[vlc-commits] gnutls: generate Diffie-Hellman parameters dynamically (fixes #14702)
Rémi Denis-Courmont
git at videolan.org
Sun Aug 23 12:21:58 CEST 2015
vlc/vlc-2.2 | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Sun Aug 23 13:18:05 2015 +0300| [70387a798477072bac5798916b6324d72454fa46] | committer: Rémi Denis-Courmont
gnutls: generate Diffie-Hellman parameters dynamically (fixes #14702)
(cherry picked from commit cafbe261a0863505587c17ead6c69e5222d35b4a)
> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=70387a798477072bac5798916b6324d72454fa46
---
modules/misc/Modules.am | 2 +-
modules/misc/dhparams.h | 17 -----------------
modules/misc/gnutls.c | 15 +++++++--------
po/POTFILES.in | 1 -
4 files changed, 8 insertions(+), 27 deletions(-)
diff --git a/modules/misc/Modules.am b/modules/misc/Modules.am
index 62a54d1..4d77265 100644
--- a/modules/misc/Modules.am
+++ b/modules/misc/Modules.am
@@ -19,7 +19,7 @@ libfingerprinter_plugin_la_SOURCES = fingerprinter.c \
libfingerprinter_plugin_la_LIBADD = $(LIBM) $(LIBPTHREAD)
misc_LTLIBRARIES += libfingerprinter_plugin.la
-libgnutls_plugin_la_SOURCES = gnutls.c dhparams.h
+libgnutls_plugin_la_SOURCES = gnutls.c
libgnutls_plugin_la_CFLAGS = $(AM_CFLAGS) $(GNUTLS_CFLAGS)
libgnutls_plugin_la_LIBADD = $(GNUTLS_LIBS)
if HAVE_WIN32
diff --git a/modules/misc/dhparams.h b/modules/misc/dhparams.h
deleted file mode 100644
index d7e97c5..0000000
--- a/modules/misc/dhparams.h
+++ /dev/null
@@ -1,17 +0,0 @@
-/**
- * Pre-computed Diffie-Hellman-Merkel parameters.
- * $Id$
- * Numbers are not copyrightable.
- *
- * If you feel like it, generate new ones:
- * # certtool --generate-dh-params --bits 2048
- */
-static const unsigned char dh_params[] =
- "-----BEGIN DH PARAMETERS-----\n"
- "MIIBBwKCAQDJ9pqmqBy71hn5pA3QL1AiGB2JOKq2wfdRq3EQVdbOtPscXM6BXdm7"
- "NfBRUZIGT47oPNgCOhVV33z9OfnMHCSiMoWFPZeT14Mdm5TQBBYA2H6tf0g2Fp4X"
- "qs7eeYheslzkg1V7U7PcdsyopiGI0FC4Heq+PxcyFOC0DuDUNiRq2Pk51gSUQURS"
- "dtTyiU5fEFUETcFN2FWuPuCdQpA0xmYnQwnTJKq75b1GAxRlp6XqTbWmXgBggwYk"
- "+O/oGpgVLlwZPquSbumbQsp4OU0Lk0hxqTR4Jd3XIeBuV/pc1zZaCH/9LIQT6aXn"
- "S1wHhOlCUKgPWlBtx82omKgyo8ebJwWjAgEG\n"
- "-----END DH PARAMETERS-----";
diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c
index f7baff7..f6d1291 100644
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -1,7 +1,7 @@
/*****************************************************************************
* gnutls.c
*****************************************************************************
- * Copyright (C) 2004-2012 Rémi Denis-Courmont
+ * Copyright (C) 2004-2015 Rémi Denis-Courmont
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
@@ -38,7 +38,6 @@
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
-#include "dhparams.h"
/*****************************************************************************
* Module descriptor
@@ -715,18 +714,17 @@ static int OpenServer (vlc_tls_creds_t *crd, const char *cert, const char *key)
}
/* FIXME:
+ * - regenerate these regularly
* - support other cipher suites
*/
val = gnutls_dh_params_init (&sys->dh_params);
if (val >= 0)
{
- const gnutls_datum_t data = {
- .data = (unsigned char *)dh_params,
- .size = sizeof (dh_params) - 1,
- };
+ gnutls_sec_param_t sec = GNUTLS_SEC_PARAM_MEDIUM;
+ unsigned bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, sec);
- val = gnutls_dh_params_import_pkcs3 (sys->dh_params, &data,
- GNUTLS_X509_FMT_PEM);
+ msg_Dbg (crd, "generating Diffie-Hellman %u-bits parameters...", bits);
+ val = gnutls_dh_params_generate2 (sys->dh_params, bits);
if (val == 0)
gnutls_certificate_set_dh_params (sys->x509_cred,
sys->dh_params);
@@ -737,6 +735,7 @@ static int OpenServer (vlc_tls_creds_t *crd, const char *cert, const char *key)
gnutls_strerror (val));
}
+ msg_Dbg (crd, "ciphers parameters loaded");
return VLC_SUCCESS;
error:
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 62e813e..df630e4 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -963,7 +963,6 @@ modules/lua/vlc.h
modules/meta_engine/folder.c
modules/meta_engine/taglib.cpp
modules/misc/audioscrobbler.c
-modules/misc/dhparams.h
modules/misc/gnutls.c
modules/misc/inhibit/dbus.c
modules/misc/inhibit/xdg.c
More information about the vlc-commits
mailing list