Overview
Comment: | Use env var for OpenSSL executable path. Source: https://core.tcl-lang.org/tcltls/tktview/034c8d2587 |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | dh |
Files: | files | file ages | folders |
SHA3-256: |
e63b467c48f0e7a70aee77dba5104b5d |
User & Date: | bohagan on 2023-12-29 00:46:02 |
Other Links: | branch diff | manifest | tags |
Context
2023-12-29
| ||
03:09 | Updated to auto set DH parameters. Updated to use well known Diffie-Hellman (DH) parameters that have built-in support in OpenSSL. This means the DH parameters will be selected to be consistent with the size of the key associated with the server's certificate. If there is no certificate (e.g. for PSK ciphersuites), then it it will be consistent with the size of the negotiated symmetric cipher key. Closed-Leaf check-in: d3d16ea77f user: bohagan tags: dh | |
00:46 | Use env var for OpenSSL executable path. Source: https://core.tcl-lang.org/tcltls/tktview/034c8d2587 check-in: e63b467c48 user: bohagan tags: dh | |
2023-12-28
| ||
23:15 | Refactored DH generation to not need a separate file for DH data. Added missing header files to generated file. check-in: d3319fd18b user: bohagan tags: dh | |
Changes
Modified generic/gen_dh_params
from [791deedc56]
to [6e6f58d906].
︙ | ︙ | |||
10 11 12 13 14 15 16 | bits=*) bits="`echo "${arg}" | cut -f 2 -d =`" ;; esac done openssl_dhparam1() { | > > > > > | > > > > > | > > > > > | 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 | bits=*) bits="`echo "${arg}" | cut -f 2 -d =`" ;; esac done openssl_dhparam1() { dir='' if [ -n "${OPENSSL}" ]; then dir="${OPENSSL}/" fi if ${dir}openssl dhparam -C "$@" | sed \ -e 's/^\(static \)*DH \*get_dh[0-9]*/static DH *get_dhParams/' \ -e '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/ d;/^#/ d' then return 0 fi return 1 } # OpenSSL 3.0 openssl-dhparam has no "-C" option, so we emulate it here openssl_dhparam3() { dir='' if [ -n "${OPENSSL}" ]; then dir="${OPENSSL}/" fi cat << \_EOF_ #include <openssl/dh.h> #include <openssl/bn.h> static DH *get_dhParams(void) { static unsigned char dhp[] = { _EOF_ if ${dir}openssl dhparam -text "$@" | \ sed -E -e '/^---/,/^---/d' \ -e '/(DH|prime|generator|P|G|recommended)/d' \ -e 's/([0-9a-h]{2})(:|$$)/0x\1, /g' then break else return 1 fi cat << \_EOF_ }; static unsigned char dhg[] = { 0x02, }; |
︙ | ︙ | |||
275 276 277 278 279 280 281 | if (dh == NULL) { return NULL; } dhp_bn = BN_bin2bn(dhp, sizeof (dhp), NULL); dhg_bn = BN_bin2bn(dhg, sizeof (dhg), NULL); | < < < < < < < | 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 | if (dh == NULL) { return NULL; } dhp_bn = BN_bin2bn(dhp, sizeof (dhp), NULL); dhg_bn = BN_bin2bn(dhg, sizeof (dhg), NULL); if (dhp_bn == NULL || dhg_bn == NULL || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) { DH_free(dh); BN_free(dhp_bn); BN_free(dhg_bn); return(NULL); } return(dh); |
︙ | ︙ |