#if 0 =pod #endif /* Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /* _ _ * _ __ ___ ___ __| | ___ ___| | mod_ssl * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL * | | | | | | (_) | (_| | \__ \__ \ | * |_| |_| |_|\___/ \__,_|___|___/___/_| * |_____| * ssl_engine_dh.c * Diffie-Hellman Built-in Temporary Parameters */ #include "ssl_private.h" /* ----BEGIN GENERATED SECTION-------- */ /* ** Diffie-Hellman-Parameters: (512 bit) ** prime: ** 00:9f:db:8b:8a:00:45:44:f0:04:5f:17:37:d0:ba: ** 2e:0b:27:4c:df:1a:9f:58:82:18:fb:43:53:16:a1: ** 6e:37:41:71:fd:19:d8:d8:f3:7c:39:bf:86:3f:d6: ** 0e:3e:30:06:80:a3:03:0c:6e:4c:37:57:d0:8f:70: ** e6:aa:87:10:33 ** generator: 2 (0x2) ** Diffie-Hellman-Parameters: (1024 bit) ** prime: ** 00:d6:7d:e4:40:cb:bb:dc:19:36:d6:93:d3:4a:fd: ** 0a:d5:0c:84:d2:39:a4:5f:52:0b:b8:81:74:cb:98: ** bc:e9:51:84:9f:91:2e:63:9c:72:fb:13:b4:b4:d7: ** 17:7e:16:d5:5a:c1:79:ba:42:0b:2a:29:fe:32:4a: ** 46:7a:63:5e:81:ff:59:01:37:7b:ed:dc:fd:33:16: ** 8a:46:1a:ad:3b:72:da:e8:86:00:78:04:5b:07:a7: ** db:ca:78:74:08:7d:15:10:ea:9f:cc:9d:dd:33:05: ** 07:dd:62:db:88:ae:aa:74:7d:e0:f4:d6:e2:bd:68: ** b0:e7:39:3e:0f:24:21:8e:b3 ** generator: 2 (0x2) */ static unsigned char dh512_p[] = { 0x9F, 0xDB, 0x8B, 0x8A, 0x00, 0x45, 0x44, 0xF0, 0x04, 0x5F, 0x17, 0x37, 0xD0, 0xBA, 0x2E, 0x0B, 0x27, 0x4C, 0xDF, 0x1A, 0x9F, 0x58, 0x82, 0x18, 0xFB, 0x43, 0x53, 0x16, 0xA1, 0x6E, 0x37, 0x41, 0x71, 0xFD, 0x19, 0xD8, 0xD8, 0xF3, 0x7C, 0x39, 0xBF, 0x86, 0x3F, 0xD6, 0x0E, 0x3E, 0x30, 0x06, 0x80, 0xA3, 0x03, 0x0C, 0x6E, 0x4C, 0x37, 0x57, 0xD0, 0x8F, 0x70, 0xE6, 0xAA, 0x87, 0x10, 0x33, }; static unsigned char dh512_g[] = { 0x02, }; static DH *get_dh512(void) { return modssl_dh_configure(dh512_p, sizeof(dh512_p), dh512_g, sizeof(dh512_g)); } static unsigned char dh1024_p[] = { 0xD6, 0x7D, 0xE4, 0x40, 0xCB, 0xBB, 0xDC, 0x19, 0x36, 0xD6, 0x93, 0xD3, 0x4A, 0xFD, 0x0A, 0xD5, 0x0C, 0x84, 0xD2, 0x39, 0xA4, 0x5F, 0x52, 0x0B, 0xB8, 0x81, 0x74, 0xCB, 0x98, 0xBC, 0xE9, 0x51, 0x84, 0x9F, 0x91, 0x2E, 0x63, 0x9C, 0x72, 0xFB, 0x13, 0xB4, 0xB4, 0xD7, 0x17, 0x7E, 0x16, 0xD5, 0x5A, 0xC1, 0x79, 0xBA, 0x42, 0x0B, 0x2A, 0x29, 0xFE, 0x32, 0x4A, 0x46, 0x7A, 0x63, 0x5E, 0x81, 0xFF, 0x59, 0x01, 0x37, 0x7B, 0xED, 0xDC, 0xFD, 0x33, 0x16, 0x8A, 0x46, 0x1A, 0xAD, 0x3B, 0x72, 0xDA, 0xE8, 0x86, 0x00, 0x78, 0x04, 0x5B, 0x07, 0xA7, 0xDB, 0xCA, 0x78, 0x74, 0x08, 0x7D, 0x15, 0x10, 0xEA, 0x9F, 0xCC, 0x9D, 0xDD, 0x33, 0x05, 0x07, 0xDD, 0x62, 0xDB, 0x88, 0xAE, 0xAA, 0x74, 0x7D, 0xE0, 0xF4, 0xD6, 0xE2, 0xBD, 0x68, 0xB0, 0xE7, 0x39, 0x3E, 0x0F, 0x24, 0x21, 0x8E, 0xB3, }; static unsigned char dh1024_g[] = { 0x02, }; static DH *get_dh1024(void) { return modssl_dh_configure(dh1024_p, sizeof(dh1024_p), dh1024_g, sizeof(dh1024_g)); } /* ----END GENERATED SECTION---------- */ DH *ssl_dh_GetTmpParam(int nKeyLen) { DH *dh; if (nKeyLen == 512) dh = get_dh512(); else if (nKeyLen == 1024) dh = get_dh1024(); else dh = get_dh1024(); return dh; } DH *ssl_dh_GetParamFromFile(char *file) { DH *dh = NULL; BIO *bio; if ((bio = BIO_new_file(file, "r")) == NULL) return NULL; #if SSL_LIBRARY_VERSION < 0x00904000 dh = PEM_read_bio_DHparams(bio, NULL, NULL); #else dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); #endif BIO_free(bio); return (dh); } /* =cut ## ## Embedded Perl script for generating the temporary DH parameters ## require 5.003; use strict; # configuration my $file = $0; my $begin = '----BEGIN GENERATED SECTION--------'; my $end = '----END GENERATED SECTION----------'; # read ourself and keep a backup open(FP, "<$file") || die; my $source = ''; $source .= $_ while (); close(FP); open(FP, ">$file.bak") || die; print FP $source; close(FP); # generate the DH parameters print "1. Generate 512 and 1024 bit Diffie-Hellman parameters (p, g)\n"; my $rand = ''; foreach $file (qw(/var/log/messages /var/adm/messages /kernel /vmunix /vmlinuz /etc/hosts /etc/resolv.conf)) { if (-f $file) { $rand = $file if ($rand eq ''); $rand .= ":$file" if ($rand ne ''); } } $rand = "-rand $rand" if ($rand ne ''); system("openssl gendh $rand -out dh512.pem 512"); system("openssl gendh $rand -out dh1024.pem 1024"); # generate DH param info my $dhinfo = ''; open(FP, "openssl dh -noout -text -in dh512.pem |") || die; $dhinfo .= $_ while (); close(FP); open(FP, "openssl dh -noout -text -in dh1024.pem |") || die; $dhinfo .= $_ while (); close(FP); $dhinfo =~ s|^|** |mg; $dhinfo = "\n\/\*\n$dhinfo\*\/\n\n"; # generate C source from DH params my $dhsource = ''; open(FP, "openssl dh -noout -C -in dh512.pem | indent | expand |") || die; $dhsource .= $_ while (); close(FP); open(FP, "openssl dh -noout -C -in dh1024.pem | indent | expand |") || die; $dhsource .= $_ while (); close(FP); $dhsource =~ s|(DH\s+\*get_dh)(\d+)[^}]*\n}|static $1$2(void) { return modssl_dh_configure(dh$2_p, sizeof(dh$2_p), dh$2_g, sizeof(dh$2_g)); } |sg; # generate output my $o = $dhinfo . $dhsource; # insert the generated code at the target location $source =~ s|(\/\* $begin.+?\n).*\n(.*?\/\* $end)|$1$o$2|s; # and update the source on disk print "Updating file `$file'\n"; open(FP, ">$file") || die; print FP $source; close(FP); # cleanup unlink("dh512.pem"); unlink("dh1024.pem"); =pod */