Attachment #592124 for bug #674246

View | Details | Raw Unified | Return to bug 674246
Collapse All | Expand All

Lines 53-58 static DH *dh_param_1024 = NULL; Link Here

(-)a/cherokee/cryptor_libssl.c (-4 / +13 lines)
53	static DH *dh_param_2048 = NULL;	53	static DH *dh_param_2048 = NULL;
54	static DH *dh_param_4096 = NULL;	54	static DH *dh_param_4096 = NULL;
55		55
		56	#include "cryptor_libssl_compat.h"
		57
56	#include "cryptor_libssl_dh_512.c"	58	#include "cryptor_libssl_dh_512.c"
57	#include "cryptor_libssl_dh_1024.c"	59	#include "cryptor_libssl_dh_1024.c"
58	#include "cryptor_libssl_dh_2048.c"	60	#include "cryptor_libssl_dh_2048.c"
Lines 238-250 cherokee_cryptor_libssl_find_vserver (SSL *ssl, Link Here
238	/* SSL_set_SSL_CTX() only change certificates. We need to	240	/* SSL_set_SSL_CTX() only change certificates. We need to
239	* changes more options by hand.	241	* changes more options by hand.
240	*/	242	*/
241	SSL_set_options(ssl, SSL_CTX_get_options(ssl->ctx));	243	SSL_set_options(ssl, SSL_CTX_get_options(ctx));
242		244
243	if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) \|\|	245	if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) \|\|
244	(SSL_num_renegotiations(ssl) == 0)) {	246	(SSL_num_renegotiations(ssl) == 0)) {
245		247
246	SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx),	248	SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx),
247	SSL_CTX_get_verify_callback(ssl->ctx));	249	SSL_CTX_get_verify_callback(ctx));
248	}	250	}
249		251
250	return ret_ok;	252	return ret_ok;
Lines 790-800 _socket_init_tls (cherokee_cryptor_socket_libssl_t *cryp, Link Here
790	}	792	}
791	#endif	793	#endif
792		794
		795	#if OPENSSL_VERSION_NUMBER < 0x10100000L
793	/* Disable Ciphers renegotiation (CVE-2009-3555)	796	/* Disable Ciphers renegotiation (CVE-2009-3555)
794	*/	797	*/
795	if (cryp->session->s3) {	798	if (cryp->session->s3) {
796	cryp->session->s3->flags \|= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;	799	cryp->session->s3->flags \|= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
797	}	800	}
		801	#endif
798		802
799	return ret_ok;	803	return ret_ok;
800	}	804	}
Lines 1330-1339 PLUGIN_INIT_NAME(libssl) (cherokee_plugin_loader_t *loader) Link Here
1330		1334
1331	/* Init OpenSSL	1335	/* Init OpenSSL
1332	*/	1336	*/
1333	OPENSSL_config (NULL);	1337	#if OPENSSL_VERSION_NUMBER < 0x10100000L
		1338	OPENSSL_config(NULL);
1334	SSL_library_init();	1339	SSL_library_init();
1335	SSL_load_error_strings();	1340	SSL_load_error_strings();
1336	OpenSSL_add_all_algorithms();	1341	OpenSSL_add_all_algorithms();
		1342	#else
		1343	OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS \| OPENSSL_INIT_ADD_ALL_CIPHERS \| OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
		1344	OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
		1345	#endif
1337		1346
1338	/* Ensure PRNG has been seeded with enough data	1347	/* Ensure PRNG has been seeded with enough data
1339	*/	1348	*/




#if OPENSSL_VERSION_NUMBER < 0x10100000L
#include <string.h>
#include <openssl/engine.h>

int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
{
	/* If the fields p and g in d are NULL, the corresponding input
	 * parameters MUST be non-NULL.  q may remain NULL.
	 */

	if ((dh->p == NULL && p == NULL)
	    || (dh->g == NULL && g == NULL))
		return 0;

	if (p != NULL) {
		BN_free(dh->p);
		dh->p = p;
	}

	if (q != NULL) {
		BN_free(dh->q);
		dh->q = q;
	}

	if (g != NULL) {
		BN_free(dh->g);
		dh->g = g;
	}

	if (q != NULL) {
		dh->length = BN_num_bits(q);
	}

	return 1;
}
#endif




#ifndef HEADER_DH_H
#include <openssl/dh.h>
#endif

static DH *get_dh1024()
{
	static unsigned char dhp_1024[]={
		0x85,0x08,0xFF,0x6C,0xC1,0x0C,0x23,0x55,0xC5,0xF8,0x3D,0x47,
		0x6F,0x23,0x36,0xDA,0x98,0xF3,0xE4,0x56,0xCD,0xA0,0xF3,0x02,
		0x18,0xB0,0xCB,0xD2,0x92,0x4B,0xDC,0x76,0x2B,0x24,0x2B,0x20,

