Quellcode durchsuchen

* Add DH 512/1024/2048 keys

Bryan Drewery vor 15 Jahren
Ursprung
Commit
8cbbe4bcce
4 geänderte Dateien mit 137 neuen und 1 gelöschten Zeilen
  1. 108 0
      src/dhparam.c
  2. 1 0
      src/libssl.c
  3. 3 0
      src/libssl.h
  4. 25 1
      src/openssl.c

+ 108 - 0
src/dhparam.c

@@ -0,0 +1,108 @@
+DH *get_dh2048() {
+  static unsigned char dh2048_p[]={
+    0xF1,0x9D,0x80,0xC5,0xC2,0x7F,0xE8,0xA5,0x37,0xDA,0x28,0x46,
+    0x6C,0x95,0x0A,0xC5,0x6C,0xE3,0x7E,0x1D,0x1F,0x4A,0x2E,0xD7,
+    0x6B,0xC1,0x80,0x4E,0xC9,0xC0,0x3F,0xB3,0x57,0x73,0x72,0xF2,
+    0xDA,0x30,0x15,0xB1,0xD3,0xD6,0x25,0x90,0xAF,0x8B,0x3F,0x81,
+    0x46,0x75,0xB1,0x1E,0x1B,0x85,0x5A,0x6C,0x13,0xA1,0x73,0x65,
+    0xFC,0x90,0xF3,0xBC,0xB9,0x9C,0xA0,0x62,0x74,0x7C,0x24,0x24,
+    0x27,0x80,0x12,0x3D,0x36,0xE9,0x62,0x78,0x31,0xE9,0x2F,0x96,
+    0xF4,0xD4,0xF2,0x04,0xEF,0x24,0x2C,0x60,0x04,0x41,0xF0,0x3E,
+    0xE9,0xF4,0xB4,0x5C,0x4F,0xFB,0xF3,0x64,0x91,0xB1,0x9F,0x5B,
+    0xBF,0xE5,0xBE,0x6F,0xD7,0x5B,0xED,0x34,0x94,0x51,0x58,0xDF,
+    0x00,0x5B,0x58,0xAE,0xBB,0x53,0x50,0xDE,0xFC,0x0A,0x91,0x6F,
+    0x3B,0xC7,0x7A,0x5E,0x7C,0xEE,0x5F,0x5E,0x3E,0x41,0x00,0x82,
+    0xD5,0x45,0x98,0xCC,0x01,0xFB,0x5C,0x64,0xBB,0xFB,0x06,0x55,
+    0xE5,0x19,0x6A,0x38,0x77,0x40,0x01,0xC6,0xCE,0xB5,0x52,0x82,
+    0xAA,0x7B,0x80,0xE6,0x37,0xB3,0x10,0x89,0x6E,0x42,0x63,0x33,
+    0xF8,0xCC,0xB6,0xC8,0xC6,0x9D,0xE2,0x98,0x3B,0xFC,0xFE,0xE4,
+    0xD2,0xB5,0xD3,0x19,0x6F,0xD7,0x62,0xBC,0xAA,0x16,0x92,0x14,
+    0xA0,0xD0,0xC1,0x7B,0xA9,0xE8,0x16,0xFC,0x6A,0x66,0x6F,0x29,
+    0xCA,0x18,0x28,0x4C,0x06,0xD8,0xAB,0x92,0x40,0xD5,0x83,0x9D,
+    0xEB,0x23,0x17,0x9E,0x06,0x20,0xF7,0xE8,0x8C,0xB9,0x0D,0xE7,
+    0x9D,0x40,0x50,0xA7,0xA1,0x74,0xD6,0xDF,0xF2,0x12,0x08,0xB3,
+    0x6B,0x4F,0x4A,0xAB,
+  };
+  static unsigned char dh2048_g[]={
+    0x02,
+  };
+  DH *dh;
+
+  if ((dh=DH_new()) == NULL) return(NULL);
+  dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+  dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+  if ((dh->p == NULL) || (dh->g == NULL))
+  { DH_free(dh); return(NULL); }
+  return(dh);
+}
+/*
+   -----BEGIN DH PARAMETERS-----
+   MIIBCAKCAQEA8Z2AxcJ/6KU32ihGbJUKxWzjfh0fSi7Xa8GATsnAP7NXc3Ly2jAV
+   sdPWJZCviz+BRnWxHhuFWmwToXNl/JDzvLmcoGJ0fCQkJ4ASPTbpYngx6S+W9NTy
+   BO8kLGAEQfA+6fS0XE/782SRsZ9bv+W+b9db7TSUUVjfAFtYrrtTUN78CpFvO8d6
+   XnzuX14+QQCC1UWYzAH7XGS7+wZV5RlqOHdAAcbOtVKCqnuA5jezEIluQmMz+My2
