* But almost everything here is fixed published constants from RFCs, so also:
* Copyright (C) The Internet Society (2003)
* Copyright (C) The IETF Trust (2008)
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
* Most of the text in RFC referencing comments is copy/paste from RFC,
* as is undoubtedly the intention.
* The constants are generated from that text using util/gen_pkcs3.c invoked
/* ========================================================================= */
-/*
- * Generated by Phil as a non-standard option.
- * openssl dhparam -2 2048
- * No provenance to prove non-tampering available, beyond trusting that this
- * developer generated this as stated above.
- */
+/* Generated by Phil as a non-standard option.
+openssl dhparam -2 2048
+No provenance to prove non-tampering available, beyond trusting that this
+developer generated this as stated above. */
+
/* MacOSX 10.10.5 invoking system OpenSSL 0.9.8zg */
static const char dh_exim_20160529_1[] =
/* ========================================================================= */
struct dh_constant {
- const char *label;
- const char *pem;
+ const char * label;
+ const char * pem;
+ int logging;
};
#define EXIM_DH_PRIME_DEFAULT dh_exim_20160529_3
/* KEEP SORTED ALPHABETICALLY;
- * duplicate PEM are okay, if we want aliases, but names must be alphabetical */
+duplicate PEM are okay, if we want aliases, but names must be alphabetical */
+
static struct dh_constant dh_constants[] = {
/* label pem */
- { "default", EXIM_DH_PRIME_DEFAULT },
- { "exim.dev.20160529.1", dh_exim_20160529_1 },
- { "exim.dev.20160529.2", dh_exim_20160529_2 },
- { "exim.dev.20160529.3", dh_exim_20160529_3 },
- { "ffdhe2048", dh_ffdhe2048_pem },
- { "ffdhe3072", dh_ffdhe3072_pem },
- { "ffdhe4096", dh_ffdhe4096_pem },
- { "ffdhe6144", dh_ffdhe6144_pem },
- { "ffdhe8192", dh_ffdhe8192_pem },
- { "ike1", dh_ike_1_pem },
- { "ike14", dh_ike_14_pem },
- { "ike15", dh_ike_15_pem },
- { "ike16", dh_ike_16_pem },
- { "ike17", dh_ike_17_pem },
- { "ike18", dh_ike_18_pem },
- { "ike2", dh_ike_2_pem },
- { "ike22", dh_ike_22_pem },
- { "ike23", dh_ike_23_pem },
- { "ike24", dh_ike_24_pem },
- { "ike5", dh_ike_5_pem },
+ { "default", EXIM_DH_PRIME_DEFAULT, 0 },
+ { "exim.dev.20160529.1", dh_exim_20160529_1, 0 },
+ { "exim.dev.20160529.2", dh_exim_20160529_2, 0 },
+ { "exim.dev.20160529.3", dh_exim_20160529_3, 0 },
+ { "ffdhe2048", dh_ffdhe2048_pem, 0 },
+ { "ffdhe3072", dh_ffdhe3072_pem, 0 },
+ { "ffdhe4096", dh_ffdhe4096_pem, 0 },
+ { "ffdhe6144", dh_ffdhe6144_pem, 0 },
+ { "ffdhe8192", dh_ffdhe8192_pem, 0 },
+ { "ike1", dh_ike_1_pem, LOG_MAIN | LOG_PANIC },
+ { "ike14", dh_ike_14_pem, 0 },
+ { "ike15", dh_ike_15_pem, 0 },
+ { "ike16", dh_ike_16_pem, 0 },
+ { "ike17", dh_ike_17_pem, 0 },
+ { "ike18", dh_ike_18_pem, 0 },
+ { "ike2", dh_ike_2_pem, LOG_MAIN },
+ { "ike22", dh_ike_22_pem, LOG_MAIN | LOG_PANIC },
+ { "ike23", dh_ike_23_pem, LOG_MAIN },
+ { "ike24", dh_ike_24_pem, LOG_MAIN },
+ { "ike5", dh_ike_5_pem, 0 },
};
-static const int dh_constants_count =
- sizeof(dh_constants) / sizeof(struct dh_constant);
+static const int dh_constants_count = nelem(dh_constants);
/* A policy decision; in absence of any other data, use a 2048 bit prime,
- * pick the first one from the latest RFC providing such. */
+pick the first one from the latest RFC providing such. */
+
const char *
std_dh_prime_default(void)
{
- return EXIM_DH_PRIME_DEFAULT;
+return EXIM_DH_PRIME_DEFAULT;
}
+/* Return PEM string for given name */
+
const char *
-std_dh_prime_named(const uschar *name)
+std_dh_prime_named(const uschar * name)
{
- int first, last;
- char *search_name = CS string_copylc(US name);
-
- first = 0;
- last = dh_constants_count;
- while (last > first) {
- int middle = (first + last)/2;
- int c = strcmp(search_name, dh_constants[middle].label);
- if (c == 0)
- return dh_constants[middle].pem;
- else if (c > 0)
- first = middle + 1;
- else
- last = middle;
+for (int first = 0, last = dh_constants_count; last > first; )
+ {
+ int middle = (first + last)/2;
+ struct dh_constant * dp = &dh_constants[middle];
+ int c = Ustrcmp(name, dp->label);
+ if (c == 0)
+ {
+ if (dp->logging)
+ log_write(0, dp->logging,
+ "WARNING: deprecated Diffie-Hellman parameter '%s' used", dp->label);
+ return dp->pem;
+ }
+ else if (c > 0)
+ first = middle + 1;
+ else
+ last = middle;
}
- return NULL;
+return NULL;
}
#endif /*DISABLE_TLS*/
git://git.exim.org / exim.git / blobdiff