		0xF4,0xB8,0xB7,0x5B,0xEF,0x7E,0x06,0x43,0x2A,0x8E,0x33,0x69,
		0x71,0x65,0x35,0xBF,0xCB,0xCD,0xB0,0x5B,
	};
	static unsigned char dhg_1024[]={
		0x02,
	};
	DH *dh;
	BIGNUM *dhp_bn, *dhg_bn;

	if ((dh=DH_new()) == NULL) return(NULL);
	dhp_bn = BN_bin2bn(dhp_1024, sizeof (dhp_1024), NULL);
	dhg_bn = BN_bin2bn(dhg_1024, sizeof (dhg_1024), NULL);
	if (!DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
		DH_free(dh);
		BN_free(dhp_bn);
		BN_free(dhg_bn);
		return(NULL);
	}
	return(dh);
}




#ifndef HEADER_DH_H
#include <openssl/dh.h>
#endif

static DH *get_dh2048()
{
	static unsigned char dhp_2048[]={
		0xC8,0xF1,0xD4,0x48,0xB6,0x11,0x5B,0x2B,0x9E,0x3D,0xE4,0x49,
		0x0A,0xC4,0x8A,0x0B,0xFF,0xAC,0x09,0x4F,0x88,0x91,0x08,0xB8,
		0x7D,0x71,0xB7,0x7D,0x87,0x44,0x09,0x70,0x15,0xFF,0x0C,0xAF,

		0x7C,0x83,0xB9,0x40,0x7A,0x2E,0xA4,0x1D,0x85,0x68,0x69,0x66,
		0xF8,0xAA,0x70,0x6B,
	};
	static unsigned char dhg_2048[]={
		0x02,
	};
	DH *dh;
	BIGNUM *dhp_bn, *dhg_bn;

	if ((dh=DH_new()) == NULL) return(NULL);
	dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
	dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
	if (!DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
		DH_free(dh);
		BN_free(dhp_bn);
		BN_free(dhg_bn);
		return(NULL);
	}
	return(dh);
}




#ifndef HEADER_DH_H
#include <openssl/dh.h>
#endif

static DH *get_dh4096()
{
	static unsigned char dhp_4096[]={
		0xD2,0xB2,0x5E,0x24,0x83,0x8E,0x04,0x17,0x39,0xAB,0x99,0x5A,
		0xAB,0x0C,0x15,0x3C,0x95,0xE0,0xE4,0x48,0x3F,0xE4,0x22,0x48,
		0xCA,0x19,0xCA,0xD0,0x9E,0xA7,0x09,0xD0,0x97,0x0F,0x31,0x49,

		0xE9,0xD3,0x8C,0x4A,0x7C,0x49,0x36,0x84,0xBF,0xD0,0xE0,0x45,
		0x2C,0x74,0xC9,0x6D,0x09,0xDE,0xA1,0x33,
	};
	static unsigned char dhg_4096[]={
		0x02,
	};
	DH *dh;
	BIGNUM *dhp_bn, *dhg_bn;

	if ((dh=DH_new()) == NULL) return(NULL);
	dhp_bn = BN_bin2bn(dhp_4096, sizeof (dhp_4096), NULL);
	dhg_bn = BN_bin2bn(dhg_4096, sizeof (dhg_4096), NULL);
	if (!DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
		DH_free(dh);
		BN_free(dhp_bn);
		BN_free(dhg_bn);
		return(NULL);
	}
	return(dh);
}




#ifndef HEADER_DH_H
#include <openssl/dh.h>
#endif

static DH *get_dh512()
{
	static unsigned char dhp_512[]={
		0xED,0x78,0x7E,0x95,0xB9,0x05,0xD5,0x00,0x38,0xC6,0x6B,0x49,
		0x78,0x22,0x78,0x43,0x8D,0xCC,0xF9,0x83,0x18,0xBB,0x6E,0xFE,
		0xCD,0x90,0xC3,0x84,0xA8,0x5C,0x04,0x84,0xEB,0x85,0x1D,0x5B,

