Overview
| Comment: | Updated to support a deterministic mode |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | tls-1-7 |
| Files: | files | file ages | folders |
| SHA1: |
bf7f82b5e82c3c4173fb9add2d6cdd9a |
| User & Date: | rkeene on 2016-12-01 21:51:55 |
| Other Links: | branch diff | manifest | tags |
Context
|
2016-12-02
| ||
| 16:09 | Minor cleanup of global variables and void function check-in: ee18d6c91e user: rkeene tags: tls-1-7 | |
|
2016-12-01
| ||
| 21:51 | Updated to support a deterministic mode check-in: bf7f82b5e8 user: rkeene tags: tls-1-7 | |
| 21:36 | Updated to generate DH parameters more dynamically check-in: 3d5e70d1d5 user: rkeene tags: tls-1-7 | |
Changes
Modified Makefile.in from [e516302d1e] to [d6e6218bd6].
| ︙ | ︙ | |||
33 34 35 36 37 38 39 | # this extension @srcdir@/tls.tcl.h: @srcdir@/tls.tcl xxd -i < '@srcdir@/tls.tcl' > '@srcdir@/tls.tcl.h.new' mv '@srcdir@/tls.tcl.h.new' '@srcdir@/tls.tcl.h' # Create default DH parameters dh_params.h: @srcdir@/gen_dh_params | | | 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | # this extension @srcdir@/tls.tcl.h: @srcdir@/tls.tcl xxd -i < '@srcdir@/tls.tcl' > '@srcdir@/tls.tcl.h.new' mv '@srcdir@/tls.tcl.h.new' '@srcdir@/tls.tcl.h' # Create default DH parameters dh_params.h: @srcdir@/gen_dh_params @srcdir@/gen_dh_params @GEN_DH_PARAMS_ARGS@ > dh_params.h.new mv dh_params.h.new dh_params.h # Generic target for building files from the "srcdir" # tree -- the default target will not match paths %.o: @srcdir@/%.c $(CC) $(CPPFLAGS) $(CFLAGS) -o "$@" -c "$<" |
| ︙ | ︙ |
Modified configure.in from [0ba49b2843] to [92ab7478f3].
| ︙ | ︙ | |||
40 41 42 43 44 45 46 47 48 49 50 51 52 53 | fi tcltls_ssl_lib="$withval" ], [ tcltls_ssl_lib='auto' ]) AC_CHECK_TOOL([PKGCONFIG], [pkg-config], [false]) dnl XXX:TODO: Automatically determine the SSL library to use dnl defaulting to OpenSSL for compatibility reasons if test "$tcltls_ssl_lib" = 'auto'; then tcltls_ssl_lib='openssl' | > > > > > > > > > > > > > | 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 | fi tcltls_ssl_lib="$withval" ], [ tcltls_ssl_lib='auto' ]) dnl Enable support for building the same library every time tcltls_deterministic='false' AC_ARG_ENABLE([deterministic], AS_HELP_STRING([--enable-deterministic], [enable deterministic parameters]), [ if test "$enableval" = "yes"; then tcltls_deterministic='true' fi ]) if test "$tcltls_deterministic" = 'true'; then GEN_DH_PARAMS_ARGS='fallback' else GEN_DH_PARAMS_ARGS='' fi AC_SUBST(GEN_DH_PARAMS_ARGS) AC_CHECK_TOOL([PKGCONFIG], [pkg-config], [false]) dnl XXX:TODO: Automatically determine the SSL library to use dnl defaulting to OpenSSL for compatibility reasons if test "$tcltls_ssl_lib" = 'auto'; then tcltls_ssl_lib='openssl' |
| ︙ | ︙ |
Modified gen_dh_params from [a7290cba5e] to [121b16da7e].
| ︙ | ︙ | |||
76 77 78 79 80 81 82 83 84 85 86 87 88 |
dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
if ((dh->p == NULL) || (dh->g == NULL))
{ DH_free(dh); return(NULL); }
return(dh);
}
_EOF_
}
gen_dh_params_openssl && exit 0
gen_dh_params_remote && exit 0
gen_dh_params_fallback && exit 0
exit 1
| > > > > > > > | 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
if ((dh->p == NULL) || (dh->g == NULL))
{ DH_free(dh); return(NULL); }
return(dh);
}
_EOF_
}
# Enable support for giving the same DH params each time
if [ "$1" = 'fallback' ]; then
gen_dh_params_fallback && exit 0
exit 1
fi
gen_dh_params_openssl && exit 0
gen_dh_params_remote && exit 0
gen_dh_params_fallback && exit 0
exit 1
|