[mod_gnutls] use 4096-bit DH params by default

personal/stbuehler/wip
Stefan Bühler 9 years ago
parent 2cc5eb90d6
commit 86c93c6256
  1. 158
      src/modules/mod_gnutls.c

@ -16,7 +16,7 @@
LI_API gboolean mod_gnutls_init(liModules *mods, liModule *mod);
LI_API gboolean mod_gnutls_free(liModules *mods, liModule *mod);
static int load_dh_params_3247(gnutls_dh_params_t *dh_params);
static int load_dh_params_4096(gnutls_dh_params_t *dh_params);
typedef struct mod_connection_ctx mod_connection_ctx;
typedef struct mod_context mod_context;
@ -507,7 +507,7 @@ static gboolean gnutls_setup(liServer *srv, liPlugin* p, liValue *val, gpointer
gnutls_certificate_set_dh_params(ctx->server_cert, ctx->dh_params);
} else {
if (GNUTLS_E_SUCCESS != (r = load_dh_params_3247(&ctx->dh_params))) {
if (GNUTLS_E_SUCCESS != (r = load_dh_params_4096(&ctx->dh_params))) {
ERROR(srv, "couldn't load dh parameters(%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto error_free_ctx;
@ -609,104 +609,76 @@ gboolean mod_gnutls_free(liModules *mods, liModule *mod) {
/*
# --sec-param=high in certtool 3.0.22
certtool --get-dh-params --bits=4096 | openssl dhparam -C
-----BEGIN DH PARAMETERS-----
MIIDOAKCAZZFc1zRv5gu49kbADHiznc7EAFuz0jSlFfg3W/F290j1yvaACccKoXw
8zlujNkfVtiRExeyfTtKgQtBqQ9Dxb2+93RbkN77DEUc7fgmBXRt6H0qPuZ07whQ
wylUDaY+ZtHAFqitKmYel8u7Bb5wCdKCgDRutSD3ER6u1IzrL5QOs6UH0KMpB0Ap
h1eWu39HXdkDKIjeImEzs9GKqHSFcCv0m6kxxGH25Ez9KaCpevjz6q8TXPL7ASuo
qRLGzN4OHfcm/IYFF6Thfv22SJWLgDgF0nuOxyDQrUP1kXD1WA+Rr+1b7HYfZB6s
V+CaDAHD+N/u0V2nVeKf1jB+IsuFR/IrYpGuQxAy1od7oW3QSydy/X15cGD0GNPf
RLnUhLEqv3zanv6f/b2OnIiwIl3P3ffrlgKnOsCzktPY5kSy+JbuaEuJeE8clane
JFbweqS3BedGqvFRuQjNcnTZoAb8cP3S/8NHuABq7Ty6HpxDkuEUMlQhKcO36/+H
nbU9BDNWqbonty4Feoejx7muxlfbqrEBwg23nwwTAoIBljPgHZuDtXsmCmM0O05J
UsgevXhQbB1foaxw+dajOSP1eez/hLWPZaP1uH8hSj5ATpZ3NOwoLEOGelZ1TDLa
df3kUY1PO/wtxJXWuvUZmsR2iHkPs1AXvF3LeyooETZoKBtK3OR2UWnYga+6dYyo
uV+aAOewPOxAuLNJTIvXwJqVGvrGR5pGwdwNfHwFYL31/ygJn5+B7mI4aN9V26Ud
PVRUGqTxStA/bFX1On1zBRSsRdf0JCWpgt/UEReQ1iKKWjQ4zYm5zr9vN6T+h+T0
nZzkyjydHY2y6YWkb4ROISK239HmPTujzVZ0BQbyPYkA+R9ezgnriHACDBq1FUsC
FNcBVg/e2rOg32ktinogXEu85Ugzoj+HbKzg+1khetZiPN1r0KBb8X7WRaftzQ1v
A21L4ViU6M7crLNmHUDmPT5/pjnuIkgtZTQ7Sc50ueZX2Q+zpqsJFouVejW02eTv
kXh/iqDNxDJK0LaTyjfdfSyNlI4P+WXyTRomfWOYphp77llfRjKyt7Mnk7o6vRBW
n6HIaduaaW8CAgEA
MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM
fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq
ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI
ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O
