Overview
| Comment: | Updated to generate DH parameters more dynamically |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | tls-1-7 |
| Files: | files | file ages | folders |
| SHA1: |
3d5e70d1d57b32ffc890cf789718629e |
| User & Date: | rkeene on 2016-12-01 21:36:04 |
| Other Links: | branch diff | manifest | tags |
Context
|
2016-12-01
| ||
| 21:51 | Updated to support a deterministic mode check-in: bf7f82b5e8 user: rkeene tags: tls-1-7 | |
| 21:36 | Updated to generate DH parameters more dynamically check-in: 3d5e70d1d5 user: rkeene tags: tls-1-7 | |
| 20:51 | Removed unused source file check-in: 2f2650a648 user: rkeene tags: tls-1-7 | |
Changes
Modified .fossil-settings/ignore-glob from [7f5dc4586d] to [103e76cae5].
| ︙ | ︙ | |||
13 14 15 16 17 18 19 | tcltls.a tls.o tlsBIO.o tlsIO.o tlsX509.o tls.tcl.h build/work | > | 13 14 15 16 17 18 19 20 | tcltls.a tls.o tlsBIO.o tlsIO.o tlsX509.o tls.tcl.h build/work dh_params.h |
Modified Makefile.in from [767056b489] to [e516302d1e].
1 2 3 4 | CC = @[email protected] AR = @[email protected] RANLIB = @[email protected] CFLAGS = @[email protected] @[email protected] | | | > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 | CC = @[email protected] AR = @[email protected] RANLIB = @[email protected] CFLAGS = @[email protected] @[email protected] CPPFLAGS = @[email protected] [email protected]@ -I. @[email protected] LDFLAGS = @[email protected] @[email protected] LIBS = @[email protected] INSTALL = @[email protected] PACKAGE_VERSION = @[email protected] TCL_PACKAGE_PATH = @[email protected] PACKAGE_INSTALL_DIR = $(TCL_PACKAGE_PATH)/tcltls$(PACKAGE_VERSION) all: @[email protected] # The shared object target [email protected]@: tls.o tlsBIO.o tlsIO.o tlsX509.o $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o [email protected]@ tls.o tlsBIO.o tlsIO.o tlsX509.o $(LIBS) # The static target tcltls.a: tls.o tlsBIO.o tlsIO.o tlsX509.o $(AR) rcu tcltls.a.new tls.o tlsBIO.o tlsIO.o tlsX509.o $(RANLIB) tcltls.a.new mv tcltls.a.new tcltls.a # Dependencies for all our targets tls.o: @[email protected]/tls.c @[email protected]/tlsInt.h @[email protected]/tclOpts.h @[email protected]/tls.tcl.h dh_params.h tlsBIO.o: @[email protected]/tlsBIO.c @[email protected]/tlsInt.h tlsIO.o: @[email protected]/tlsIO.c @[email protected]/tlsInt.h tlsX509.o: @[email protected]/tlsX509.c @[email protected]/tlsInt.h # Create a C-source-ified version of the script resources # for TclTLS so that we only need a single file to enable # this extension @[email protected]/tls.tcl.h: @[email protected]/tls.tcl xxd -i < '@[email protected]/tls.tcl' > '@[email protected]/tls.tcl.h.new' mv '@[email protected]/tls.tcl.h.new' '@[email protected]/tls.tcl.h' # Create default DH parameters dh_params.h: @[email protected]/gen_dh_params @[email protected]/gen_dh_params > dh_params.h.new mv dh_params.h.new dh_params.h # Generic target for building files from the "srcdir" # tree -- the default target will not match paths %.o: @[email protected]/%.c $(CC) $(CPPFLAGS) $(CFLAGS) -o "[email protected]" -c "$<" # Install the extension install: @[email protected] pkgIndex.tcl $(INSTALL) -d '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' $(INSTALL) -t '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' @[email protected] pkgIndex.tcl # Clean the local build directory for rebuild against the same configuration clean: rm -f tls.o tlsBIO.o tlsIO.o tlsX509.o rm -f [email protected]@ rm -f tcltls.a.new tcltls.a # Clean the local build directory back to what it was after unpacking the # distribution tarball distclean: clean rm -f config.log config.status rm -f dh_params.h.new dh_params.h rm -f Makefile pkgIndex.tcl # Clean the local build directory back to only thing things that exist in # version control system mrproper: distclean rm -f @[email protected]/tls.tcl.h rm -f @[email protected]/configure @[email protected]/config.sub @[email protected]/config.guess @[email protected]/install-sh rm -f @[email protected]/aclocal.m4 rm -rf @[email protected]/aclocal @[email protected]/autom4te.cache .PHONY: all install clean distclean mrproper |
Added gen_dh_params version [a7290cba5e].
