X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=webcit%2Fcrypto.c;h=fb5f7a7140ca811be46f2a203d0bdc3b0a95aec9;hb=4a15af614c3957ed5f7092c27cd0cb954c725eac;hp=427b4d93e7268dadb52c5f97e25b746e30a4f809;hpb=826a38d67f663f93844309e91778f036903dcce4;p=citadel.git

diff --git a/webcit/crypto.c b/webcit/crypto.c
index 427b4d93e..fb5f7a714 100644
--- a/webcit/crypto.c
+++ b/webcit/crypto.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996-2012 by the citadel.org team
+ * Copyright (c) 1996-2017 by the citadel.org team
  *
  * This program is open source software.  You can redistribute it and/or
  * modify it under the terms of the GNU General Public License, version 3.
@@ -49,6 +49,60 @@ void shutdown_ssl(void)
 	 */
 }
 
+
+void generate_key(char *keyfilename)
+{
+	int ret = 0;
+	RSA *rsa = NULL;
+	BIGNUM *bne = NULL;
+	int bits = 2048;
+	unsigned long e = RSA_F4;
+	FILE *fp;
+
+	if (access(keyfilename, R_OK) == 0) {
+		return;
+	}
+
+	syslog(LOG_INFO, "crypto: generating RSA key pair");
+ 
+	// generate rsa key
+	bne = BN_new();
+	ret = BN_set_word(bne,e);
+	if (ret != 1) {
+		goto free_all;
+	}
+ 
+	rsa = RSA_new();
+	ret = RSA_generate_key_ex(rsa, bits, bne, NULL);
+	if (ret != 1) {
+		goto free_all;
+	}
+
+	// write the key file
+	fp = fopen(keyfilename, "w");
+	if (fp != NULL) {
+		chmod(file_crpt_file_key, 0600);
+		if (PEM_write_RSAPrivateKey(fp,	/* the file */
+					rsa,	/* the key */
+					NULL,	/* no enc */
+					NULL,	/* no passphr */
+					0,	/* no passphr */
+					NULL,	/* no callbk */
+					NULL	/* no callbk */
+		) != 1) {
+			syslog(LOG_ERR, "crypto: cannot write key: %s", ERR_reason_error_string(ERR_get_error()));
+			unlink(keyfilename);
+		}
+		fclose(fp);
+	}
+
+    // 4. free
+free_all:
+    RSA_free(rsa);
+    BN_free(bne);
+}
+
+
 /*
  * initialize ssl engine, load certs and initialize openssl internals
  */
@@ -65,9 +119,11 @@ void init_ssl(void)
 	char buf[SIZ];
 	int rv = 0;
 
+#ifndef OPENSSL_NO_EGD
 	if (!access("/var/run/egd-pool", F_OK)) {
 		RAND_egd("/var/run/egd-pool");
 	}
+#endif
 
 	if (!RAND_status()) {
 		syslog(LOG_WARNING, "PRNG not adequately seeded, won't do SSL/TLS\n");
@@ -144,42 +200,7 @@ void init_ssl(void)
 	/*
 	 * If we still don't have a private key, generate one.
 	 */
-	if (access(CTDL_KEY_PATH, R_OK) != 0) {
-		syslog(LOG_INFO, "Generating RSA key pair.\n");
-		rsa = RSA_generate_key(1024,	/* modulus size */
-					65537,	/* exponent */
-					NULL,	/* no callback */
-					NULL	/* no callback */
-		);
-		if (rsa == NULL) {
-			syslog(LOG_WARNING, "Key generation failed: %s\n", ERR_reason_error_string(ERR_get_error()));
-		}
-		if (rsa != NULL) {
-			fp = fopen(CTDL_KEY_PATH, "w");
-			if (fp != NULL) {
-				chmod(CTDL_KEY_PATH, 0600);
-				if (PEM_write_RSAPrivateKey(fp,	/* the file */
-							rsa,	/* the key */
-							NULL,	/* no enc */
-							NULL,	/* no passphr */
-							0,	/* no passphr */
-							NULL,	/* no callbk */
-							NULL	/* no callbk */
-				) != 1) {
-					syslog(LOG_WARNING, "Cannot write key: %s\n",
-						ERR_reason_error_string(ERR_get_error()));
-					unlink(CTDL_KEY_PATH);
-				}
-				fclose(fp);
-			}
-			else {
-				syslog(LOG_WARNING, "Cannot write key: %s\n", CTDL_KEY_PATH);
-				ShutDownWebcit();
-				exit(0);
-			}
-			RSA_free(rsa);
-		}
-	}
+	generate_key(CTDL_KEY_PATH);
 
 	/*
 	 * If there is no certificate file on disk, we will be generating a self-signed certificate
@@ -333,8 +354,8 @@ void init_ssl(void)
 				if (cer = X509_new(), cer != NULL) {
 
 					ASN1_INTEGER_set(X509_get_serialNumber(cer), 0);
-					X509_set_issuer_name(cer, req->req_info->subject);
-					X509_set_subject_name(cer, req->req_info->subject);
+					X509_set_issuer_name(cer, X509_REQ_get_subject_name(req));
+					X509_set_subject_name(cer, X509_REQ_get_subject_name(req));
 					X509_gmtime_adj(X509_get_notBefore(cer), 0);
 					X509_gmtime_adj(X509_get_notAfter(cer),(long)60*60*24*SIGN_DAYS);
 
@@ -376,10 +397,8 @@ void init_ssl(void)
 	SSL_CTX_use_certificate_chain_file(ssl_ctx, CTDL_CER_PATH);
 	SSL_CTX_use_PrivateKey_file(ssl_ctx, CTDL_KEY_PATH, SSL_FILETYPE_PEM);
 	if ( !SSL_CTX_check_private_key(ssl_ctx) ) {
-		syslog(LOG_WARNING, "Cannot install certificate: %s\n",
-				ERR_reason_error_string(ERR_get_error()));
+		syslog(LOG_WARNING, "crypto: cannot install certificate: %s\n", ERR_reason_error_string(ERR_get_error()));
 	}
-	
 }
 
 
@@ -444,7 +463,7 @@ int starttls(int sock) {
 	else {
 		syslog(LOG_INFO, "SSL_accept success\n");
 	}
-	/*r = */BIO_set_close(newssl->rbio, BIO_NOCLOSE);
+	/*r = */BIO_set_close(SSL_get_rbio(newssl), BIO_NOCLOSE);
 	bits = SSL_CIPHER_get_bits(SSL_get_current_cipher(newssl), &alg_bits);
 	syslog(LOG_INFO, "SSL/TLS using %s on %s (%d of %d bits)\n",
 		SSL_CIPHER_get_name(SSL_get_current_cipher(newssl)),