		0xA5,0xA7,0x10,0x7D,0x43,0x1B,0x6F,0xAD,0xA8,0xA1,0xB0,0xD3,
		0xD9,0x23,0xD1,0x83,
	};
	static unsigned char dhg_512[]={
		0x02,
	};
	DH *dh;
	BIGNUM *dhp_bn, *dhg_bn;

	if ((dh=DH_new()) == NULL) return(NULL);
	dhp_bn = BN_bin2bn(dhp_512, sizeof (dhp_512), NULL);
	dhg_bn = BN_bin2bn(dhg_512, sizeof (dhg_512), NULL);
	if (!DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
		DH_free(dh);
		BN_free(dhp_bn);
		BN_free(dhg_bn);
		return(NULL);
	}
	return(dh);
}

Return to bug 674246

Line 0 Link Here

(-)a/cherokee/cryptor_libssl_compat.h (+36 lines)
	1	#if OPENSSL_VERSION_NUMBER < 0x10100000L
	2	#include <string.h>
	3	#include <openssl/engine.h>
	4
	5	int DH_set0_pqg(DH dh, BIGNUM p, BIGNUM q, BIGNUM g)
	6	{
	7	/* If the fields p and g in d are NULL, the corresponding input
	8	* parameters MUST be non-NULL. q may remain NULL.
	9	*/
	10
	11	if ((dh->p == NULL && p == NULL)
	12	\|\| (dh->g == NULL && g == NULL))
	13	return 0;
	14
	15	if (p != NULL) {
	16	BN_free(dh->p);
	17	dh->p = p;
	18	}
	19
	20	if (q != NULL) {
	21	BN_free(dh->q);
	22	dh->q = q;
	23	}
	24
	25	if (g != NULL) {
	26	BN_free(dh->g);
	27	dh->g = g;
	28	}
	29
	30	if (q != NULL) {
	31	dh->length = BN_num_bits(q);
	32	}
	33
	34	return 1;
	35	}
	36	#endif

Lines 2-10 Link Here

(-)a/cherokee/cryptor_libssl_dh_1024.c (-6 / +11 lines)
2	#ifndef HEADER_DH_H	2	#ifndef HEADER_DH_H
3	#include <openssl/dh.h>	3	#include <openssl/dh.h>
4	#endif	4	#endif
		5
5	static DH *get_dh1024()	6	static DH *get_dh1024()
6	{	7	{
7	static unsigned char dh1024_p[]={	8	static unsigned char dhp_1024[]={
8	0x85,0x08,0xFF,0x6C,0xC1,0x0C,0x23,0x55,0xC5,0xF8,0x3D,0x47,	9	0x85,0x08,0xFF,0x6C,0xC1,0x0C,0x23,0x55,0xC5,0xF8,0x3D,0x47,
9	0x6F,0x23,0x36,0xDA,0x98,0xF3,0xE4,0x56,0xCD,0xA0,0xF3,0x02,	10	0x6F,0x23,0x36,0xDA,0x98,0xF3,0xE4,0x56,0xCD,0xA0,0xF3,0x02,
10	0x18,0xB0,0xCB,0xD2,0x92,0x4B,0xDC,0x76,0x2B,0x24,0x2B,0x20,	11	0x18,0xB0,0xCB,0xD2,0x92,0x4B,0xDC,0x76,0x2B,0x24,0x2B,0x20,
Lines 17-32 static DH *get_dh1024() Link Here
17	0xF4,0xB8,0xB7,0x5B,0xEF,0x7E,0x06,0x43,0x2A,0x8E,0x33,0x69,	18	0xF4,0xB8,0xB7,0x5B,0xEF,0x7E,0x06,0x43,0x2A,0x8E,0x33,0x69,
18	0x71,0x65,0x35,0xBF,0xCB,0xCD,0xB0,0x5B,	19	0x71,0x65,0x35,0xBF,0xCB,0xCD,0xB0,0x5B,
19	};	20	};
20	static unsigned char dh1024_g[]={	21	static unsigned char dhg_1024[]={
21	0x02,	22	0x02,
22	};	23	};
23	DH *dh;	24	DH *dh;
		25	BIGNUM dhp_bn, dhg_bn;
24		26
25	if ((dh=DH_new()) == NULL) return(NULL);	27	if ((dh=DH_new()) == NULL) return(NULL);
26	dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);	28	dhp_bn = BN_bin2bn(dhp_1024, sizeof (dhp_1024), NULL);
27	dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);	29	dhg_bn = BN_bin2bn(dhg_1024, sizeof (dhg_1024), NULL);
28	if ((dh->p == NULL) \|\| (dh->g == NULL)) {	30	if (!DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
29	DH_free(dh); return(NULL);	31	DH_free(dh);
		32	BN_free(dhp_bn);
		33	BN_free(dhg_bn);
		34	return(NULL);
30	}	35	}
31	return(dh);	36	return(dh);
32	}	37	}