+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI
HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQU=
-----END DH PARAMETERS-----
*/
static int load_dh_params_3247(gnutls_dh_params_t *dh_params) {
static const unsigned char dh3247_p[]={
0x45,0x73,0x5C,0xD1,0xBF,0x98,0x2E,0xE3,0xD9,0x1B,0x00,0x31,
0xE2,0xCE,0x77,0x3B,0x10,0x01,0x6E,0xCF,0x48,0xD2,0x94,0x57,
0xE0,0xDD,0x6F,0xC5,0xDB,0xDD,0x23,0xD7,0x2B,0xDA,0x00,0x27,
0x1C,0x2A,0x85,0xF0,0xF3,0x39,0x6E,0x8C,0xD9,0x1F,0x56,0xD8,
0x91,0x13,0x17,0xB2,0x7D,0x3B,0x4A,0x81,0x0B,0x41,0xA9,0x0F,
0x43,0xC5,0xBD,0xBE,0xF7,0x74,0x5B,0x90,0xDE,0xFB,0x0C,0x45,
0x1C,0xED,0xF8,0x26,0x05,0x74,0x6D,0xE8,0x7D,0x2A,0x3E,0xE6,
0x74,0xEF,0x08,0x50,0xC3,0x29,0x54,0x0D,0xA6,0x3E,0x66,0xD1,
0xC0,0x16,0xA8,0xAD,0x2A,0x66,0x1E,0x97,0xCB,0xBB,0x05,0xBE,
0x70,0x09,0xD2,0x82,0x80,0x34,0x6E,0xB5,0x20,0xF7,0x11,0x1E,
0xAE,0xD4,0x8C,0xEB,0x2F,0x94,0x0E,0xB3,0xA5,0x07,0xD0,0xA3,
0x29,0x07,0x40,0x29,0x87,0x57,0x96,0xBB,0x7F,0x47,0x5D,0xD9,
0x03,0x28,0x88,0xDE,0x22,0x61,0x33,0xB3,0xD1,0x8A,0xA8,0x74,
0x85,0x70,0x2B,0xF4,0x9B,0xA9,0x31,0xC4,0x61,0xF6,0xE4,0x4C,
0xFD,0x29,0xA0,0xA9,0x7A,0xF8,0xF3,0xEA,0xAF,0x13,0x5C,0xF2,
0xFB,0x01,0x2B,0xA8,0xA9,0x12,0xC6,0xCC,0xDE,0x0E,0x1D,0xF7,
0x26,0xFC,0x86,0x05,0x17,0xA4,0xE1,0x7E,0xFD,0xB6,0x48,0x95,
0x8B,0x80,0x38,0x05,0xD2,0x7B,0x8E,0xC7,0x20,0xD0,0xAD,0x43,
0xF5,0x91,0x70,0xF5,0x58,0x0F,0x91,0xAF,0xED,0x5B,0xEC,0x76,
0x1F,0x64,0x1E,0xAC,0x57,0xE0,0x9A,0x0C,0x01,0xC3,0xF8,0xDF,
0xEE,0xD1,0x5D,0xA7,0x55,0xE2,0x9F,0xD6,0x30,0x7E,0x22,0xCB,
0x85,0x47,0xF2,0x2B,0x62,0x91,0xAE,0x43,0x10,0x32,0xD6,0x87,
0x7B,0xA1,0x6D,0xD0,0x4B,0x27,0x72,0xFD,0x7D,0x79,0x70,0x60,
0xF4,0x18,0xD3,0xDF,0x44,0xB9,0xD4,0x84,0xB1,0x2A,0xBF,0x7C,
0xDA,0x9E,0xFE,0x9F,0xFD,0xBD,0x8E,0x9C,0x88,0xB0,0x22,0x5D,
0xCF,0xDD,0xF7,0xEB,0x96,0x02,0xA7,0x3A,0xC0,0xB3,0x92,0xD3,
0xD8,0xE6,0x44,0xB2,0xF8,0x96,0xEE,0x68,0x4B,0x89,0x78,0x4F,
0x1C,0x95,0xA9,0xDE,0x24,0x56,0xF0,0x7A,0xA4,0xB7,0x05,0xE7,
0x46,0xAA,0xF1,0x51,0xB9,0x08,0xCD,0x72,0x74,0xD9,0xA0,0x06,
0xFC,0x70,0xFD,0xD2,0xFF,0xC3,0x47,0xB8,0x00,0x6A,0xED,0x3C,
0xBA,0x1E,0x9C,0x43,0x92,0xE1,0x14,0x32,0x54,0x21,0x29,0xC3,
0xB7,0xEB,0xFF,0x87,0x9D,0xB5,0x3D,0x04,0x33,0x56,0xA9,0xBA,
0x27,0xB7,0x2E,0x05,0x7A,0x87,0xA3,0xC7,0xB9,0xAE,0xC6,0x57,
0xDB,0xAA,0xB1,0x01,0xC2,0x0D,0xB7,0x9F,0x0C,0x13,
static int load_dh_params_4096(gnutls_dh_params_t *dh_params) {
static const unsigned char dh4096_p[]={
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
};
static const unsigned char dh3247_g[]={
