mirror of
git://git.psyced.org/git/psyclpc
synced 2024-08-15 03:20:16 +00:00
upgrade DH params generation to 2048 bits
This commit is contained in:
parent
fdb1747099
commit
a3f7701017
4 changed files with 38 additions and 22 deletions
10
CREDITS
10
CREDITS
|
@ -279,3 +279,13 @@ Lars Duening thanks:
|
|||
Wolf Dieter Dallinger (Pulami@Unitopia, wolf.dieter@dallinger.de)
|
||||
Zonk@FinalFrontier (zonk@finalfrontier.mud.de, rueschi@berit-broese.de)
|
||||
The Wizards of Evermore
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
lynX thanks:
|
||||
|
||||
Philipp 'fippo' Hancke for most of TLS, expat, JSON, SRV, strftime...
|
||||
zippo's 64 bit patches
|
||||
nedko for autoconf
|
||||
ng0 for reproducibility hint & inclusion in guix
|
||||
|
||||
|
|
|
@ -1471,8 +1471,9 @@ echo "--- libidn"
|
|||
AC_CHECK_HEADER(idna.h, lp_cv_has_idn=yes,lp_cv_has_idn=no)
|
||||
AC_CHECK_HEADER(stringprep.h, lp_cv_has_idn=yes,lp_cv_has_idn=no)
|
||||
# used to check for stringprep_check_version() but we require newer calls
|
||||
# on BSD it also needs -lintl
|
||||
AC_CHECK_LIB(idn, idna_strerror,
|
||||
[lp_cv_has_idn=yes LIBS="${LIBS} -lidn"],lp_cv_has_idn=no)
|
||||
[lp_cv_has_idn=yes LIBS="${LIBS} -lidn -lintl"],lp_cv_has_idn=no)
|
||||
if test "x$lp_cv_has_idn" = "xyes"; then
|
||||
AC_DEFINE(HAS_IDN, 1, [Does the machine offer IDNA?])
|
||||
fi
|
||||
|
|
|
@ -57,7 +57,7 @@
|
|||
|
||||
/*-------------------------------------------------------------------------*/
|
||||
|
||||
#define DH_BITS 1024
|
||||
#define DH_BITS 2048
|
||||
|
||||
/*-------------------------------------------------------------------------*/
|
||||
/* Variables */
|
||||
|
@ -81,7 +81,7 @@ static Bool tls_available = MY_FALSE;
|
|||
static SSL_CTX * context = NULL;
|
||||
/* The SSL program context. */
|
||||
|
||||
static DH *dhe1024 = NULL;
|
||||
static DH *dhparams = NULL;
|
||||
/* The Diffie-Hellmann parameters. */
|
||||
|
||||
#elif defined(HAS_GNUTLS)
|
||||
|
@ -98,33 +98,38 @@ static gnutls_dh_params dh_params;
|
|||
|
||||
/*-------------------------------------------------------------------------*/
|
||||
static Bool
|
||||
set_dhe1024 (void)
|
||||
set_dhparams (void)
|
||||
|
||||
/* Set the Diffie-Hellmann parameters.
|
||||
* Return MY_TRUE on success, and MY_FALSE on error.
|
||||
*/
|
||||
|
||||
{
|
||||
DSA *dsaparams;
|
||||
DH *dhparams;
|
||||
DH *p;
|
||||
|
||||
if (dhe1024 != NULL)
|
||||
if (dhparams != NULL)
|
||||
return MY_TRUE;
|
||||
|
||||
dsaparams = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
|
||||
debug_message("%s Generating DH parameters with %d bits. Please wait.\n", time_stamp(), DH_BITS);
|
||||
#if 0
|
||||
DSA *dsaparams;
|
||||
dsaparams = DSA_generate_parameters(DH_BITS, NULL, 0, NULL, NULL, 0, NULL);
|
||||
|
||||
if (dsaparams == NULL)
|
||||
return MY_FALSE;
|
||||
|
||||
dhparams = DSA_dup_DH(dsaparams);
|
||||
p = DSA_dup_DH(dsaparams);
|
||||
DSA_free(dsaparams);
|
||||
if (dhparams == NULL)
|
||||
#else
|
||||
p = DH_generate_parameters(DH_BITS, 3, NULL, NULL);
|
||||
#endif
|
||||
debug_message("%s Generation %s.\n", time_stamp(), p? "completed": "failed");
|
||||
if (p == NULL)
|
||||
return MY_FALSE;
|
||||
|
||||
dhe1024 = dhparams;
|
||||
|
||||
dhparams = p;
|
||||
return MY_TRUE;
|
||||
} /* set_dhe1024() */
|
||||
} /* set_dhparams() */
|
||||
|
||||
/*-------------------------------------------------------------------------*/
|
||||
static int
|
||||
|
@ -506,8 +511,8 @@ tls_global_init (void)
|
|||
goto ssl_init_err;
|
||||
}
|
||||
|
||||
if (!set_dhe1024()
|
||||
|| !SSL_CTX_set_tmp_dh(context, dhe1024)
|
||||
if (!set_dhparams()
|
||||
|| !SSL_CTX_set_tmp_dh(context, dhparams)
|
||||
)
|
||||
{
|
||||
#ifdef VERBOSE
|
||||
|
@ -564,10 +569,10 @@ ssl_init_err:
|
|||
, time_stamp(), errstring);
|
||||
}
|
||||
|
||||
if (dhe1024 != NULL)
|
||||
if (dhparams != NULL)
|
||||
{
|
||||
DH_free(dhe1024);
|
||||
dhe1024 = NULL;
|
||||
DH_free(dhparams);
|
||||
dhparams = NULL;
|
||||
}
|
||||
|
||||
if (context != NULL)
|
||||
|
@ -642,10 +647,10 @@ tls_global_deinit (void)
|
|||
{
|
||||
#ifdef HAS_OPENSSL
|
||||
|
||||
if (dhe1024 != NULL)
|
||||
if (dhparams != NULL)
|
||||
{
|
||||
DH_free(dhe1024);
|
||||
dhe1024 = NULL;
|
||||
DH_free(dhparams);
|
||||
dhparams = NULL;
|
||||
}
|
||||
if (context != NULL)
|
||||
{
|
||||
|
|
|
@ -17,7 +17,7 @@ version_longtype="stable"
|
|||
# A timestamp, to be used by bumpversion and other scripts.
|
||||
# It can be used, for example, to 'touch' this file on every build, thus
|
||||
# forcing revision control systems to add it on every checkin automatically.
|
||||
version_stamp="Thu Sep 29 11:49:32 CEST 2016"
|
||||
version_stamp="Wed Mar 1 16:59:51 CET 2017"
|
||||
|
||||
# Okay, LDMUD is using 3.x.x so to avoid conflicts let's just use 4.x.x
|
||||
version_major=4
|
||||
|
|
Loading…
Reference in a new issue