TclTLS
Check-in [bc2460fc22]
Login
HomeTimelineDownloadBrowse SourceBranchesTagsTicketsWiki
Overview
Comment:Updated fallback DH params for OpenSSL, supporting OpenSSL 1.1 and older versions
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | openssl-1.1
Files: files | file ages | folders
SHA1: bc2460fc22a3e2d934ed3d32014700c2c2f73d78
User & Date: rkeene on 2016-12-08 07:08:31
Other Links: branch diff | manifest | tags
Context
2016-12-08
07:25
Whitspace formatting changes check-in: 2ed4afb942 user: rkeene tags: openssl-1.1
07:08
Updated fallback DH params for OpenSSL, supporting OpenSSL 1.1 and older versions check-in: bc2460fc22 user: rkeene tags: openssl-1.1
07:07
Fixed backwards compatibility macro for BIOs check-in: 517bea2716 user: rkeene tags: openssl-1.1
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Modified gen_dh_params from [f5e01f9b02] to [c6f609976c]. 

33
34
35
36
37
38
39
40

41
42

43
44
45
46
47
48
49

33
34
35
36
37
38
39

40


41
42
43
44
45
46
47
48








-
+
-
-
+








	fi

	return 1
}

gen_dh_params_fallback() {
	cat << \_EOF_
DH *get_dh2048()
DH *get_dh2048(void) {
	{
	static unsigned char dhp_2048[]={
	static unsigned char dhp_2048[] = {
		0xC1,0x51,0x58,0x69,0xFB,0xE8,0x6C,0x47,0x2B,0x86,0x61,0x4F,
		0x20,0x2E,0xD3,0xFC,0x19,0xEE,0xB8,0xF3,0x35,0x7D,0xBA,0x86,
		0x2A,0xC3,0xC8,0x6E,0xF4,0x99,0x75,0x65,0xD3,0x7A,0x9E,0xDF,
		0xD4,0x1F,0x88,0xE3,0x17,0xFC,0xA1,0xED,0xA2,0xB6,0x77,0x84,
		0xAA,0x08,0xF2,0x97,0x59,0x7A,0xA0,0x03,0x0D,0x3E,0x7E,0x6D,
		0x65,0x6A,0xA4,0xEA,0x54,0xA9,0x52,0x5F,0x63,0xB4,0xBC,0x98,
		0x4E,0xF6,0xE1,0xA4,0xEE,0x16,0x0A,0xB0,0x01,0xBD,0x9F,0xA1,

58
59
60
61
62
63
64
65
66


67
68


69
70

71
72
73
74
75
76
77
78
79
80
81
82
83






















84
85
86
87
88
89
90

57
58
59
60
61
62
63


64
65
66

67
68
69

70
71












72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100








-
-
+
+

-
+
+

-
+

-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+








		0xA9,0x4D,0xD5,0xFD,0xED,0xF2,0x6D,0x32,0x17,0x97,0x5B,0x06,
		0x60,0x9C,0x5F,0xA3,0x5D,0x34,0x14,0x7E,0x63,0x54,0xE4,0x7E,
		0x09,0x8F,0xBB,0x8E,0xA0,0xD0,0x96,0xAC,0x30,0x20,0x39,0x3B,
		0x8C,0x92,0x65,0x37,0x0A,0x8F,0xEC,0x72,0x8B,0x61,0x7D,0x62,
		0x24,0x54,0xE9,0x1D,0x01,0x68,0x89,0xC4,0x7B,0x3C,0x48,0x62,
		0x9B,0x83,0x11,0x3A,0x0B,0x0D,0xEF,0x5A,0xE4,0x7A,0xA0,0x69,
		0xF4,0x54,0xB5,0x5B,
		};
	static unsigned char dhg_2048[]={
	};
	static unsigned char dhg_2048[] = {
		0x02,
		};
	};

	DH *dh = DH_new();;
    BIGNUM *dhp_bn, *dhg_bn;
	BIGNUM *dhp_bn, *dhg_bn;

    if (dh == NULL)
        return NULL;
    dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
    dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
    if (dhp_bn == NULL || dhg_bn == NULL
            || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
        DH_free(dh);
        BN_free(dhp_bn);
        BN_free(dhg_bn);
        return NULL;
    }
    return dh;
	if (dh == NULL) {
		return NULL;
	}

	dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
	dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);

#if OPENSSL_VERSION_NUMBER < 0x10100000L
	dh->p = dhp_bn;
	dh->g = dhg_bn;

	if (dhp_bn == NULL || dhg_bn == NULL) {
#else
	if (dhp_bn == NULL || dhg_bn == NULL || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
#endif
		DH_free(dh);
		BN_free(dhp_bn);
		BN_free(dhg_bn);
		return(NULL);
	}

	return(dh);
}
_EOF_
}

# Enable support for giving the same DH params each time
if [ "$1" = 'fallback' ]; then
	gen_dh_params_fallback && exit 0

Powered by Fossil · RSS