rpms / freeradius

Clone
Source Code
GIT

Blame SOURCES/freeradius-bootstrap-fixed-dhparam.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-3.0 c8-stream-3.0 c8s-stream-3.0 c9 c9-beta
  1.   c8-beta-stream-3.0
  2.   SOURCES
  3.   freeradius-bootstrap-fixed-dhparam.patch
Blob History Raw
bbf883 
From b31f1ab9a0e1c010037d2d660e3ce4ea7eb07d6c Mon Sep 17 00:00:00 2001
bbf883 
From: Alexander Scheel <ascheel@redhat.com>
bbf883 
Date: Wed, 5 Aug 2020 16:10:52 -0400
bbf883 
Subject: [PATCH] Use fixed FIPS-approved dhparam by default
bbf883
bbf883 
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
bbf883 
---
bbf883 
 raddb/certs/Makefile  | 2 +-
bbf883 
 raddb/certs/bootstrap | 7 +++++--
bbf883 
 2 files changed, 6 insertions(+), 3 deletions(-)
bbf883
bbf883 
diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile
bbf883 
index 5cbfd46..41b7aea 100644
bbf883 
--- a/raddb/certs/Makefile
bbf883 
+++ b/raddb/certs/Makefile
bbf883 
@@ -59,7 +59,7 @@ passwords.mk: server.cnf ca.cnf client.cnf inner-server.cnf
bbf883 
 #
bbf883 
 ######################################################################
bbf883 
 dh:
bbf883 
-	$(OPENSSL) dhparam -out dh -2 $(DH_KEY_SIZE)
bbf883 
+	cp rfc3526-group-18-8192.dhparam dh
bbf883
bbf883 
 ######################################################################
bbf883 
 #
bbf883 
diff --git a/raddb/certs/bootstrap b/raddb/certs/bootstrap
bbf883 
index 9920ecf..59b3310 100755
bbf883 
--- a/raddb/certs/bootstrap
bbf883 
+++ b/raddb/certs/bootstrap
bbf883 
@@ -13,6 +13,10 @@
bbf883 
 umask 027
bbf883 
 cd `dirname $0`
bbf883
bbf883 
+if [ ! -e random ]; then
bbf883 
+  ln -sf /dev/urandom random
bbf883 
+fi
bbf883 
+
bbf883 
 make -h > /dev/null 2>&1
bbf883
bbf883 
 #
bbf883 
@@ -35,8 +39,7 @@ fi
bbf883 
 #  re-generate these commands.
bbf883 
 #
bbf883 
 if [ ! -e dh ]; then
bbf883 
-  openssl dhparam -out dh 2048 || exit 1
bbf883 
-  ln -sf /dev/urandom random
bbf883 
+  cp rfc3526-group-18-8192.dhparam dh
bbf883 
 fi
bbf883
bbf883 
 if [ ! -e server.key ]; then
bbf883 
--
bbf883 
2.26.2
bbf883

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation