From 317e40ac8b1b816f4a22620a5647c6258de61598 Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Sun, 29 May 2016 02:31:18 -0400 Subject: [PATCH] DH parameters update, new values & default * Add three new Exim-specific DH parameter constants; state provenance, but no way for others to verify; this is a signed commit, which is about as much as we can do for the truly paranoid: provide an audit trail. * Add the RFC 7919 DH primes + No TLS feature negotiation, per 7919, but the DH primes can be used if folks so choose * Fixed broken format string in util/gen_pkcs3.c * Tried to make gen_pkcs3.c support q values. + Turns out, q doesn't affect the PEM and that's not a mistake in my initialisation; I've checked with a cryptographer, we're losing some server-side optimizations but not any security properties for our scenario. Fixes: 1895 --- doc/doc-docbook/spec.xfpt | 38 ++- doc/doc-txt/ChangeLog | 3 + doc/doc-txt/NewStuff | 2 + src/scripts/source_checks | 1 + src/src/std-crypto.c | 503 +++++++++++++++++++++++++++++++++++++- src/util/.gitignore | 2 + src/util/gen_pkcs3.c | 41 +++- 7 files changed, 574 insertions(+), 16 deletions(-) create mode 100644 src/util/.gitignore diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index b3f97e1ea..7608dc680 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -17034,7 +17034,15 @@ larger prime than requested. The value of this option is expanded and indicates the source of DH parameters to be used by Exim. -If it is a filename starting with a &`/`&, then it names a file from which DH +.new +&*Note: The Exim Maintainers strongly recommend using a filename with site-generated +local DH parameters*&, which has been supported across all versions of Exim. The +other specific constants available are a fallback so that even when +"unconfigured", Exim can offer Perfect Forward Secrecy in older ciphersuites in TLS. +.wen + +If &%tls_dhparam%& is a filename starting with a &`/`&, +then it names a file from which DH parameters should be loaded. If the file exists, it should hold a PEM-encoded PKCS#3 representation of the DH prime. If the file does not exist, for OpenSSL it is an error. For GnuTLS, Exim will attempt to create the file and @@ -17050,23 +17058,39 @@ Exim will attempt to load a file from inside the spool directory. If the file does not exist, Exim will attempt to create it. See section &<>& for further details. +.new If Exim is using OpenSSL and this option is empty or unset, then Exim will load -a default DH prime; the default is the 2048 bit prime described in section +a default DH prime; the default is Exim-specific but lacks verifiable provenance. + +In older versions of Exim the default was the 2048 bit prime described in section 2.2 of RFC 5114, "2048-bit MODP Group with 224-bit Prime Order Subgroup", which in IKE is assigned number 23. Otherwise, the option must expand to the name used by Exim for any of a number -of DH primes specified in RFC 2409, RFC 3526 and RFC 5114. As names, Exim uses -"ike" followed by the number used by IKE, or "default" which corresponds to -"ike23". +of DH primes specified in RFC 2409, RFC 3526, RFC 5114, RFC 7919, or from other +sources. As names, Exim uses a standard specified name, else "ike" followed by +the number used by IKE, or "default" which corresponds to +&`exim.dev.20160529.3`&. -The available primes are: +The available standard primes are: +&`ffdhe2048`&, &`ffdhe3072`&, &`ffdhe4096`&, &`ffdhe6144`&, &`ffdhe8192`&, &`ike1`&, &`ike2`&, &`ike5`&, &`ike14`&, &`ike15`&, &`ike16`&, &`ike17`&, &`ike18`&, -&`ike22`&, &`ike23`& (aka &`default`&) and &`ike24`&. +&`ike22`&, &`ike23`& and &`ike24`&. + +The available additional primes are: +&`exim.dev.20160529.1`&, &`exim.dev.20160529.2`& and &`exim.dev.20160529.3`&. Some of these will be too small to be accepted by clients. Some may be too large to be accepted by clients. +The open cryptographic community has suspicions about the integrity of some +of the later IKE values, which led into RFC7919 providing new fixed constants +(the "ffdhe" identifiers). + +At this point, all of the "ike" values should be considered