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 | #! /usr/bin/env bash
bits='2048'
function openssl_dhparam() {
local output
if [ -x "$(which openssl 2>/dev/null)" ]; then
output="$(set -o pipefail; openssl dhparam -C "[email protected]" 2>/dev/null | sed '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/ d;/^#/ d')" || return 1
echo "${output}"
return 0
fi
return 1
}
function gen_dh_params_openssl() {
openssl_dhparam "${bits}" < /dev/null || return 1
return 0
}
function gen_dh_params_remote() {
local input output url
url="https://2ton.com.au/dhparam/${bits}"
input="$(curl "${url}")" || \
input="$(wget -O - -o /dev/null "${url}")" || return 1
if output="$(echo "${input}" | openssl_dhparam)"; then
echo "${output}"
return 0
fi
return 1
}
function gen_dh_params_fallback() {
cat << \_EOF_
DH *get_dh2048()
{
static unsigned char dh2048_p[]={
0xC1,0x51,0x58,0x69,0xFB,0xE8,0x6C,0x47,0x2B,0x86,0x61,0x4F,
0x20,0x2E,0xD3,0xFC,0x19,0xEE,0xB8,0xF3,0x35,0x7D,0xBA,0x86,
0x2A,0xC3,0xC8,0x6E,0xF4,0x99,0x75,0x65,0xD3,0x7A,0x9E,0xDF,
0xD4,0x1F,0x88,0xE3,0x17,0xFC,0xA1,0xED,0xA2,0xB6,0x77,0x84,
0xAA,0x08,0xF2,0x97,0x59,0x7A,0xA0,0x03,0x0D,0x3E,0x7E,0x6D,
0x65,0x6A,0xA4,0xEA,0x54,0xA9,0x52,0x5F,0x63,0xB4,0xBC,0x98,
0x4E,0xF6,0xE1,0xA4,0xEE,0x16,0x0A,0xB0,0x01,0xBD,0x9F,0xA1,
0xE8,0x23,0x29,0x56,0x40,0x95,0x13,0xEB,0xCB,0xD5,0xFC,0x76,
0x1A,0x41,0x26,0xCE,0x20,0xEB,0x30,0x10,0x17,0x07,0xE1,0x8C,
0xAC,0x57,0x37,0x8B,0xE8,0x01,0xDE,0xA9,0xEF,0xA4,0xC2,0xA4,
0x6E,0x48,0x25,0x11,0x33,0x11,0xD4,0x52,0x79,0x87,0x9F,0x75,
0x61,0xF7,0x9C,0x7D,0x36,0x41,0xCB,0xEC,0x8F,0xEA,0x4A,0x47,
0x6A,0x36,0x37,0x75,0xB9,0x8E,0xF5,0x5F,0x67,0xCF,0x1F,0xD8,
0xCA,0x70,0x42,0xC7,0xA2,0xED,0x0F,0x7D,0xBE,0x43,0x08,0x28,
0x66,0x3D,0xDD,0x87,0x0D,0x61,0x6E,0xD0,0xE7,0x49,0xD1,0x70,
0xA9,0x4D,0xD5,0xFD,0xED,0xF2,0x6D,0x32,0x17,0x97,0x5B,0x06,
0x60,0x9C,0x5F,0xA3,0x5D,0x34,0x14,0x7E,0x63,0x54,0xE4,0x7E,
0x09,0x8F,0xBB,0x8E,0xA0,0xD0,0x96,0xAC,0x30,0x20,0x39,0x3B,
0x8C,0x92,0x65,0x37,0x0A,0x8F,0xEC,0x72,0x8B,0x61,0x7D,0x62,
0x24,0x54,0xE9,0x1D,0x01,0x68,0x89,0xC4,0x7B,0x3C,0x48,0x62,
0x9B,0x83,0x11,0x3A,0x0B,0x0D,0xEF,0x5A,0xE4,0x7A,0xA0,0x69,
0xF4,0x54,0xB5,0x5B,
};
static unsigned char dh2048_g[]={
0x02,
};
DH *dh;
if ((dh=DH_new()) == NULL) return(NULL);
dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
if ((dh->p == NULL) || (dh->g == NULL))
{ DH_free(dh); return(NULL); }
return(dh);
}
_EOF_
}
gen_dh_params_openssl && exit 0
gen_dh_params_remote && exit 0
gen_dh_params_fallback && exit 0
exit 1
|
Modified tls.c from [b151916d75] to [05e974345e].
| ︙ | ︙ | |||
75 76 77 78 79 80 81 | #define ENABLED(flag, mask) (((flag) & (mask)) == (mask)) /* * Static data structures */ #ifndef OPENSSL_NO_DH | < | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 | #define ENABLED(flag, mask) (((flag) & (mask)) == (mask)) /* * Static data structures */ #ifndef OPENSSL_NO_DH #include "dh_params.h" #endif /* * Defined in Tls_Init to determine what kind of channels we are using * (old-style 8.2.0-8.3.1 or new-style 8.3.2+). */ int channelTypeVersion; |
| ︙ | ︙ |