+   yMad4pg7/P7k0rXTGW/XYryqFpIUoNDBe6noFvxqZm8pyhgoTAbYq5JA1YOd6yMX
+   ngYg9+iMuQ3nnUBQp6F01t/yEgiza09KqwIBAg==
+   -----END DH PARAMETERS-----
+   */
+
+DH *get_dh1024() {
+  static unsigned char dh1024_p[]={
+    0xDA,0xF0,0x76,0xC8,0x15,0xC8,0xD2,0x62,0xED,0xBB,0x58,0x50,
+    0xB8,0x9A,0xF0,0x48,0xEF,0x09,0x6A,0x07,0xF5,0x42,0x34,0x92,
+    0xBA,0xC2,0x5E,0xA9,0x2D,0xC9,0xED,0xE7,0xF8,0x93,0x67,0x46,
+    0x47,0x42,0xD8,0xEB,0xA4,0x72,0xB4,0x51,0xF1,0xF2,0xCD,0xDC,
+    0x55,0x7D,0xD9,0x69,0x2B,0x91,0x57,0xA5,0xC3,0xDB,0x35,0x0C,
+    0xBE,0xAD,0x11,0xF2,0x26,0xB9,0x97,0x8E,0x71,0x80,0xEF,0x03,
+    0x01,0xEC,0x1B,0xE4,0xB3,0x6C,0xEB,0x52,0xF4,0x0E,0x15,0x50,
+    0xB5,0x5C,0x67,0xB8,0x57,0xAE,0xB9,0xC2,0xA9,0xD1,0x40,0x92,
+    0x9E,0xFC,0xAE,0x8E,0xCA,0xC6,0xA3,0xD5,0x02,0x41,0x80,0xD0,
+    0x06,0x16,0xB7,0xB4,0xD1,0xC5,0x10,0xA9,0x18,0xE6,0x13,0xD9,
+    0x07,0x40,0x15,0xBC,0xFF,0x15,0xA3,0x5B,
+  };
+  static unsigned char dh1024_g[]={
+    0x02,
+  };
+  DH *dh;
+
+  if ((dh=DH_new()) == NULL) return(NULL);
+  dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
+  dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+  if ((dh->p == NULL) || (dh->g == NULL))
+  { DH_free(dh); return(NULL); }
+  return(dh);
+}
+/*
+   -----BEGIN DH PARAMETERS-----
+   MIGHAoGBANrwdsgVyNJi7btYULia8EjvCWoH9UI0krrCXqktye3n+JNnRkdC2Ouk
+   crRR8fLN3FV92WkrkVelw9s1DL6tEfImuZeOcYDvAwHsG+SzbOtS9A4VULVcZ7hX
+   rrnCqdFAkp78ro7KxqPVAkGA0AYWt7TRxRCpGOYT2QdAFbz/FaNbAgEC
+   -----END DH PARAMETERS-----
+   */
+DH *get_dh512() {
+  static unsigned char dh512_p[]={
+    0xC1,0x6E,0x10,0x0D,0x46,0x47,0xDA,0x08,0x42,0x54,0x02,0x23,
+    0x85,0xEE,0x07,0x3C,0x2E,0x7B,0xA9,0x3A,0xA8,0x88,0xDD,0x4E,
+    0x3F,0x71,0x8E,0xD3,0x52,0x3A,0xCA,0xC9,0xC3,0xF4,0xCD,0x65,
+    0x5E,0x05,0x25,0xA9,0xBA,0x10,0x8A,0x88,0x37,0xB3,0xCD,0x5D,
+    0x02,0x03,0x06,0x35,0x47,0x3C,0xD9,0x44,0x99,0xBB,0x9B,0x4C,
+    0x24,0xB2,0xC0,0x13,
+  };
+  static unsigned char dh512_g[]={
+    0x02,
+  };
+  DH *dh;
+
+  if ((dh=DH_new()) == NULL) return(NULL);
+  dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+  dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+  if ((dh->p == NULL) || (dh->g == NULL))
+  { DH_free(dh); return(NULL); }
+  return(dh);
+}
+/*
+   -----BEGIN DH PARAMETERS-----
+   MEYCQQDBbhANRkfaCEJUAiOF7gc8LnupOqiI3U4/cY7TUjrKycP0zWVeBSWpuhCK
+   iDezzV0CAwY1RzzZRJm7m0wkssATAgEC
+   -----END DH PARAMETERS-----
+   */

+ 1 - 0
src/libssl.c

@@ -55,6 +55,7 @@ static int load_symbols(void *handle) {
   DLSYM_GLOBAL(handle, SSLv23_client_method);
   DLSYM_GLOBAL(handle, SSL_write);
   DLSYM_GLOBAL(handle, SSL_CTX_ctrl);
+  DLSYM_GLOBAL(handle, SSL_CTX_set_tmp_dh_callback);
 
   return 0;
 }

+ 3 - 0
src/libssl.h

@@ -18,6 +18,8 @@
 # endif
 #endif
 
+typedef DH* (*dh_callback_t)(SSL*, int, int);
+
 #include ".defs/libssl_post.h"
 
 typedef int (*SSL_get_error_t)(const SSL*, int);
@@ -35,6 +37,7 @@ typedef int (*SSL_library_init_t)(void);
 typedef void (*SSL_CTX_free_t)(SSL_CTX*);
 typedef SSL_CTX* (*SSL_CTX_new_t)(const SSL_METHOD*);
 typedef long (*SSL_CTX_ctrl_t)(SSL_CTX*, int, long, void*);
+typedef void (*SSL_CTX_set_tmp_dh_callback_t)(SSL_CTX*, dh_callback_t);
 
 int load_libssl();
 int unload_libssl();

+ 25 - 1
src/openssl.c

@@ -42,6 +42,29 @@ int     ssl_use = 0; /* kyotou */
 
 static int seed_PRNG(void);
 
+#include "dhparam.c"
+
+static DH* tmp_dh_callback(SSL* ssl, int is_export, int keylength) {
+  DH *ret = NULL;
+
+  switch (keylength) {
+    case 2048:
+      ret = get_dh2048();
+      break;
+    case 1024:
+      ret = get_dh1024();
+      break;
+    case 512:
+      ret = get_dh512();
+      break;
+    default:
+      putlog(LOG_DEBUG, "*", "Missing DH key length: %d", keylength);
+      break;
+  }
+
+  return ret;
+}
+
 int init_openssl() {
   load_libcrypto();
   load_libssl();
@@ -57,8 +80,9 @@ int init_openssl() {
   }
 
   // Disable insecure SSLv2
-  SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
+  SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE);
   SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|SSL_MODE_ENABLE_PARTIAL_WRITE);
+  SSL_CTX_set_tmp_dh_callback(ssl_ctx, tmp_dh_callback);
 
   if (seed_PRNG()) {
     sdprintf("Wasn't able to properly seed the PRNG!");