obsolete; +they're still in Exim to avoid breaking unusual configurations, but are +candidates for removal the next time we have backwards-incompatible changes. +.wen The TLS protocol does not negotiate an acceptable size for this; clients tend to hard-drop connections if what is offered by the server is unacceptable, diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 80ea2105d..c68e45ce8 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -114,6 +114,9 @@ JH/29 Fix the connection_reject log selector to apply to the connect ACL. JH/30 Bug 1897: fix callouts connection fallback from TLS to cleartext. +PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created + by me. Added RFC7919 DH primes as an alternative. + Exim version 4.87 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index d99b8e0a6..2e060cce2 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -49,6 +49,8 @@ Version 4.88 returns from the target back to the initiator, rather than spooling the message. +13. New built-in constants available for tls_dhparam and default changed. + Version 4.87 ------------ diff --git a/src/scripts/source_checks b/src/scripts/source_checks index 6da8a8664..918a6f8eb 100644 --- a/src/scripts/source_checks +++ b/src/scripts/source_checks @@ -19,6 +19,7 @@ done <<-END globals.c header_names globals.c log_options expand.c item_table + std-crypto.c dh_constants transport.c optionlist_transports route.c optionlist_routers transports/appendfile.c appendfile_transport_options diff --git a/src/src/std-crypto.c b/src/src/std-crypto.c index 3f0fec897..8ccef122b 100644 --- a/src/src/std-crypto.c +++ b/src/src/std-crypto.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Phil Pennock 2012 +/* Copyright (c) Phil Pennock 2012, 2016 * But almost everything here is fixed published constants from RFCs, so also: * Copyright (C) The Internet Society (2003) * Copyright (C) The IETF Trust (2008) @@ -459,6 +459,497 @@ static const char dh_ike_24_pem[] = "KM3GfrYYS1I9HbJGwy9jB4SQ8A741kfRSNR5VFFeIyfP75jFgmZLTA9sxBZZ\n" "-----END DH PARAMETERS-----\n"; +/* ------------------------------------------------------------------------- */ +/* RFC 7919 Published August 2016, so strength estimates date from then. + +A.1. ffdhe2048 + + The 2048-bit group has registry value 256 and is calculated from the + following formula: + + The modulus is: + + p = 2^2048 - 2^1984 + {[2^1918 * e] + 560316 } * 2^64 - 1 + + The hexadecimal representation of p is: + + FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1 + D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9 + 7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561 + 2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935 + 984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735 + 30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB + B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19 + 0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61 + 9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73 + 3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA + 886B4238 61285C97 FFFFFFFF FFFFFFFF + + The generator is: g = 2 + + The group size is: q = (p-1)/2 + + The hexadecimal representation of q is: + + 7FFFFFFF FFFFFFFF D6FC2A2C 515DA54D 57EE2B10 139E9E78 + EC5CE2C1 E7169B4A D4F09B20 8A3219FD E649CEE7 124D9F7C + BE97F1B1 B1863AEC 7B40D901 576230BD 69EF8F6A EAFEB2B0 + 9219FA8F AF833768 42B1B2AA 9EF68D79 DAAB89AF 3FABE49A + CC278638 707345BB F15344ED 79F7F439 0EF8AC50 9B56F39A + 98566527 A41D3CBD 5E0558C1 59927DB0 E88454A5 D96471FD + DCB56D5B B06BFA34 0EA7A151 EF1CA6FA 572B76F3 B1B95D8C + 8583D3E4 770536B8 4F017E70 E6FBF176 601A0266 941A17B0 + C8B97F4E 74C2C1FF C7278919 777940C1 E1FF1D8D A637D6B9 + 9DDAFE5E 17611002 E2C778C1 BE8B41D9 6379A513 60D977FD + 4435A11C 30942E4B FFFFFFFF FFFFFFFF + + The estimated symmetric-equivalent strength of this group is 103 + bits. +*/ +static const char dh_ffdhe2048_pem[] = +"-----BEGIN DH