Commit cafbe261 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

gnutls: generate Diffie-Hellman parameters dynamically (fixes #14702)

parent 5f000e6a
......@@ -24,7 +24,7 @@ libfingerprinter_plugin_la_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/misc
libfingerprinter_plugin_la_LIBADD = $(LIBM) $(LIBPTHREAD)
misc_LTLIBRARIES += libfingerprinter_plugin.la
libgnutls_plugin_la_SOURCES = misc/gnutls.c misc/dhparams.h
libgnutls_plugin_la_SOURCES = misc/gnutls.c
libgnutls_plugin_la_CFLAGS = $(AM_CFLAGS) $(GNUTLS_CFLAGS)
libgnutls_plugin_la_LIBADD = $(GNUTLS_LIBS)
if HAVE_WIN32
......
/**
* Pre-computed Diffie-Hellman-Merkel parameters.
* $Id$
* Numbers are not copyrightable.
*
* If you feel like it, generate new ones:
* # certtool --generate-dh-params --bits 2048
*/
static const unsigned char dh_params[] =
"-----BEGIN DH PARAMETERS-----\n"
"MIIBBwKCAQDJ9pqmqBy71hn5pA3QL1AiGB2JOKq2wfdRq3EQVdbOtPscXM6BXdm7"
"NfBRUZIGT47oPNgCOhVV33z9OfnMHCSiMoWFPZeT14Mdm5TQBBYA2H6tf0g2Fp4X"
"qs7eeYheslzkg1V7U7PcdsyopiGI0FC4Heq+PxcyFOC0DuDUNiRq2Pk51gSUQURS"
"dtTyiU5fEFUETcFN2FWuPuCdQpA0xmYnQwnTJKq75b1GAxRlp6XqTbWmXgBggwYk"
"+O/oGpgVLlwZPquSbumbQsp4OU0Lk0hxqTR4Jd3XIeBuV/pc1zZaCH/9LIQT6aXn"
"S1wHhOlCUKgPWlBtx82omKgyo8ebJwWjAgEG\n"
"-----END DH PARAMETERS-----";
/*****************************************************************************
* gnutls.c
*****************************************************************************
* Copyright (C) 2004-2014 Rémi Denis-Courmont
* Copyright (C) 2004-2015 Rémi Denis-Courmont
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
......@@ -37,7 +37,6 @@
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include "dhparams.h"
#if (GNUTLS_VERSION_NUMBER >= 0x030300)
static int gnutls_Init (vlc_object_t *obj)
......@@ -631,18 +630,17 @@ static int OpenServer (vlc_tls_creds_t *crd, const char *cert, const char *key)
}
/* FIXME:
* - regenerate these regularly
* - support other cipher suites
*/
val = gnutls_dh_params_init (&sys->dh_params);
if (val >= 0)
{
const gnutls_datum_t data = {
.data = (unsigned char *)dh_params,
.size = sizeof (dh_params) - 1,
};
gnutls_sec_param_t sec = GNUTLS_SEC_PARAM_MEDIUM;
unsigned bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, sec);
val = gnutls_dh_params_import_pkcs3 (sys->dh_params, &data,
GNUTLS_X509_FMT_PEM);
msg_Dbg (crd, "generating Diffie-Hellman %u-bits parameters...", bits);
val = gnutls_dh_params_generate2 (sys->dh_params, bits);
if (val == 0)
gnutls_certificate_set_dh_params (sys->x509_cred,
sys->dh_params);
......@@ -653,6 +651,8 @@ static int OpenServer (vlc_tls_creds_t *crd, const char *cert, const char *key)
gnutls_strerror (val));
}
msg_Dbg (crd, "ciphers parameters loaded");
crd->sys = sys;
crd->open = gnutls_ServerSessionOpen;
crd->handshake = gnutls_ServerHandshake;
......
......@@ -982,7 +982,6 @@ modules/lua/vlc.h
modules/meta_engine/folder.c
modules/meta_engine/taglib.cpp
modules/misc/audioscrobbler.c
modules/misc/dhparams.h
modules/misc/gnutls.c
modules/misc/inhibit/dbus.c
modules/misc/inhibit/xdg.c
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment