From a4bb471cf74d2b2d5b155551316d304989efbded Mon Sep 17 00:00:00 2001 From: Jason Volk Date: Wed, 29 Aug 2018 16:16:35 -0700 Subject: [PATCH] ircd::openssl/ircd::net: Add presupplied rfc3526 DH parameters. --- include/ircd/openssl.h | 1 + ircd/net.cc | 31 ++++++++++++++++++++++++++++++- ircd/openssl.cc | 14 ++++++++++++++ 3 files changed, 45 insertions(+), 1 deletion(-) diff --git a/include/ircd/openssl.h b/include/ircd/openssl.h index 080f025e1..9124d6b77 100644 --- a/include/ircd/openssl.h +++ b/include/ircd/openssl.h @@ -88,6 +88,7 @@ namespace ircd::openssl // DH suite extern const size_t DH_DEFAULT_GEN; extern const size_t DH_DEFAULT_BITS; + extern const string_view rfc3526_dh_params_pem; DH &gendh(DH &, const uint &bits = DH_DEFAULT_BITS, const uint &gen = DH_DEFAULT_GEN); string_view gendh(const mutable_buffer &, const uint &bits = DH_DEFAULT_BITS, const uint &gen = DH_DEFAULT_GEN); void gendh(const string_view &dhfile, const uint &bits = DH_DEFAULT_BITS, const uint &gen = DH_DEFAULT_GEN); diff --git a/ircd/net.cc b/ircd/net.cc index 12c83e019..a90710c90 100644 --- a/ircd/net.cc +++ b/ircd/net.cc @@ -1457,7 +1457,7 @@ ircd::net::listener::acceptor::configure(const json::object &opts) filename); } - if(opts.has("tmp_dh_path")) + if(opts.has("tmp_dh_path") && !empty(unquote(opts.at("tmp_dh_path")))) { const std::string filename { @@ -1477,6 +1477,35 @@ ircd::net::listener::acceptor::configure(const json::object &opts) string(*this), filename); } + else if(opts.has("tmp_dh")) + { + const const_buffer buf + { + unquote(opts.at("tmp_dh")) + }; + + ssl.use_tmp_dh(buf); + log::info + { + log, "%s using DH params supplied in options (%zu bytes)", + string(*this), + size(buf) + }; + } + else + { + const const_buffer &buf + { + openssl::rfc3526_dh_params_pem + }; + + ssl.use_tmp_dh(buf); + log::info + { + log, "%s using pre-supplied rfc3526 DH parameters.", + string(*this) + }; + } } // diff --git a/ircd/openssl.cc b/ircd/openssl.cc index 77e90e225..cd1d6d84f 100644 --- a/ircd/openssl.cc +++ b/ircd/openssl.cc @@ -623,6 +623,20 @@ ircd::openssl::get_time(const ASN1_TIME &t) // DH // +decltype(ircd::openssl::rfc3526_dh_params_pem) +ircd::openssl::rfc3526_dh_params_pem +{R"( +2048-bit DH parameters taken from rfc3526 +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb +IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft +awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT +mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh +fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq +5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg== +-----END DH PARAMETERS----- +)"}; + decltype(ircd::openssl::DH_DEFAULT_BITS) ircd::openssl::DH_DEFAULT_BITS {