PARAMETERS-----\n" +"MIH+AoH4DfhUWKK7Spqv3FYgJz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v\n" +"42NjDHXY9oGyAq7EYXrT3x7V1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhP\n" +"DHDg5ot34qaJ2vPv6HId8VihNq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq\n" +"2rdg1/RoHU9Co945TfSuVu3nY3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy\n" +"/pzphYP/jk8SMu7ygYPD/jsbTG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohr\n" +"QjhhKFyX//////////8CAQI=\n" +"-----END DH PARAMETERS-----\n"; + +/* +A.2. ffdhe3072 + + The 3072-bit prime has registry value 257 and is calculated from the + following formula: + + The modulus is: + + p = 2^3072 - 2^3008 + {[2^2942 * e] + 2625351} * 2^64 - 1 + + The hexadecimal representation of p is: + + FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1 + D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9 + 7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561 + 2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935 + 984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735 + 30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB + B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19 + 0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61 + 9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73 + 3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA + 886B4238 611FCFDC DE355B3B 6519035B BC34F4DE F99C0238 + 61B46FC9 D6E6C907 7AD91D26 91F7F7EE 598CB0FA C186D91C + AEFE1309 85139270 B4130C93 BC437944 F4FD4452 E2D74DD3 + 64F2E21E 71F54BFF 5CAE82AB 9C9DF69E E86D2BC5 22363A0D + ABC52197 9B0DEADA 1DBF9A42 D5C4484E 0ABCD06B FA53DDEF + 3C1B20EE 3FD59D7C 25E41D2B 66C62E37 FFFFFFFF FFFFFFFF + + The generator is: g = 2 + + The group size is: q = (p-1)/2 + + The hexadecimal representation of q is: + + 7FFFFFFF FFFFFFFF D6FC2A2C 515DA54D 57EE2B10 139E9E78 + EC5CE2C1 E7169B4A D4F09B20 8A3219FD E649CEE7 124D9F7C + BE97F1B1 B1863AEC 7B40D901 576230BD 69EF8F6A EAFEB2B0 + 9219FA8F AF833768 42B1B2AA 9EF68D79 DAAB89AF 3FABE49A + CC278638 707345BB F15344ED 79F7F439 0EF8AC50 9B56F39A + 98566527 A41D3CBD 5E0558C1 59927DB0 E88454A5 D96471FD + DCB56D5B B06BFA34 0EA7A151 EF1CA6FA 572B76F3 B1B95D8C + 8583D3E4 770536B8 4F017E70 E6FBF176 601A0266 941A17B0 + C8B97F4E 74C2C1FF C7278919 777940C1 E1FF1D8D A637D6B9 + 9DDAFE5E 17611002 E2C778C1 BE8B41D9 6379A513 60D977FD + 4435A11C 308FE7EE 6F1AAD9D B28C81AD DE1A7A6F 7CCE011C + 30DA37E4 EB736483 BD6C8E93 48FBFBF7 2CC6587D 60C36C8E + 577F0984 C289C938 5A098649 DE21BCA2 7A7EA229 716BA6E9 + B279710F 38FAA5FF AE574155 CE4EFB4F 743695E2 911B1D06 + D5E290CB CD86F56D 0EDFCD21 6AE22427 055E6835 FD29EEF7 + 9E0D9077 1FEACEBE 12F20E95 B363171B FFFFFFFF FFFFFFFF + + The estimated symmetric-equivalent strength of this group is 125 + bits. +*/ +static const char dh_ffdhe3072_pem[] = +"-----BEGIN DH PARAMETERS-----\n" +"MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n" +"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n" +"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n" +"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n" +"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n" +"ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n" +"7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n" +"nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu\n" +"N///////////AgEC\n" +"-----END DH PARAMETERS-----\n"; + +/* +A.3. ffdhe4096 + + The 4096-bit group has registry value 258 and is calculated from the + following formula: + + The modulus is: + + p = 2^4096 - 2^4032 + {[2^3966 * e] + 5736041} * 2^64 - 1 + + The hexadecimal representation of p is: + + FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1 + D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9 + 7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561 + 2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935 + 984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735 + 30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB + B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19 + 0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61 + 9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73 + 3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA + 886B4238 611FCFDC DE355B3B 6519035B BC34F4DE F99C0238 + 61B46FC9 D6E6C907 7AD91D26 91F7F7EE 598CB0FA C186D91C + AEFE1309 85139270 B4130C93 BC437944 F4FD4452 E2D74DD3 + 64F2E21E 71F54BFF 5CAE82AB 9C9DF69E E86D2BC5 22363A0D + ABC52197 9B0DEADA 1DBF9A42 D5C4484E 0ABCD06B FA53DDEF + 3C1B20EE 3FD59D7C 25E41D2B 669E1EF1 6E6F52C3 164DF4FB + 7930E9E4 E58857B6 AC7D5F42 D69F6D18 7763CF1D 55034004 + 87F55BA5 7E31CC7A 7135C886 EFB4318A ED6A1E01 2D9E6832 + A907600A 918130C4 6DC778F9 71AD0038 092999A3 33CB8B7A + 1A1DB93D 7140003C 2A4ECEA9 F98D0ACC 0A8291CD CEC97DCF + 8EC9B55A 7F88A46B 4DB5A851 F44182E1 C68A007E 5E655F6A + FFFFFFFF FFFFFFFF + + The generator is: g = 2 + + The group size is: q = (p-1)/2 + + The hexadecimal representation of q is: + + 7FFFFFFF FFFFFFFF D6FC2A2C 515DA54D 57EE2B10 139E9E78 + EC5CE2C1 E7169B4A D4F09B20 8A3219FD E649CEE7 124D9F7C + BE97F1B1 B1863AEC 7B40D901 576230BD 69EF8F6A EAFEB2B0 + 9219FA8F AF833768 42B1B2AA 9EF68D79 DAAB89AF 3FABE49A + CC278638 707345BB F15344ED 79F7F439 0EF8AC50 9B56F39A + 98566527 A41D3CBD 5E0558C1 59927DB0 E88454A5 D96471FD + DCB56D5B B06BFA34 0EA7A151 EF1CA6FA 572B76F3 B1B95D8C + 8583D3E4 770536B8 4F017E70 E6FBF176 601A0266 941A17B0 + C8B97F4E 74C2C1FF C7278919 777940C1 E1FF1D8D A637D6B9 + 9DDAFE5E 17611002 E2C778C1 BE8B41D9 6379A513 60D977FD + 4435A11C 308FE7EE 6F1AAD9D B28C81AD DE1A7A6F 7CCE011C + 30DA37E4 EB736483 BD6C8E93 48FBFBF7 2CC6587D 60C36C8E + 577F0984 C289C938 5A098649 DE21BCA2 7A7EA229 716BA6E9 + B279710F 38FAA5FF AE574155 CE4EFB4F 743695E2 911B1D06 + D5E290CB CD86F56D 0EDFCD21 6AE22427 055E6835 FD29EEF7 + 9E0D9077 1FEACEBE 12F20E95 B34F0F78 B737A961 8B26FA7D + BC9874F2 72C42BDB 563EAFA1 6B4FB68C 3BB1E78E AA81A002 + 43FAADD2 BF18E63D 389AE443 77DA18C5 76B50F00 96CF3419 + 5483B005 48C09862 36E3BC7C B8D6801C 0494CCD1 99E5C5BD + 0D0EDC9E B8A0001E 15276754 FCC68566 054148E6 E764BEE7 + C764DAAD 3FC45235 A6DAD428 FA20C170 E345003F 2F32AFB5 + 7FFFFFFF FFFFFFFF + + The estimated symmetric-equivalent strength of this group is 150 + bits. +*/ +static const char dh_ffdhe4096_pem[] = +"-----BEGIN DH PARAMETERS-----\n" +"MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n" +"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n" +"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n" +"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n" +"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n" +"ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n" +"7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n" +"nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e\n" +"8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx\n" +"iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K\n" +"zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=\n" +"-----END DH PARAMETERS-----\n"; + +/* +A.4. ffdhe6144 + + The 6144-bit group has registry value 259 and is calculated from the + following formula: + + The modulus is: + + p = 2^6144 - 2^6080 + {[2^6014 * e] + 15705020} * 2^64 - 1 + + The hexadecimal representation of p is: + + FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1 + D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9 + 7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561 + 2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935 + 984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735 + 30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB + B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19 + 0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61 + 9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73 + 3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA + 886B4238 611FCFDC DE355B3B 6519035B BC34F4DE F99C0238 + 61B46FC9 D6E6C907 7AD91D26 91F7F7EE 598CB0FA C186D91C + AEFE1309 85139270 B4130C93 BC437944 F4FD4452 E2D74DD3 + 64F2E21E 71F54BFF 5CAE82AB 9C9DF69E E86D2BC5 22363A0D + ABC52197 9B0DEADA 1DBF9A42 D5C4484E 0ABCD06B FA53DDEF + 3C1B20EE 3FD59D7C 25E41D2B 669E1EF1 6E6F52C3 164DF4FB + 7930E9E4 E58857B6 AC7D5F42 D69F6D18 7763CF1D 55034004 + 87F55BA5 7E31CC7A 7135C886 EFB4318A ED6A1E01 2D9E6832 + A907600A 918130C4 6DC778F9 71AD0038 092999A3 33CB8B7A + 1A1DB93D 7140003C 2A4ECEA9 F98D0ACC 0A8291CD CEC97DCF + 8EC9B55A 7F88A46B 4DB5A851 F44182E1 C68A007E 5E0DD902 + 0BFD64B6 45036C7A 4E677D2C 38532A3A 23BA4442 CAF53EA6 + 3BB45432 9B7624C8 917BDD64 B1C0FD4C B38E8C33 4C701C3A + CDAD0657 FCCFEC71 9B1F5C3E 4E46041F 388147FB 4CFDB477 + A52471F7 A9A96910 B855322E DB6340D8 A00EF092 350511E3 + 0ABEC1FF F9E3A26E 7FB29F8C 183023C3 587E38DA 0077D9B4 + 763E4E4B 94B2BBC1 94C6651E 77CAF992 EEAAC023 2A281BF6 + B3A739C1 22611682 0AE8DB58 47A67CBE F9C9091B 462D538C + D72B0374 6AE77F5E 62292C31 1562A846 505DC82D B854338A + E49F5235 C95B9117 8CCF2DD5 CACEF403 EC9D1810 C6272B04 + 5B3B71F9 DC6B80D6 3FDD4A8E 9ADB1E69 62A69526 D43161C1 + A41D570D 7938DAD4 A40E329C D0E40E65 FFFFFFFF FFFFFFFF + + The generator is: g = 2 + + The group size is: q = (p-1)/2 + + The hexadecimal representation of q is: + + 7FFFFFFF FFFFFFFF D6FC2A2C 515DA54D 57EE2B10 139E9E78 + EC5CE2C1 E7169B4A D4F09B20 8A3219FD E649CEE7 124D9F7C + BE97F1B1 B1863AEC 7B40D901 576230BD 69EF8F6A EAFEB2B0 + 9219FA8F AF833768 42B1B2AA 9EF68D79 DAAB89AF 3FABE49A + CC278638 707345BB F15344ED 79F7F439 0EF8AC50 9B56F39A + 98566527 A41D3CBD 5E0558C1 59927DB0 E88454A5 D96471FD + DCB56D5B B06BFA34 0EA7A151 EF1CA6FA 572B76F3 B1B95D8C + 8583D3E4 770536B8 4F017E70 E6FBF176 601A0266 941A17B0 + C8B97F4E 74C2C1FF C7278919 777940C1 E1FF1D8D A637D6B9 + 9DDAFE5E 17611002 E2C778C1 BE8B41D9 6379A513 60D977FD + 4435A11C 308FE7EE 6F1AAD9D B28C81AD DE1A7A6F 7CCE011C + 30DA37E4 EB736483 BD6C8E93 48FBFBF7 2CC6587D 60C36C8E + 577F0984 C289C938 5A098649 DE21BCA2 7A7EA229 716BA6E9 + B279710F 38FAA5FF AE574155 CE4EFB4F 743695E2 911B1D06 + D5E290CB CD86F56D 0EDFCD21 6AE22427 055E6835 FD29EEF7 + 9E0D9077 1FEACEBE 12F20E95 B34F0F78 B737A961 8B26FA7D + BC9874F2 72C42BDB 563EAFA1 6B4FB68C 3BB1E78E AA81A002 + 43FAADD2 BF18E63D 389AE443 77DA18C5 76B50F00 96CF3419 + 5483B005 48C09862 36E3BC7C B8D6801C 0494CCD1 99E5C5BD + 0D0EDC9E B8A0001E 15276754 FCC68566 054148E6 E764BEE7 + C764DAAD 3FC45235 A6DAD428 FA20C170 E345003F 2F06EC81 + 05FEB25B 2281B63D 2733BE96 1C29951D 11DD2221 657A9F53 + 1DDA2A19 4DBB1264 48BDEEB2 58E07EA6 59C74619 A6380E1D + 66D6832B FE67F638 CD8FAE1F 2723020F 9C40A3FD A67EDA3B + D29238FB D4D4B488 5C2A9917 6DB1A06C 50077849 1A8288F1 + 855F60FF FCF1D137 3FD94FC6 0C1811E1 AC3F1C6D 003BECDA + 3B1F2725 CA595DE0 CA63328F 3BE57CC9 77556011 95140DFB + 59D39CE0 91308B41 05746DAC 23D33E5F 7CE4848D A316A9C6 + 6B9581BA 3573BFAF 31149618 8AB15423 282EE416 DC2A19C5 + 724FA91A E4ADC88B C66796EA E5677A01 F64E8C08 63139582 + 2D9DB8FC EE35C06B 1FEEA547 4D6D8F34 B1534A93 6A18B0E0 + D20EAB86 BC9C6D6A 5207194E 68720732 FFFFFFFF FFFFFFFF + + The estimated symmetric-equivalent strength of this group is 175 + bits. +*/ +static const char dh_ffdhe6144_pem[] = +"-----BEGIN DH PARAMETERS-----\n" +"MIIDCAKCAwEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n" +"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n" +"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n" +"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n" +"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n" +"ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n" +"7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n" +"nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e\n" +"8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx\n" +"iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K\n" +"zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq\n" +"OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE\n" +"HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj\n" +"w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8\n" +"vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70\n" +"A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKc0OQO\n" +"Zf//////////AgEC\n" +"-----END DH PARAMETERS-----\n"; + +/* +A.5. ffdhe8192 + + The 8192-bit group has registry value 260 and is calculated from the + following formula: + + The modulus is: + + p = 2^8192 - 2^8128 + {[2^8062 * e] + 10965728} * 2^64 - 1 + + The hexadecimal representation of p is: + + FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1 + D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9 + 7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561 + 2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935 + 984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735 + 30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB + B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19 + 0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61 + 9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73 + 3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA + 886B4238 611FCFDC DE355B3B 6519035B BC34F4DE F99C0238 + 61B46FC9 D6E6C907 7AD91D26 91F7F7EE 598CB0FA C186D91C + AEFE1309 85139270 B4130C93 BC437944 F4FD4452 E2D74DD3 + 64F2E21E 71F54BFF 5CAE82AB 9C9DF69E E86D2BC5 22363A0D + ABC52197 9B0DEADA 1DBF9A42 D5C4484E 0ABCD06B FA53DDEF + 3C1B20EE 3FD59D7C 25E41D2B 669E1EF1 6E6F52C3 164DF4FB + 7930E9E4 E58857B6 AC7D5F42 D69F6D18 7763CF1D 55034004 + 87F55BA5 7E31CC7A 7135C886 EFB4318A ED6A1E01 2D9E6832 + A907600A 918130C4 6DC778F9 71AD0038 092999A3 33CB8B7A + 1A1DB93D 7140003C 2A4ECEA9 F98D0ACC 0A8291CD CEC97DCF + 8EC9B55A 7F88A46B 4DB5A851 F44182E1 C68A007E 5E0DD902 + 0BFD64B6 45036C7A 4E677D2C 38532A3A 23BA4442 CAF53EA6 + 3BB45432 9B7624C8 917BDD64 B1C0FD4C B38E8C33 4C701C3A + CDAD0657 FCCFEC71 9B1F5C3E 4E46041F 388147FB 4CFDB477 + A52471F7 A9A96910 B855322E DB6340D8 A00EF092 350511E3 + 0ABEC1FF F9E3A26E 7FB29F8C 183023C3 587E38DA 0077D9B4 + 763E4E4B 94B2BBC1 94C6651E 77CAF992 EEAAC023 2A281BF6 + B3A739C1 22611682 0AE8DB58 47A67CBE F9C9091B 462D538C + D72B0374 6AE77F5E 62292C31 1562A846 505DC82D B854338A + E49F5235 C95B9117 8CCF2DD5 CACEF403 EC9D1810 C6272B04 + 5B3B71F9 DC6B80D6 3FDD4A8E 9ADB1E69 62A69526 D43161C1 + A41D570D 7938DAD4 A40E329C CFF46AAA 36AD004C F600C838 + 1E425A31 D951AE64 FDB23FCE C9509D43 687FEB69 EDD1CC5E + 0B8CC3BD F64B10EF 86B63142 A3AB8829 555B2F74 7C932665 + CB2C0F1C C01BD702 29388839 D2AF05E4 54504AC7 8B758282 + 2846C0BA 35C35F5C 59160CC0 46FD8251 541FC68C 9C86B022 + BB709987 6A460E74 51A8A931 09703FEE 1C217E6C 3826E52C + 51AA691E 0E423CFC 99E9E316 50C1217B 624816CD AD9A95F9 + D5B80194 88D9C0A0 A1FE3075 A577E231 83F81D4A 3F2FA457 + 1EFC8CE0 BA8A4FE8 B6855DFE 72B0A66E DED2FBAB FBE58A30 + FAFABE1C 5D71A87E 2F741EF8 C1FE86FE A6BBFDE5 30677F0D + 97D11D49 F7A8443D 0822E506 A9F4614E 011E2A94 838FF88C + D68C8BB7 C5C6424C FFFFFFFF FFFFFFFF + + The generator is: g = 2 + + The group size is: q = (p-1)/2 + + The hexadecimal representation of q is: + + 7FFFFFFF FFFFFFFF D6FC2A2C 515DA54D 57EE2B10 139E9E78 + EC5CE2C1 E7169B4A D4F09B20 8A3219FD E649CEE7 124D9F7C + BE97F1B1 B1863AEC 7B40D901 576230BD 69EF8F6A EAFEB2B0 + 9219FA8F AF833768 42B1B2AA 9EF68D79 DAAB89AF 3FABE49A + CC278638 707345BB F15344ED 79F7F439 0EF8AC50 9B56F39A + 98566527 A41D3CBD 5E0558C1 59927DB0 E88454A5 D96471FD + DCB56D5B B06BFA34 0EA7A151 EF1CA6FA 572B76F3 B1B95D8C + 8583D3E4 770536B8 4F017E70 E6FBF176 601A0266 941A17B0 + C8B97F4E 74C2C1FF C7278919 777940C1 E1FF1D8D A637D6B9 + 9DDAFE5E 17611002 E2C778C1 BE8B41D9 6379A513 60D977FD + 4435A11C 308FE7EE 6F1AAD9D B28C81AD DE1A7A6F 7CCE011C + 30DA37E4 EB736483 BD6C8E93 48FBFBF7 2CC6587D 60C36C8E + 577F0984 C289C938 5A098649 DE21BCA2 7A7EA229 716BA6E9 + B279710F 38FAA5FF AE574155 CE4EFB4F 743695E2 911B1D06 + D5E290CB CD86F56D 0EDFCD21 6AE22427 055E6835 FD29EEF7 + 9E0D9077 1FEACEBE 12F20E95 B34F0F78 B737A961 8B26FA7D + BC9874F2 72C42BDB 563EAFA1 6B4FB68C 3BB1E78E AA81A002 + 43FAADD2 BF18E63D 389AE443 77DA18C5 76B50F00 96CF3419 + 5483B005 48C09862 36E3BC7C B8D6801C 0494CCD1 99E5C5BD + 0D0EDC9E B8A0001E 15276754 FCC68566 054148E6 E764BEE7 + C764DAAD 3FC45235 A6DAD428 FA20C170 E345003F 2F06EC81 + 05FEB25B 2281B63D 2733BE96 1C29951D 11DD2221 657A9F53 + 1DDA2A19 4DBB1264 48BDEEB2 58E07EA6 59C74619 A6380E1D + 66D6832B FE67F638 CD8FAE1F 2723020F 9C40A3FD A67EDA3B + D29238FB D4D4B488 5C2A9917 6DB1A06C 50077849 1A8288F1 + 855F60FF FCF1D137 3FD94FC6 0C1811E1 AC3F1C6D 003BECDA + 3B1F2725 CA595DE0 CA63328F 3BE57CC9 77556011 95140DFB + 59D39CE0 91308B41 05746DAC 23D33E5F 7CE4848D A316A9C6 + 6B9581BA 3573BFAF 31149618 8AB15423 282EE416 DC2A19C5 + 724FA91A E4ADC88B C66796EA E5677A01 F64E8C08 63139582 + 2D9DB8FC EE35C06B 1FEEA547 