- login-process.c 14 May 2003 18:32:42 -0000 1.44
+++ login-process.c 23 May 2003 14:40:50 -0000 1.45
@@ -312,7 +312,7 @@
p->io = io_add(fd, IO_READ, login_process_input, p);
p->output = o_stream_create_file(fd, default_pool,
sizeof(struct master_login_reply)*10,
- IO_PRIORITY_DEFAULT, FALSE);
+ FALSE);
PID_ADD_PROCESS_TYPE(pid, PROCESS_TYPE_LOGIN);
hash_insert(processes, POINTER_CAST(pid), p);
Index: ssl-init-openssl.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/ssl-init-openssl.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- ssl-init-openssl.c 26 Nov 2002 18:06:10 -0000 1.2
+++ ssl-init-openssl.c 23 May 2003 14:40:50 -0000 1.3
@@ -3,11 +3,156 @@
#include "common.h"
#include "ssl-init.h"
+#if 0
#ifdef HAVE_OPENSSL
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+static int rsa_bits[] = { 512, 1024, 0 };
+static int dh_bits[] = { 768, 1024, 0 };
+
+static const char *ssl_last_error(void)
+{
+ unsigned long err;
+ char *buf;
+ size_t err_size = 256;
+
+ err = ERR_get_error();
+ if (err == 0)
+ return strerror(errno);
+
+ buf = t_malloc(err_size);
+ buf[err_size-1] = '\0';
+ ERR_error_string_n(err, buf, err_size-1);
+ return buf;
+}
+
+static void write_datum(int fd, const char *fname, gnutls_datum *dbits)
+{
+ if (write_full(fd, &dbits->size, sizeof(dbits->size)) < 0)
+ i_fatal("write_full() failed for file %s: %m", fname);
+
+ if (write_full(fd, dbits->data, dbits->size) < 0)
+ i_fatal("write_full() failed for file %s: %m", fname);
+}
+
+static void generate_dh_parameters(int fd, const char *fname)
+{
+ gnutls_datum dbits, prime, generator;
+ int ret, bits, i;
+
+ dbits.size = sizeof(bits);
+ dbits.data = (unsigned char *) &bits;
+
+ for (i = 0; dh_bits[i] != 0; i++) {
+ bits = dh_bits[i];
+
+ ret = gnutls_dh_params_generate(&prime, &generator, bits);
+ if (ret < 0) {
+ i_fatal("gnutls_dh_params_generate(%d) failed: %s",
+ bits, gnutls_strerror(ret));
+ }
+
+ write_datum(fd, fname, &dbits);
+ write_datum(fd, fname, &prime);
+ write_datum(fd, fname, &generator);
+
+ free(prime.data);
+ free(generator.data);
+ }
+
+ bits = 0;
+ write_datum(fd, fname, &dbits);
+}
+
+static void generate_rsa_parameters(int fd, const char *fname)
+{
+ RSA *rsa;
+ int ret;
+
+ for (i = 0; rsa_bits[i] != 0; i++) {
+ rsa = RSA_generate_key(rsa_bits[i], RSA_F4, NULL, NULL);
+ if (rsa == NULL) {
+ i_fatal("RSA_generate_keys(%d bits) failed: %s",
+ rsa_bits[i], ssl_last_error());
+ }
+
+
+
+ RSA_free(rsa);
+ }
+
+ ret = gnutls_rsa_params_generate(&m, &e, &d, &p, &q, &u, 512);
+ if (ret < 0) {
+ i_fatal("gnutls_rsa_params_generate() faile: %s",
+ strerror(ret));
+ }
+
+ write_datum(fd, fname, &m);
+ write_datum(fd, fname, &e);
+ write_datum(fd, fname, &d);
+ write_datum(fd, fname, &p);
+ write_datum(fd, fname, &q);
+ write_datum(fd, fname, &u);
+}
+
+void _ssl_generate_parameters(int fd, const char *fname)
+{
+ SSL_CTX *ssl_ctx;
+
+ SSL_library_init();
+ SSL_load_error_strings();
+
+ if ((ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL)
+ i_fatal("SSL_CTX_new() failed");
+
+ generate_dh_parameters(fd, fname);
+ generate_rsa_parameters(fd, fname);
+
+ SSL_CTX_free(ssl_ctx);
+}
+
+struct ssl_key_cache {
+ RSA *key;
+ int keylength;
+};
+
+static RSA *ssl_gen_rsa_key(SSL *ssl __attr_unused__,
+ int is_export __attr_unused__, int keylength)
+{
+ static buffer_t *key_cache = NULL;
+ const struct ssl_key_cache *cache;
+ struct ssl_key_cache tmp_cache;
+ size_t i, size;
+
+ if (key_cache == NULL)
+ key_cache = buffer_create_dynamic(system_pool, 64, (size_t)-1);
+
+ cache = buffer_get_data(key_cache, &size);
+ size /= sizeof(struct ssl_key_cache);
+
+ for (i = 0; i < size; i++) {
+ if (cache[i].keylength == keylength)
+ return cache[i].key;
+ }
+
+ tmp_cache.key = RSA_generate_key(keylength, RSA_F4, NULL, NULL);
+ if (tmp_cache.key == NULL) {
+ i_error("Can't create temporary RSA key with length %d: %s",
+ keylength, ssl_last_error());
+ return NULL;
+ }
+ tmp_cache.keylength = keylength;
+ buffer_append(key_cache, &tmp_cache, sizeof(tmp_cache));
+
+ return tmp_cache.key;
+}
+
+#endif
+#else
void _ssl_generate_parameters(int fd __attr_unused__,
const char *fname __attr_unused__)
{
}
-
#endif
More information about the dovecot-cvs
mailing list