mirror of
git://git.psyced.org/git/psyclpc
synced 2024-08-15 03:20:16 +00:00
upgrade DH params generation to 2048 bits
This commit is contained in:
parent
fdb1747099
commit
a3f7701017
4 changed files with 38 additions and 22 deletions
10
CREDITS
10
CREDITS
|
@ -279,3 +279,13 @@ Lars Duening thanks:
|
||||||
Wolf Dieter Dallinger (Pulami@Unitopia, wolf.dieter@dallinger.de)
|
Wolf Dieter Dallinger (Pulami@Unitopia, wolf.dieter@dallinger.de)
|
||||||
Zonk@FinalFrontier (zonk@finalfrontier.mud.de, rueschi@berit-broese.de)
|
Zonk@FinalFrontier (zonk@finalfrontier.mud.de, rueschi@berit-broese.de)
|
||||||
The Wizards of Evermore
|
The Wizards of Evermore
|
||||||
|
|
||||||
|
-----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
lynX thanks:
|
||||||
|
|
||||||
|
Philipp 'fippo' Hancke for most of TLS, expat, JSON, SRV, strftime...
|
||||||
|
zippo's 64 bit patches
|
||||||
|
nedko for autoconf
|
||||||
|
ng0 for reproducibility hint & inclusion in guix
|
||||||
|
|
||||||
|
|
|
@ -1471,8 +1471,9 @@ echo "--- libidn"
|
||||||
AC_CHECK_HEADER(idna.h, lp_cv_has_idn=yes,lp_cv_has_idn=no)
|
AC_CHECK_HEADER(idna.h, lp_cv_has_idn=yes,lp_cv_has_idn=no)
|
||||||
AC_CHECK_HEADER(stringprep.h, lp_cv_has_idn=yes,lp_cv_has_idn=no)
|
AC_CHECK_HEADER(stringprep.h, lp_cv_has_idn=yes,lp_cv_has_idn=no)
|
||||||
# used to check for stringprep_check_version() but we require newer calls
|
# used to check for stringprep_check_version() but we require newer calls
|
||||||
|
# on BSD it also needs -lintl
|
||||||
AC_CHECK_LIB(idn, idna_strerror,
|
AC_CHECK_LIB(idn, idna_strerror,
|
||||||
[lp_cv_has_idn=yes LIBS="${LIBS} -lidn"],lp_cv_has_idn=no)
|
[lp_cv_has_idn=yes LIBS="${LIBS} -lidn -lintl"],lp_cv_has_idn=no)
|
||||||
if test "x$lp_cv_has_idn" = "xyes"; then
|
if test "x$lp_cv_has_idn" = "xyes"; then
|
||||||
AC_DEFINE(HAS_IDN, 1, [Does the machine offer IDNA?])
|
AC_DEFINE(HAS_IDN, 1, [Does the machine offer IDNA?])
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -57,7 +57,7 @@
|
||||||
|
|
||||||
/*-------------------------------------------------------------------------*/
|
/*-------------------------------------------------------------------------*/
|
||||||
|
|
||||||
#define DH_BITS 1024
|
#define DH_BITS 2048
|
||||||
|
|
||||||
/*-------------------------------------------------------------------------*/
|
/*-------------------------------------------------------------------------*/
|
||||||
/* Variables */
|
/* Variables */
|
||||||
|
@ -81,7 +81,7 @@ static Bool tls_available = MY_FALSE;
|
||||||
static SSL_CTX * context = NULL;
|
static SSL_CTX * context = NULL;
|
||||||
/* The SSL program context. */
|
/* The SSL program context. */
|
||||||
|
|
||||||
static DH *dhe1024 = NULL;
|
static DH *dhparams = NULL;
|
||||||
/* The Diffie-Hellmann parameters. */
|
/* The Diffie-Hellmann parameters. */
|
||||||
|
|
||||||
#elif defined(HAS_GNUTLS)
|
#elif defined(HAS_GNUTLS)
|
||||||
|
@ -98,33 +98,38 @@ static gnutls_dh_params dh_params;
|
||||||
|
|
||||||
/*-------------------------------------------------------------------------*/
|
/*-------------------------------------------------------------------------*/
|
||||||
static Bool
|
static Bool
|
||||||
set_dhe1024 (void)
|
set_dhparams (void)
|
||||||
|
|
||||||
/* Set the Diffie-Hellmann parameters.
|
/* Set the Diffie-Hellmann parameters.
|
||||||
* Return MY_TRUE on success, and MY_FALSE on error.
|
* Return MY_TRUE on success, and MY_FALSE on error.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
{
|
{
|
||||||
DSA *dsaparams;
|
DH *p;
|
||||||
DH *dhparams;
|
|
||||||
|
|
||||||
if (dhe1024 != NULL)
|
if (dhparams != NULL)
|
||||||
return MY_TRUE;
|
return MY_TRUE;
|
||||||
|
|
||||||
dsaparams = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
|
debug_message("%s Generating DH parameters with %d bits. Please wait.\n", time_stamp(), DH_BITS);
|
||||||
|
#if 0
|
||||||
|
DSA *dsaparams;
|
||||||
|
dsaparams = DSA_generate_parameters(DH_BITS, NULL, 0, NULL, NULL, 0, NULL);
|
||||||
|
|
||||||
if (dsaparams == NULL)
|
if (dsaparams == NULL)
|
||||||
return MY_FALSE;
|
return MY_FALSE;
|
||||||
|
|
||||||
dhparams = DSA_dup_DH(dsaparams);
|
p = DSA_dup_DH(dsaparams);
|
||||||
DSA_free(dsaparams);
|
DSA_free(dsaparams);
|
||||||
if (dhparams == NULL)
|
#else
|
||||||
|
p = DH_generate_parameters(DH_BITS, 3, NULL, NULL);
|
||||||
|
#endif
|
||||||
|
debug_message("%s Generation %s.\n", time_stamp(), p? "completed": "failed");
|
||||||
|
if (p == NULL)
|
||||||
return MY_FALSE;
|
return MY_FALSE;
|
||||||
|
|
||||||
dhe1024 = dhparams;
|
dhparams = p;
|
||||||
|
|
||||||
return MY_TRUE;
|
return MY_TRUE;
|
||||||
} /* set_dhe1024() */
|
} /* set_dhparams() */
|
||||||
|
|
||||||
/*-------------------------------------------------------------------------*/
|
/*-------------------------------------------------------------------------*/
|
||||||
static int
|
static int
|
||||||
|
@ -506,8 +511,8 @@ tls_global_init (void)
|
||||||
goto ssl_init_err;
|
goto ssl_init_err;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!set_dhe1024()
|
if (!set_dhparams()
|
||||||
|| !SSL_CTX_set_tmp_dh(context, dhe1024)
|
|| !SSL_CTX_set_tmp_dh(context, dhparams)
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
#ifdef VERBOSE
|
#ifdef VERBOSE
|
||||||
|
@ -564,10 +569,10 @@ ssl_init_err:
|
||||||
, time_stamp(), errstring);
|
, time_stamp(), errstring);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (dhe1024 != NULL)
|
if (dhparams != NULL)
|
||||||
{
|
{
|
||||||
DH_free(dhe1024);
|
DH_free(dhparams);
|
||||||
dhe1024 = NULL;
|
dhparams = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (context != NULL)
|
if (context != NULL)
|
||||||
|
@ -642,10 +647,10 @@ tls_global_deinit (void)
|
||||||
{
|
{
|
||||||
#ifdef HAS_OPENSSL
|
#ifdef HAS_OPENSSL
|
||||||
|
|
||||||
if (dhe1024 != NULL)
|
if (dhparams != NULL)
|
||||||
{
|
{
|
||||||
DH_free(dhe1024);
|
DH_free(dhparams);
|
||||||
dhe1024 = NULL;
|
dhparams = NULL;
|
||||||
}
|
}
|
||||||
if (context != NULL)
|
if (context != NULL)
|
||||||
{
|
{
|
||||||
|
|
|
@ -17,7 +17,7 @@ version_longtype="stable"
|
||||||
# A timestamp, to be used by bumpversion and other scripts.
|
# A timestamp, to be used by bumpversion and other scripts.
|
||||||
# It can be used, for example, to 'touch' this file on every build, thus
|
# It can be used, for example, to 'touch' this file on every build, thus
|
||||||
# forcing revision control systems to add it on every checkin automatically.
|
# forcing revision control systems to add it on every checkin automatically.
|
||||||
version_stamp="Thu Sep 29 11:49:32 CEST 2016"
|
version_stamp="Wed Mar 1 16:59:51 CET 2017"
|
||||||
|
|
||||||
# Okay, LDMUD is using 3.x.x so to avoid conflicts let's just use 4.x.x
|
# Okay, LDMUD is using 3.x.x so to avoid conflicts let's just use 4.x.x
|
||||||
version_major=4
|
version_major=4
|
||||||
|
|
Loading…
Reference in a new issue