4D6D8F34 B1534A93 6A18B0E0 + D20EAB86 BC9C6D6A 5207194E 67FA3555 1B568026 7B00641C + 0F212D18 ECA8D732 7ED91FE7 64A84EA1 B43FF5B4 F6E8E62F + 05C661DE FB258877 C35B18A1 51D5C414 AAAD97BA 3E499332 + E596078E 600DEB81 149C441C E95782F2 2A282563 C5BAC141 + 1423605D 1AE1AFAE 2C8B0660 237EC128 AA0FE346 4E435811 + 5DB84CC3 B523073A 28D45498 84B81FF7 0E10BF36 1C137296 + 28D5348F 07211E7E 4CF4F18B 286090BD B1240B66 D6CD4AFC + EADC00CA 446CE050 50FF183A D2BBF118 C1FC0EA5 1F97D22B + 8F7E4670 5D4527F4 5B42AEFF 39585337 6F697DD5 FDF2C518 + 7D7D5F0E 2EB8D43F 17BA0F7C 60FF437F 535DFEF2 9833BF86 + CBE88EA4 FBD4221E 84117283 54FA30A7 008F154A 41C7FC46 + 6B4645DB E2E32126 7FFFFFFF FFFFFFFF + + The estimated symmetric-equivalent strength of this group is 192 + bits. +*/ +static const char dh_ffdhe8192_pem[] = +"-----BEGIN DH PARAMETERS-----\n" +"MIIECAKCBAEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n" +"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n" +"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n" +"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n" +"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n" +"ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n" +"7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n" +"nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e\n" +"8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx\n" +"iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K\n" +"zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq\n" +"OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE\n" +"HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj\n" +"w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8\n" +"vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70\n" +"A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKcz/Rq\n" +"qjatAEz2AMg4HkJaMdlRrmT9sj/OyVCdQ2h/62nt0cxeC4zDvfZLEO+GtjFCo6uI\n" +"KVVbL3R8kyZlyywPHMAb1wIpOIg50q8F5FRQSseLdYKCKEbAujXDX1xZFgzARv2C\n" +"UVQfxoychrAiu3CZh2pGDnRRqKkxCXA/7hwhfmw4JuUsUappHg5CPPyZ6eMWUMEh\n" +"e2JIFs2tmpX51bgBlIjZwKCh/jB1pXfiMYP4HUo/L6RXHvyM4LqKT+i2hV3+crCm\n" +"bt7S+6v75Yow+vq+HF1xqH4vdB74wf6G/qa7/eUwZ38Nl9EdSfeoRD0IIuUGqfRh\n" +"TgEeKpSDj/iM1oyLt8XGQkz//////////wIBAg==\n" +"-----END DH PARAMETERS-----\n"; + +/* ========================================================================= */ + +/* + * Generated by Phil as a non-standard option. + * openssl dhparam -2 2048 + * No provenance to prove non-tampering available, beyond trusting that this + * developer generated this as stated above. + */ + +/* MacOSX 10.10.5 invoking system OpenSSL 0.9.8zg */ +static const char dh_exim_20160529_1[] = +"-----BEGIN DH PARAMETERS-----\n" +"MIIBCAKCAQEA8ZMf89Gaye4bDEX1BXZ9+2edkXym9EK0GxmFilHEGpnhgLNmCk+H\n" +"cCb+zn8Ed5bpCOmRuEv9N/VKPjSpno8jYiQbFgUL3vh8uKvQLJNTzDVDbpd3YO7E\n" +"tiS0L0qWL57zIf8b3VZTMRsH4Orz2Rla61wVl6XpxE5WRfGqPS264Vvfew7xmCoi\n" +"INaFzIU6zwk2WeD6K5asctYlQG/UtgY1nRFkQTebIOpm03a6/hw7F14l3yUZgXfv\n" +"I3m4MFaWvxGcuZxddTijXw3VfjMdWvdH3Iz7IcqD32uEzK6Rgi/t4OVSw1kE2oDt\n" +"cFThPUCWb7O4TVq9Xt2UZqZFNU6kUAkv2wIBAg==\n" +"-----END DH PARAMETERS-----\n"; + +/* MacOSX 10.10.5 invoking OpenSSL 1.0.2h installed from brew bottle */ +static const char dh_exim_20160529_2[] = +"-----BEGIN DH PARAMETERS-----\n" +"MIIBCAKCAQEAot84eqyfSb5l8GRCN2ioWP5T85Z/2lVX9A9r9JzwDfvliAAqm6Vp\n" +"UcHdAfVt54kc8DsmLiHdDhxY1I/wo+DcBylfVx13cmkroAocowOD5dwQMYk6iXjV\n" +"ys4heRJhYlAHgt8QZH8dA8c/HLs+rlAHhSUPnetsZmcoPE0LRsjigJsiVXasm+sl\n" +"g/77u5FCkgSrFILcD9PLPto1ciIXp2y8cjXQDk+D9FH1HaSCXLCLkuHxhQXxjTYO\n" +"C3Q53aNLkDJ4zpPt7Kc9NxQFBVlNc260IFDOHTWhgV2zpyG6oIzQoHSmmiLAAfcF\n" +"HrG7I06uZBLjuNGGaM0eeuxHNhs2G2EduwIBAg==\n" +"-----END DH PARAMETERS-----\n"; + +/* Ubuntu 14.04.4 running on dual-core Atom D2500 with OneRNG entropy key */ +static const char dh_exim_20160529_3[] = +"-----BEGIN DH PARAMETERS-----\n" +"MIIBCAKCAQEAkbRYVoge2PtrmV1eKCKluSBFELgckuLSnkuH0TffqbmfoYM34lFu\n" +"2vPM2LhnzKvEBQlIICOTzQD29kROacRfSKpsNINRXhXKUqI6sFXzUZu4Flk69XKG\n" +"ZOSDYvWkI5pSn1amQ4Nnvn6s+uwn/f0ZDZDiKLW9TgntxJV4A2+yeymaeoGCbIXX\n" +"5q8WgajFhAeut36RL93HBnXT1hT7Eja1Y81w9fOzQrwBuXhyfCkAdiMA/VCp0UD4\n" +"0p7uf+okpckVnwD6WnUCHMij8nGlVblZELFYzNi0udtzIrSwlALbZXIeAqhbZXJO\n" +"lCuYspJhzV0Vs0lDJwrxvNwtdg1ernVIowIBAg==\n" +"-----END