0x33,0xE0,0x1D,0x9B,0x83,0xB5,0x7B,0x26,0x0A,0x63,0x34,0x3B,
0x4E,0x49,0x52,0xC8,0x1E,0xBD,0x78,0x50,0x6C,0x1D,0x5F,0xA1,
0xAC,0x70,0xF9,0xD6,0xA3,0x39,0x23,0xF5,0x79,0xEC,0xFF,0x84,
0xB5,0x8F,0x65,0xA3,0xF5,0xB8,0x7F,0x21,0x4A,0x3E,0x40,0x4E,
0x96,0x77,0x34,0xEC,0x28,0x2C,0x43,0x86,0x7A,0x56,0x75,0x4C,
0x32,0xDA,0x75,0xFD,0xE4,0x51,0x8D,0x4F,0x3B,0xFC,0x2D,0xC4,
0x95,0xD6,0xBA,0xF5,0x19,0x9A,0xC4,0x76,0x88,0x79,0x0F,0xB3,
0x50,0x17,0xBC,0x5D,0xCB,0x7B,0x2A,0x28,0x11,0x36,0x68,0x28,
0x1B,0x4A,0xDC,0xE4,0x76,0x51,0x69,0xD8,0x81,0xAF,0xBA,0x75,
0x8C,0xA8,0xB9,0x5F,0x9A,0x00,0xE7,0xB0,0x3C,0xEC,0x40,0xB8,
0xB3,0x49,0x4C,0x8B,0xD7,0xC0,0x9A,0x95,0x1A,0xFA,0xC6,0x47,
0x9A,0x46,0xC1,0xDC,0x0D,0x7C,0x7C,0x05,0x60,0xBD,0xF5,0xFF,
0x28,0x09,0x9F,0x9F,0x81,0xEE,0x62,0x38,0x68,0xDF,0x55,0xDB,
0xA5,0x1D,0x3D,0x54,0x54,0x1A,0xA4,0xF1,0x4A,0xD0,0x3F,0x6C,
0x55,0xF5,0x3A,0x7D,0x73,0x05,0x14,0xAC,0x45,0xD7,0xF4,0x24,
0x25,0xA9,0x82,0xDF,0xD4,0x11,0x17,0x90,0xD6,0x22,0x8A,0x5A,
0x34,0x38,0xCD,0x89,0xB9,0xCE,0xBF,0x6F,0x37,0xA4,0xFE,0x87,
0xE4,0xF4,0x9D,0x9C,0xE4,0xCA,0x3C,0x9D,0x1D,0x8D,0xB2,0xE9,
0x85,0xA4,0x6F,0x84,0x4E,0x21,0x22,0xB6,0xDF,0xD1,0xE6,0x3D,
0x3B,0xA3,0xCD,0x56,0x74,0x05,0x06,0xF2,0x3D,0x89,0x00,0xF9,
0x1F,0x5E,0xCE,0x09,0xEB,0x88,0x70,0x02,0x0C,0x1A,0xB5,0x15,
0x4B,0x02,0x14,0xD7,0x01,0x56,0x0F,0xDE,0xDA,0xB3,0xA0,0xDF,
0x69,0x2D,0x8A,0x7A,0x20,0x5C,0x4B,0xBC,0xE5,0x48,0x33,0xA2,
0x3F,0x87,0x6C,0xAC,0xE0,0xFB,0x59,0x21,0x7A,0xD6,0x62,0x3C,
0xDD,0x6B,0xD0,0xA0,0x5B,0xF1,0x7E,0xD6,0x45,0xA7,0xED,0xCD,
0x0D,0x6F,0x03,0x6D,0x4B,0xE1,0x58,0x94,0xE8,0xCE,0xDC,0xAC,
0xB3,0x66,0x1D,0x40,0xE6,0x3D,0x3E,0x7F,0xA6,0x39,0xEE,0x22,
0x48,0x2D,0x65,0x34,0x3B,0x49,0xCE,0x74,0xB9,0xE6,0x57,0xD9,
0x0F,0xB3,0xA6,0xAB,0x09,0x16,0x8B,0x95,0x7A,0x35,0xB4,0xD9,
0xE4,0xEF,0x91,0x78,0x7F,0x8A,0xA0,0xCD,0xC4,0x32,0x4A,0xD0,
0xB6,0x93,0xCA,0x37,0xDD,0x7D,0x2C,0x8D,0x94,0x8E,0x0F,0xF9,
0x65,0xF2,0x4D,0x1A,0x26,0x7D,0x63,0x98,0xA6,0x1A,0x7B,0xEE,
0x59,0x5F,0x46,0x32,0xB2,0xB7,0xB3,0x27,0x93,0xBA,0x3A,0xBD,
0x10,0x56,0x9F,0xA1,0xC8,0x69,0xDB,0x9A,0x69,0x6F,
static const unsigned char dh4096_g[]={
0x05,
};
static const gnutls_datum_t prime = { (unsigned char*) dh3247_p, sizeof(dh3247_p) };
static const gnutls_datum_t generator = { (unsigned char*) dh3247_g, sizeof(dh3247_g) };
static const gnutls_datum_t prime = { (unsigned char*) dh4096_p, sizeof(dh4096_p) };
static const gnutls_datum_t generator = { (unsigned char*) dh4096_g, sizeof(dh4096_g) };
int r;
gnutls_dh_params_t params;

Loading…
Cancel
Save