|
|
75a229 |
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
|
|
|
75a229 |
index 46769e9..0275452 100644
|
|
|
75a229 |
--- a/modules/ssl/ssl_engine_init.c
|
|
|
75a229 |
+++ b/modules/ssl/ssl_engine_init.c
|
|
|
75a229 |
@@ -41,6 +41,79 @@
|
|
|
75a229 |
#define KEYTYPES "RSA or DSA"
|
|
|
75a229 |
#endif
|
|
|
75a229 |
|
|
|
75a229 |
+/*
|
|
|
75a229 |
+ * Grab well-defined DH parameters from OpenSSL, see the get_rfc*
|
|
|
75a229 |
+ * functions in <openssl/bn.h> for all available primes.
|
|
|
75a229 |
+ */
|
|
|
75a229 |
+static DH *make_dh_params(BIGNUM *(*prime)(BIGNUM *), const char *gen)
|
|
|
75a229 |
+{
|
|
|
75a229 |
+ DH *dh = DH_new();
|
|
|
75a229 |
+
|
|
|
75a229 |
+ if (!dh) {
|
|
|
75a229 |
+ return NULL;
|
|
|
75a229 |
+ }
|
|
|
75a229 |
+ dh->p = prime(NULL);
|
|
|
75a229 |
+ BN_dec2bn(&dh->g, gen);
|
|
|
75a229 |
+ if (!dh->p || !dh->g) {
|
|
|
75a229 |
+ DH_free(dh);
|
|
|
75a229 |
+ return NULL;
|
|
|
75a229 |
+ }
|
|
|
75a229 |
+ return dh;
|
|
|
75a229 |
+}
|
|
|
75a229 |
+
|
|
|
75a229 |
+/* Storage and initialization for DH parameters. */
|
|
|
75a229 |
+static struct dhparam {
|
|
|
75a229 |
+ BIGNUM *(*const prime)(BIGNUM *); /* function to generate... */
|
|
|
75a229 |
+ DH *dh; /* ...this, used for keys.... */
|
|
|
75a229 |
+ const unsigned int min; /* ...of length >= this. */
|
|
|
75a229 |
+} dhparams[] = {
|
|
|
75a229 |
+ { get_rfc3526_prime_8192, NULL, 6145 },
|
|
|
75a229 |
+ { get_rfc3526_prime_6144, NULL, 4097 },
|
|
|
75a229 |
+ { get_rfc3526_prime_4096, NULL, 3073 },
|
|
|
75a229 |
+ { get_rfc3526_prime_3072, NULL, 2049 },
|
|
|
75a229 |
+ { get_rfc3526_prime_2048, NULL, 1025 },
|
|
|
75a229 |
+ { get_rfc2409_prime_1024, NULL, 0 }
|
|
|
75a229 |
+};
|
|
|
75a229 |
+
|
|
|
75a229 |
+static void init_dh_params(void)
|
|
|
75a229 |
+{
|
|
|
75a229 |
+ unsigned n;
|
|
|
75a229 |
+
|
|
|
75a229 |
+ for (n = 0; n < sizeof(dhparams)/sizeof(dhparams[0]); n++)
|
|
|
75a229 |
+ dhparams[n].dh = make_dh_params(dhparams[n].prime, "2");
|
|
|
75a229 |
+}
|
|
|
75a229 |
+
|
|
|
75a229 |
+static void free_dh_params(void)
|
|
|
75a229 |
+{
|
|
|
75a229 |
+ unsigned n;
|
|
|
75a229 |
+
|
|
|
75a229 |
+ /* DH_free() is a noop for a NULL parameter, so these are harmless
|
|
|
75a229 |
+ * in the (unexpected) case where these variables are already
|
|
|
75a229 |
+ * NULL. */
|
|
|
75a229 |
+ for (n = 0; n < sizeof(dhparams)/sizeof(dhparams[0]); n++) {
|
|
|
75a229 |
+ DH_free(dhparams[n].dh);
|
|
|
75a229 |
+ dhparams[n].dh = NULL;
|
|
|
75a229 |
+ }
|
|
|
75a229 |
+}
|
|
|
75a229 |
+
|
|
|
75a229 |
+/* Hand out the same DH structure though once generated as we leak
|
|
|
75a229 |
+ * memory otherwise and freeing the structure up after use would be
|
|
|
75a229 |
+ * hard to track and in fact is not needed at all as it is safe to
|
|
|
75a229 |
+ * use the same parameters over and over again security wise (in
|
|
|
75a229 |
+ * contrast to the keys itself) and code safe as the returned structure
|
|
|
75a229 |
+ * is duplicated by OpenSSL anyway. Hence no modification happens
|
|
|
75a229 |
+ * to our copy. */
|
|
|
75a229 |
+DH *modssl_get_dh_params(unsigned keylen)
|
|
|
75a229 |
+{
|
|
|
75a229 |
+ unsigned n;
|
|
|
75a229 |
+
|
|
|
75a229 |
+ for (n = 0; n < sizeof(dhparams)/sizeof(dhparams[0]); n++)
|
|
|
75a229 |
+ if (keylen >= dhparams[n].min)
|
|
|
75a229 |
+ return dhparams[n].dh;
|
|
|
75a229 |
+
|
|
|
75a229 |
+ return NULL; /* impossible to reach. */
|
|
|
75a229 |
+}
|
|
|
75a229 |
+
|
|
|
75a229 |
static void ssl_add_version_components(apr_pool_t *p,
|
|
|
75a229 |
server_rec *s)
|
|
|
75a229 |
{
|
|
