[vlc-commits] gnutls: generate Diffie-Hellman parameters dynamically (fixes #14702)
Rémi Denis-Courmont
git at videolan.org
Sun Aug 23 12:21:54 CEST 2015
vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Sun Aug 23 13:18:05 2015 +0300| [cafbe261a0863505587c17ead6c69e5222d35b4a] | committer: Rémi Denis-Courmont
gnutls: generate Diffie-Hellman parameters dynamically (fixes #14702)
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=cafbe261a0863505587c17ead6c69e5222d35b4a
---
modules/misc/Makefile.am | 2 +-
modules/misc/dhparams.h | 17 -----------------
modules/misc/gnutls.c | 16 ++++++++--------
po/POTFILES.in | 1 -
4 files changed, 9 insertions(+), 27 deletions(-)
diff --git a/modules/misc/Makefile.am b/modules/misc/Makefile.am
index f9315e9..f53fc4d 100644
--- a/modules/misc/Makefile.am
+++ b/modules/misc/Makefile.am
@@ -24,7 +24,7 @@ libfingerprinter_plugin_la_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/misc
libfingerprinter_plugin_la_LIBADD = $(LIBM) $(LIBPTHREAD)
misc_LTLIBRARIES += libfingerprinter_plugin.la
-libgnutls_plugin_la_SOURCES = misc/gnutls.c misc/dhparams.h
+libgnutls_plugin_la_SOURCES = misc/gnutls.c
libgnutls_plugin_la_CFLAGS = $(AM_CFLAGS) $(GNUTLS_CFLAGS)
libgnutls_plugin_la_LIBADD = $(GNUTLS_LIBS)
if HAVE_WIN32
diff --git a/modules/misc/dhparams.h b/modules/misc/dhparams.h
deleted file mode 100644
index d7e97c5..0000000
--- a/modules/misc/dhparams.h
+++ /dev/null
@@ -1,17 +0,0 @@
-/**
- * Pre-computed Diffie-Hellman-Merkel parameters.
- * $Id$
- * Numbers are not copyrightable.
- *
- * If you feel like it, generate new ones:
- * # certtool --generate-dh-params --bits 2048
- */
-static const unsigned char dh_params[] =
- "-----BEGIN DH PARAMETERS-----\n"
- "MIIBBwKCAQDJ9pqmqBy71hn5pA3QL1AiGB2JOKq2wfdRq3EQVdbOtPscXM6BXdm7"
- "NfBRUZIGT47oPNgCOhVV33z9OfnMHCSiMoWFPZeT14Mdm5TQBBYA2H6tf0g2Fp4X"
- "qs7eeYheslzkg1V7U7PcdsyopiGI0FC4Heq+PxcyFOC0DuDUNiRq2Pk51gSUQURS"
- "dtTyiU5fEFUETcFN2FWuPuCdQpA0xmYnQwnTJKq75b1GAxRlp6XqTbWmXgBggwYk"
- "+O/oGpgVLlwZPquSbumbQsp4OU0Lk0hxqTR4Jd3XIeBuV/pc1zZaCH/9LIQT6aXn"
- "S1wHhOlCUKgPWlBtx82omKgyo8ebJwWjAgEG\n"
- "-----END DH PARAMETERS-----";
diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c
index cef2285..ea56fb3 100644
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -1,7 +1,7 @@
/*****************************************************************************
* gnutls.c
*****************************************************************************
- * Copyright (C) 2004-2014 Rémi Denis-Courmont
+ * Copyright (C) 2004-2015 Rémi Denis-Courmont
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
@@ -37,7 +37,6 @@
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
-#include "dhparams.h"
#if (GNUTLS_VERSION_NUMBER >= 0x030300)
static int gnutls_Init (vlc_object_t *obj)
@@ -631,18 +630,17 @@ static int OpenServer (vlc_tls_creds_t *crd, const char *cert, const char *key)
}
/* FIXME:
+ * - regenerate these regularly
* - support other cipher suites
*/
val = gnutls_dh_params_init (&sys->dh_params);
if (val >= 0)
{
- const gnutls_datum_t data = {
- .data = (unsigned char *)dh_params,
- .size = sizeof (dh_params) - 1,
- };
+ gnutls_sec_param_t sec = GNUTLS_SEC_PARAM_MEDIUM;
+ unsigned bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, sec);
- val = gnutls_dh_params_import_pkcs3 (sys->dh_params, &data,
- GNUTLS_X509_FMT_PEM);
+ msg_Dbg (crd, "generating Diffie-Hellman %u-bits parameters...", bits);
+ val = gnutls_dh_params_generate2 (sys->dh_params, bits);
if (val == 0)
gnutls_certificate_set_dh_params (sys->x509_cred,
sys->dh_params);
@@ -653,6 +651,8 @@ static int OpenServer (vlc_tls_creds_t *crd, const char *cert, const char *key)
gnutls_strerror (val));
}
+ msg_Dbg (crd, "ciphers parameters loaded");
+
crd->sys = sys;
crd->open = gnutls_ServerSessionOpen;
crd->handshake = gnutls_ServerHandshake;
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 7d8b26b..f918737 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -982,7 +982,6 @@ modules/lua/vlc.h
modules/meta_engine/folder.c
modules/meta_engine/taglib.cpp
modules/misc/audioscrobbler.c
-modules/misc/dhparams.h
modules/misc/gnutls.c
modules/misc/inhibit/dbus.c
modules/misc/inhibit/xdg.c
More information about the vlc-commits
mailing list