DH PARAMETERS-----\n"; /* ========================================================================= */ @@ -470,7 +961,15 @@ struct dh_constant { /* KEEP SORTED ALPHABETICALLY; * duplicate PEM are okay, if we want aliases, but names must be alphabetical */ static struct dh_constant dh_constants[] = { - { "default", dh_ike_23_pem }, + { "default", dh_exim_20160529_3 }, + { "exim.dev.20160529.1", dh_exim_20160529_1 }, + { "exim.dev.20160529.2", dh_exim_20160529_2 }, + { "exim.dev.20160529.3", dh_exim_20160529_3 }, + { "ffdhe2048", dh_ffdhe2048_pem }, + { "ffdhe3072", dh_ffdhe3072_pem }, + { "ffdhe4096", dh_ffdhe4096_pem }, + { "ffdhe6144", dh_ffdhe6144_pem }, + { "ffdhe8192", dh_ffdhe8192_pem }, { "ike1", dh_ike_1_pem }, { "ike14", dh_ike_14_pem }, { "ike15", dh_ike_15_pem }, diff --git a/src/util/.gitignore b/src/util/.gitignore new file mode 100644 index 000000000..5d4972483 --- /dev/null +++ b/src/util/.gitignore @@ -0,0 +1,2 @@ +# Compiled programs: +gen_pkcs3 diff --git a/src/util/gen_pkcs3.c b/src/util/gen_pkcs3.c index 4be2c581e..6a467e07a 100644 --- a/src/util/gen_pkcs3.c +++ b/src/util/gen_pkcs3.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2012 Phil Pennock. +/* Copyright (C) 2012,2016 Phil Pennock. * This is distributed as part of Exim and licensed under the GPL. * See the file "NOTICE" for more details. */ @@ -86,7 +86,7 @@ bn_from_text(const char *text) rc = BN_hex2bn(&b, spaceless); if (rc != p - spaceless) - die("BN_hex2bn did not convert entire input; took %d of %z bytes", + die("BN_hex2bn did not convert entire input; took %d of %zu bytes", rc, p - spaceless); return b; @@ -134,7 +134,7 @@ emit_c_format_dh(FILE *stream, DH *dh) break; } *nl = '\0'; - fprintf(stream, "\"%s\\n\"\n", p); + fprintf(stream, "\"%s\\n\"%s\n", p, (nl == end - 1 ? ";" : "")); p = nl + 1; } } @@ -143,9 +143,11 @@ emit_c_format_dh(FILE *stream, DH *dh) void __attribute__((__noreturn__)) usage(FILE *stream, int exitcode) { - fprintf(stream, "Usage: %s [-CPcst] \n" + fprintf(stream, "Usage: %s [-CPcst] []\n" "Both dh_p and dh_g should be hex strings representing the numbers\n" +"The same applies to the optional dh_q (prime-order subgroup).\n" "They may contain whitespace.\n" +"Older values, dh_g is often just '2', not a long string.\n" "\n" " -C show C string form of PEM result\n" " -P do not show PEM\n" @@ -161,7 +163,7 @@ usage(FILE *stream, int exitcode) int main(int argc, char *argv[]) { - BIGNUM *p, *g; + BIGNUM *p, *g, *q; DH *dh; int ch; bool perform_dh_check = false; @@ -169,6 +171,7 @@ main(int argc, char *argv[]) bool show_numbers = false; bool show_pem = true; bool show_text = false; + bool given_q = false; while ((ch = getopt(argc, argv, "CPcsth")) != -1) { switch (ch) { @@ -201,25 +204,49 @@ main(int argc, char *argv[]) argc -= optind; argv += optind; - if (argc != 3) { + if ((argc < 3) || (argc > 4)) { fprintf(stderr, "argc: %d\n", argc); usage(stderr, 1); } + // If we use DH_set0_pqg instead of setting dh fields directly; the q value + // is optional and may be NULL. + // Just blank them all. + p = g = q = NULL; + p = bn_from_text(argv[1]); g = bn_from_text(argv[2]); + if (argc >= 4) { + q = bn_from_text(argv[3]); + given_q = true; + } if (show_numbers) { printf("p = "); BN_print_fp(stdout, p); printf("\ng = "); BN_print_fp(stdout, g); + if (given_q) { + printf("\nq = "); + BN_print_fp(stdout, q); + } printf("\n"); } dh = DH_new(); + // The documented method for setting q appeared in OpenSSL 1.1.0. +#if OPENSSL_VERSION_NUMBER >= 0x1010000f + // NULL okay for q; yes, the optional value is in the middle. + if (DH_set0_pqg(dh, p, q, g) != 1) { + die_openssl_err("initialising DH pqg values failed"); + } +#else dh->p = p; dh->g = g; + if (given_q) { + dh->q = q; + } +#endif if (perform_dh_check) our_dh_check(dh); @@ -234,6 +261,6 @@ main(int argc, char *argv[]) PEM_write_DHparams(stdout, dh); } - DH_free(dh); /* should free p & g too */ + DH_free(dh); /* should free p,g (& q if non-NULL) too */ return 0; } -- 2.30.2