psyc-mirrors
/
psyclpc
mirror of git://git.psyced.org/git/psyclpc
1
0
Fork 0
Code Issues Releases Wiki Activity

upgrade DH params generation to 2048 bits

This commit is contained in:
psyc://loupsycedyglgamf.onion/~lynX 2016-08-10 15:44:57 +00:00
parent fdb1747099
commit a3f7701017
4 changed files with 38 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CREDITS
View File

@ -279,3 +279,13 @@ Lars Duening thanks:
Wolf Dieter Dallinger (Pulami@Unitopia, wolf.dieter@dallinger.de) Wolf Dieter Dallinger (Pulami@Unitopia, wolf.dieter@dallinger.de)
Zonk@FinalFrontier (zonk@finalfrontier.mud.de, rueschi@berit-broese.de) Zonk@FinalFrontier (zonk@finalfrontier.mud.de, rueschi@berit-broese.de)
The Wizards of Evermore The Wizards of Evermore
-----------------------------------------------------------------------------
lynX thanks:
Philipp 'fippo' Hancke for most of TLS, expat, JSON, SRV, strftime...
zippo's 64 bit patches
nedko for autoconf
ng0 for reproducibility hint & inclusion in guix

3
src/autoconf/configure.ac
View File

@ -1471,8 +1471,9 @@ echo "--- libidn"
AC_CHECK_HEADER(idna.h, lp_cv_has_idn=yes,lp_cv_has_idn=no) AC_CHECK_HEADER(idna.h, lp_cv_has_idn=yes,lp_cv_has_idn=no)
AC_CHECK_HEADER(stringprep.h, lp_cv_has_idn=yes,lp_cv_has_idn=no) AC_CHECK_HEADER(stringprep.h, lp_cv_has_idn=yes,lp_cv_has_idn=no)
# used to check for stringprep_check_version() but we require newer calls # used to check for stringprep_check_version() but we require newer calls
# on BSD it also needs -lintl
AC_CHECK_LIB(idn, idna_strerror, AC_CHECK_LIB(idn, idna_strerror,
[lp_cv_has_idn=yes LIBS="${LIBS} -lidn"],lp_cv_has_idn=no) [lp_cv_has_idn=yes LIBS="${LIBS} -lidn -lintl"],lp_cv_has_idn=no)
if test "x$lp_cv_has_idn" = "xyes"; then if test "x$lp_cv_has_idn" = "xyes"; then
AC_DEFINE(HAS_IDN, 1, [Does the machine offer IDNA?]) AC_DEFINE(HAS_IDN, 1, [Does the machine offer IDNA?])
fi fi

45
src/pkg-tls.c
View File

@ -57,7 +57,7 @@
/*-------------------------------------------------------------------------*/ /*-------------------------------------------------------------------------*/
#define DH_BITS 1024 #define DH_BITS 2048
/*-------------------------------------------------------------------------*/ /*-------------------------------------------------------------------------*/
/* Variables */ /* Variables */
@ -81,7 +81,7 @@ static Bool tls_available = MY_FALSE;
static SSL_CTX * context = NULL; static SSL_CTX * context = NULL;
/* The SSL program context. */ /* The SSL program context. */
static DH *dhe1024 = NULL; static DH *dhparams = NULL;
/* The Diffie-Hellmann parameters. */ /* The Diffie-Hellmann parameters. */
#elif defined(HAS_GNUTLS) #elif defined(HAS_GNUTLS)
@ -98,33 +98,38 @@ static gnutls_dh_params dh_params;
/*-------------------------------------------------------------------------*/ /*-------------------------------------------------------------------------*/
static Bool static Bool
set_dhe1024 (void) set_dhparams (void)
/* Set the Diffie-Hellmann parameters. /* Set the Diffie-Hellmann parameters.
* Return MY_TRUE on success, and MY_FALSE on error. * Return MY_TRUE on success, and MY_FALSE on error.
*/ */
{ {
DSA *dsaparams; DH *p;
DH *dhparams;
if (dhe1024 != NULL) if (dhparams != NULL)
return MY_TRUE; return MY_TRUE;
dsaparams = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL); debug_message("%s Generating DH parameters with %d bits. Please wait.\n", time_stamp(), DH_BITS);
#if 0
DSA *dsaparams;
dsaparams = DSA_generate_parameters(DH_BITS, NULL, 0, NULL, NULL, 0, NULL);
if (dsaparams == NULL) if (dsaparams == NULL)
return MY_FALSE; return MY_FALSE;
dhparams = DSA_dup_DH(dsaparams); p = DSA_dup_DH(dsaparams);
DSA_free(dsaparams); DSA_free(dsaparams);
if (dhparams == NULL) #else
p = DH_generate_parameters(DH_BITS, 3, NULL, NULL);
#endif
debug_message("%s Generation %s.\n", time_stamp(), p? "completed": "failed");
if (p == NULL)
return MY_FALSE; return MY_FALSE;
dhe1024 = dhparams; dhparams = p;
return MY_TRUE; return MY_TRUE;
} /* set_dhe1024() */ } /* set_dhparams() */
/*-------------------------------------------------------------------------*/ /*-------------------------------------------------------------------------*/
static int static int
@ -506,8 +511,8 @@ tls_global_init (void)
goto ssl_init_err; goto ssl_init_err;
} }
if (!set_dhe1024() if (!set_dhparams()
|| !SSL_CTX_set_tmp_dh(context, dhe1024) || !SSL_CTX_set_tmp_dh(context, dhparams)
) )
{ {
#ifdef VERBOSE #ifdef VERBOSE
@ -564,10 +569,10 @@ ssl_init_err:
, time_stamp(), errstring); , time_stamp(), errstring);
} }
if (dhe1024 != NULL) if (dhparams != NULL)
{ {
DH_free(dhe1024); DH_free(dhparams);
dhe1024 = NULL; dhparams = NULL;
} }
if (context != NULL) if (context != NULL)
@ -642,10 +647,10 @@ tls_global_deinit (void)
{ {
#ifdef HAS_OPENSSL #ifdef HAS_OPENSSL
if (dhe1024 != NULL) if (dhparams != NULL)
{ {
DH_free(dhe1024); DH_free(dhparams);
dhe1024 = NULL; dhparams = NULL;
} }
if (context != NULL) if (context != NULL)
{ {

2
src/version.sh
View File

@ -17,7 +17,7 @@ version_longtype="stable"
# A timestamp, to be used by bumpversion and other scripts. # A timestamp, to be used by bumpversion and other scripts.
# It can be used, for example, to 'touch' this file on every build, thus # It can be used, for example, to 'touch' this file on every build, thus
# forcing revision control systems to add it on every checkin automatically. # forcing revision control systems to add it on every checkin automatically.
version_stamp="Thu Sep 29 11:49:32 CEST 2016" version_stamp="Wed Mar 1 16:59:51 CET 2017"
# Okay, LDMUD is using 3.x.x so to avoid conflicts let's just use 4.x.x # Okay, LDMUD is using 3.x.x so to avoid conflicts let's just use 4.x.x
version_major=4 version_major=4