|
75a229 |
@@ -244,6 +317,8 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
|
|
|
75a229 |
|
|
|
75a229 |
SSL_init_app_data2_idx(); /* for SSL_get_app_data2() at request time */
|
|
|
75a229 |
|
|
|
75a229 |
+ init_dh_params();
|
|
|
75a229 |
+
|
|
|
75a229 |
return OK;
|
|
|
75a229 |
}
|
|
|
75a229 |
|
|
|
75a229 |
@@ -1623,6 +1698,8 @@ apr_status_t ssl_init_ModuleKill(void *data)
|
|
|
75a229 |
ssl_init_ctx_cleanup_server(sc->server);
|
|
|
75a229 |
}
|
|
|
75a229 |
|
|
|
75a229 |
+ free_dh_params();
|
|
|
75a229 |
+
|
|
|
75a229 |
return APR_SUCCESS;
|
|
|
75a229 |
}
|
|
|
75a229 |
|
|
|
75a229 |
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
|
|
|
75a229 |
index 2d6d59e..1ecbccd 100644
|
|
|
75a229 |
--- a/modules/ssl/ssl_engine_kernel.c
|
|
|
75a229 |
+++ b/modules/ssl/ssl_engine_kernel.c
|
|
|
75a229 |
@@ -1287,34 +1287,6 @@ const authz_provider ssl_authz_provider_verify_client =
|
|
|
75a229 |
*/
|
|
|
75a229 |
|
|
|
75a229 |
/*
|
|
|
75a229 |
- * Grab well-defined DH parameters from OpenSSL, see <openssl/bn.h>
|
|
|
75a229 |
- * (get_rfc*) for all available primes.
|
|
|
75a229 |
- */
|
|
|
75a229 |
-#define make_get_dh(rfc,size,gen) \
|
|
|
75a229 |
-static DH *get_dh##size(void) \
|
|
|
75a229 |
-{ \
|
|
|
75a229 |
- DH *dh; \
|
|
|
75a229 |
- if (!(dh = DH_new())) { \
|
|
|
75a229 |
- return NULL; \
|
|
|
75a229 |
- } \
|
|
|
75a229 |
- dh->p = get_##rfc##_prime_##size(NULL); \
|
|
|
75a229 |
- BN_dec2bn(&dh->g, #gen); \
|
|
|
75a229 |
- if (!dh->p || !dh->g) { \
|
|
|
75a229 |
- DH_free(dh); \
|
|
|
75a229 |
- return NULL; \
|
|
|
75a229 |
- } \
|
|
|
75a229 |
- return dh; \
|
|
|
75a229 |
-}
|
|
|
75a229 |
-
|
|
|
75a229 |
-/*
|
|
|
75a229 |
- * Prepare DH parameters from 1024 to 4096 bits, in 1024-bit increments
|
|
|
75a229 |
- */
|
|
|
75a229 |
-make_get_dh(rfc2409, 1024, 2)
|
|
|
75a229 |
-make_get_dh(rfc3526, 2048, 2)
|
|
|
75a229 |
-make_get_dh(rfc3526, 3072, 2)
|
|
|
75a229 |
-make_get_dh(rfc3526, 4096, 2)
|
|
|
75a229 |
-
|
|
|
75a229 |
-/*
|
|
|
75a229 |
* Hand out standard DH parameters, based on the authentication strength
|
|
|
75a229 |
*/
|
|
|
75a229 |
DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen)
|
|
|
75a229 |
@@ -1342,14 +1314,7 @@ DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen)
|
|
|
75a229 |
ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
|
|
|
75a229 |
"handing out built-in DH parameters for %d-bit authenticated connection", keylen);
|
|
|
75a229 |
|
|
|
75a229 |
- if (keylen >= 4096)
|
|
|
75a229 |
- return get_dh4096();
|
|
|
75a229 |
- else if (keylen >= 3072)
|
|
|
75a229 |
- return get_dh3072();
|
|
|
75a229 |
- else if (keylen >= 2048)
|
|
|
75a229 |
- return get_dh2048();
|
|
|
75a229 |
- else
|
|
|
75a229 |
- return get_dh1024();
|
|
|
75a229 |
+ return modssl_get_dh_params(keylen);
|
|
|
75a229 |
}
|
|
|
75a229 |
|
|
|
75a229 |
/*
|
|
|
75a229 |
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
|
|
|
75a229 |
index 744af9e..f47ed47 100644
|
|
|
75a229 |
--- a/modules/ssl/ssl_private.h
|
|
|
75a229 |
+++ b/modules/ssl/ssl_private.h
|
|
|
75a229 |
@@ -990,6 +990,11 @@ OCSP_RESPONSE *modssl_dispatch_ocsp_request(const apr_uri_t *uri,
|
|
|
75a229 |
conn_rec *c, apr_pool_t *p);
|
|
|
75a229 |
#endif
|
|
|
75a229 |
|
|
|
75a229 |
+/* Retrieve DH parameters for given key length. Return value should
|
|
|
75a229 |
+ * be treated as unmutable, since it is stored in process-global
|
|
|
75a229 |
+ * memory. */
|
|
|
75a229 |
+DH *modssl_get_dh_params(unsigned keylen);
|
|
|
75a229 |
+
|
|
|
75a229 |
#endif /* SSL_PRIVATE_H */
|
|
|
75a229 |
/** @} */
|
|
|
75a229 |
|