Lines 2-10 Link Here

(-)a/cherokee/cryptor_libssl_dh_2048.c (-6 / +11 lines)
2	#ifndef HEADER_DH_H	2	#ifndef HEADER_DH_H
3	#include <openssl/dh.h>	3	#include <openssl/dh.h>
4	#endif	4	#endif
		5
5	static DH *get_dh2048()	6	static DH *get_dh2048()
6	{	7	{
7	static unsigned char dh2048_p[]={	8	static unsigned char dhp_2048[]={
8	0xC8,0xF1,0xD4,0x48,0xB6,0x11,0x5B,0x2B,0x9E,0x3D,0xE4,0x49,	9	0xC8,0xF1,0xD4,0x48,0xB6,0x11,0x5B,0x2B,0x9E,0x3D,0xE4,0x49,
9	0x0A,0xC4,0x8A,0x0B,0xFF,0xAC,0x09,0x4F,0x88,0x91,0x08,0xB8,	10	0x0A,0xC4,0x8A,0x0B,0xFF,0xAC,0x09,0x4F,0x88,0x91,0x08,0xB8,
10	0x7D,0x71,0xB7,0x7D,0x87,0x44,0x09,0x70,0x15,0xFF,0x0C,0xAF,	11	0x7D,0x71,0xB7,0x7D,0x87,0x44,0x09,0x70,0x15,0xFF,0x0C,0xAF,
Lines 28-43 static DH *get_dh2048() Link Here
28	0x7C,0x83,0xB9,0x40,0x7A,0x2E,0xA4,0x1D,0x85,0x68,0x69,0x66,	29	0x7C,0x83,0xB9,0x40,0x7A,0x2E,0xA4,0x1D,0x85,0x68,0x69,0x66,
29	0xF8,0xAA,0x70,0x6B,	30	0xF8,0xAA,0x70,0x6B,
30	};	31	};
31	static unsigned char dh2048_g[]={	32	static unsigned char dhg_2048[]={
32	0x02,	33	0x02,
33	};	34	};
34	DH *dh;	35	DH *dh;
		36	BIGNUM dhp_bn, dhg_bn;
35		37
36	if ((dh=DH_new()) == NULL) return(NULL);	38	if ((dh=DH_new()) == NULL) return(NULL);
37	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);	39	dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
38	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);	40	dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
39	if ((dh->p == NULL) \|\| (dh->g == NULL)) {	41	if (!DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
40	DH_free(dh); return(NULL);	42	DH_free(dh);
		43	BN_free(dhp_bn);
		44	BN_free(dhg_bn);
		45	return(NULL);
41	}	46	}
42	return(dh);	47	return(dh);
43	}	48	}

Lines 2-10 Link Here

(-)a/cherokee/cryptor_libssl_dh_4096.c (-6 / +11 lines)
2	#ifndef HEADER_DH_H	2	#ifndef HEADER_DH_H
3	#include <openssl/dh.h>	3	#include <openssl/dh.h>
4	#endif	4	#endif
		5
5	static DH *get_dh4096()	6	static DH *get_dh4096()
6	{	7	{
7	static unsigned char dh4096_p[]={	8	static unsigned char dhp_4096[]={
8	0xD2,0xB2,0x5E,0x24,0x83,0x8E,0x04,0x17,0x39,0xAB,0x99,0x5A,	9	0xD2,0xB2,0x5E,0x24,0x83,0x8E,0x04,0x17,0x39,0xAB,0x99,0x5A,
9	0xAB,0x0C,0x15,0x3C,0x95,0xE0,0xE4,0x48,0x3F,0xE4,0x22,0x48,	10	0xAB,0x0C,0x15,0x3C,0x95,0xE0,0xE4,0x48,0x3F,0xE4,0x22,0x48,
10	0xCA,0x19,0xCA,0xD0,0x9E,0xA7,0x09,0xD0,0x97,0x0F,0x31,0x49,	11	0xCA,0x19,0xCA,0xD0,0x9E,0xA7,0x09,0xD0,0x97,0x0F,0x31,0x49,
Lines 49-64 static DH *get_dh4096() Link Here
49	0xE9,0xD3,0x8C,0x4A,0x7C,0x49,0x36,0x84,0xBF,0xD0,0xE0,0x45,	50	0xE9,0xD3,0x8C,0x4A,0x7C,0x49,0x36,0x84,0xBF,0xD0,0xE0,0x45,
50	0x2C,0x74,0xC9,0x6D,0x09,0xDE,0xA1,0x33,	51	0x2C,0x74,0xC9,0x6D,0x09,0xDE,0xA1,0x33,
51	};	52	};
52	static unsigned char dh4096_g[]={	53	static unsigned char dhg_4096[]={
53	0x02,	54	0x02,
54	};	55	};
55	DH *dh;	56	DH *dh;
		57	BIGNUM dhp_bn, dhg_bn;
56		58
57	if ((dh=DH_new()) == NULL) return(NULL);	59	if ((dh=DH_new()) == NULL) return(NULL);
58	dh->p=BN_bin2bn(dh4096_p,sizeof(dh4096_p),NULL);	60	dhp_bn = BN_bin2bn(dhp_4096, sizeof (dhp_4096), NULL);
59	dh->g=BN_bin2bn(dh4096_g,sizeof(dh4096_g),NULL);	61	dhg_bn = BN_bin2bn(dhg_4096, sizeof (dhg_4096), NULL);
60	if ((dh->p == NULL) \|\| (dh->g == NULL)) {	62	if (!DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
61	DH_free(dh); return(NULL);	63	DH_free(dh);
		64	BN_free(dhp_bn);
		65	BN_free(dhg_bn);
		66	return(NULL);
62	}	67	}
63	return(dh);	68	return(dh);
64	}	69	}

Lines 2-10 Link Here

(-)a/cherokee/cryptor_libssl_dh_512.c (-6 / +11 lines)
2	#ifndef HEADER_DH_H	2	#ifndef HEADER_DH_H
3	#include <openssl/dh.h>	3	#include <openssl/dh.h>
4	#endif	4	#endif
		5
5	static DH *get_dh512()	6	static DH *get_dh512()
6	{	7	{
7	static unsigned char dh512_p[]={	8	static unsigned char dhp_512[]={
8	0xED,0x78,0x7E,0x95,0xB9,0x05,0xD5,0x00,0x38,0xC6,0x6B,0x49,	9	0xED,0x78,0x7E,0x95,0xB9,0x05,0xD5,0x00,0x38,0xC6,0x6B,0x49,
9	0x78,0x22,0x78,0x43,0x8D,0xCC,0xF9,0x83,0x18,0xBB,0x6E,0xFE,	10	0x78,0x22,0x78,0x43,0x8D,0xCC,0xF9,0x83,0x18,0xBB,0x6E,0xFE,
10	0xCD,0x90,0xC3,0x84,0xA8,0x5C,0x04,0x84,0xEB,0x85,0x1D,0x5B,	11	0xCD,0x90,0xC3,0x84,0xA8,0x5C,0x04,0x84,0xEB,0x85,0x1D,0x5B,
Lines 12-27 static DH *get_dh512() Link Here
12	0xA5,0xA7,0x10,0x7D,0x43,0x1B,0x6F,0xAD,0xA8,0xA1,0xB0,0xD3,	13	0xA5,0xA7,0x10,0x7D,0x43,0x1B,0x6F,0xAD,0xA8,0xA1,0xB0,0xD3,
13	0xD9,0x23,0xD1,0x83,	14	0xD9,0x23,0xD1,0x83,
14	};	15	};
15	static unsigned char dh512_g[]={	16	static unsigned char dhg_512[]={
16	0x02,	17	0x02,
17	};	18	};
18	DH *dh;	19	DH *dh;
		20	BIGNUM dhp_bn, dhg_bn;
19		21
20	if ((dh=DH_new()) == NULL) return(NULL);	22	if ((dh=DH_new()) == NULL) return(NULL);
21	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);	23	dhp_bn = BN_bin2bn(dhp_512, sizeof (dhp_512), NULL);
22	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);	24	dhg_bn = BN_bin2bn(dhg_512, sizeof (dhg_512), NULL);
23	if ((dh->p == NULL) \|\| (dh->g == NULL)) {	25	if (!DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
24	DH_free(dh); return(NULL);	26	DH_free(dh);
		27	BN_free(dhp_bn);
		28	BN_free(dhg_bn);
		29	return(NULL);
25	}	30	}
26	return(dh);	31	return(dh);
27	}	32	}