From 70b5adb3960a96db100a5a7812ea7404e1561d29 Mon Sep 17 00:00:00 2001 From: Enrico Tagliavini Date: Wed, 7 Feb 2018 13:44:06 +0100 Subject: [PATCH] add support for DHE ciphers via compiled in dhparam make it possible to use regular (non EC) EDH ciphers. To make this possible a Diffie-Hellman parameter must be passed to the openssl library. There are a few options possible as described in the manuals at [1] and [2]. Simplest approach is to generate a DH parameter using openssl dhparam -C and include the code into the application. The lenght used for this commit is 2236 bits long, which is the longest possible without risking backward incompatibilities with old systems as stated in [1]. Newer systems should use ECDH anyway, so it makes sense to keep this method as compatible with older system as possible. Paramters longer than 2048 should still be secure enough at the time of writing. [1] https://wiki.openssl.org/index.php/Diffie-Hellman_parameters [2] https://wiki.openssl.org/index.php/Manual:SSL_CTX_set_tmp_dh_callback(3) --- common/ssl_calls.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/common/ssl_calls.c b/common/ssl_calls.c index bd2181c0..de447e46 100644 --- a/common/ssl_calls.c +++ b/common/ssl_calls.c @@ -32,6 +32,7 @@ #include #include #include +# include #include "os_calls.h" #include "arch.h" @@ -485,6 +486,60 @@ ssl_gen_key_xrdp1(int key_size_in_bits, const char *exp, int exp_len, return error; } +/*****************************************************************************/ +/** static DH parameter, can be used if no custom parameter is specified +see also + * https://wiki.openssl.org/index.php/Diffie-Hellman_parameters + * https://wiki.openssl.org/index.php/Manual:SSL_CTX_set_tmp_dh_callback(3) +*/ +DH *get_dh2236() +{ + static unsigned char dhp_2236[] = { + 0x0A, 0x32, 0x29, 0xCA, 0x5A, 0x84, 0x4C, 0xD2, 0x66, 0x61, + 0x29, 0xAD, 0x46, 0xD7, 0xFB, 0x3A, 0x1E, 0x92, 0x8D, 0x3F, + 0xC8, 0x16, 0x41, 0x83, 0x0C, 0xA1, 0x96, 0x29, 0xD9, 0x0B, + 0x28, 0x3F, 0x9A, 0x1F, 0xDA, 0x81, 0x9F, 0xD2, 0x3E, 0xE4, + 0xFA, 0x94, 0xDF, 0x35, 0x7F, 0x7F, 0xBB, 0x23, 0xA4, 0xB2, + 0x66, 0x50, 0x64, 0x3E, 0xCD, 0x50, 0xAE, 0xEC, 0x51, 0xE1, + 0x12, 0x41, 0xB7, 0xC4, 0xF9, 0x79, 0xC7, 0x3D, 0x80, 0x16, + 0xE2, 0xA8, 0x4B, 0xCA, 0x0B, 0x2A, 0xA3, 0xC1, 0x93, 0xCD, + 0x15, 0x2C, 0xE3, 0x81, 0x92, 0x0A, 0x4C, 0x59, 0x88, 0x07, + 0xC3, 0x18, 0xCC, 0x9B, 0xCE, 0x74, 0x7A, 0x80, 0x3A, 0x85, + 0x6E, 0xF3, 0x81, 0x2B, 0xD3, 0x84, 0x6C, 0xBC, 0xB6, 0xE2, + 0x51, 0xCD, 0x20, 0x4B, 0x3C, 0x45, 0x03, 0xDB, 0xA9, 0xB4, + 0xFB, 0x95, 0x54, 0x16, 0x46, 0xA7, 0x7F, 0x03, 0xFC, 0xBB, + 0xA1, 0xF7, 0x71, 0x10, 0xCB, 0x58, 0x21, 0x5C, 0xF4, 0x89, + 0x52, 0x91, 0xAC, 0x69, 0x84, 0xA0, 0x6D, 0x88, 0xC8, 0x05, + 0x2B, 0x23, 0x0B, 0x88, 0xB2, 0xE7, 0xE8, 0x28, 0x7E, 0x0D, + 0x01, 0xBF, 0xBF, 0xCD, 0xC8, 0xD7, 0xE8, 0x2C, 0x6C, 0xE3, + 0x58, 0xFD, 0x37, 0x9D, 0x31, 0x98, 0xAC, 0xC3, 0x49, 0x8E, + 0x0B, 0x66, 0x86, 0xE7, 0xD2, 0xE5, 0xD6, 0x1D, 0x95, 0x1F, + 0xD2, 0x84, 0xE5, 0x68, 0x76, 0x5C, 0x40, 0xB9, 0xF1, 0x58, + 0xD2, 0x33, 0x2D, 0x92, 0x1F, 0xA1, 0x8A, 0xD1, 0xE6, 0x35, + 0xC2, 0xBF, 0xBF, 0xD8, 0x63, 0xB5, 0x8E, 0x3D, 0x50, 0xD2, + 0x80, 0x67, 0x5B, 0x04, 0x4F, 0x33, 0x20, 0xAF, 0xA1, 0xE9, + 0xB5, 0xA6, 0x7A, 0x17, 0x8E, 0xC2, 0x3D, 0xFF, 0xB6, 0x81, + 0x2A, 0xA8, 0x13, 0x32, 0x78, 0x8B, 0x38, 0x09, 0x8F, 0x54, + 0x5D, 0x6F, 0x3E, 0x84, 0x93, 0x49, 0x96, 0x26, 0x4E, 0x68, + 0x82, 0x42, 0x40, 0xD9, 0x30, 0xA3, 0x90, 0x6B, 0x99, 0x1B, + 0x11, 0x3A, 0x36, 0xE9, 0xD8, 0x52, 0x8A, 0x85, 0xDD, 0xB3 + }; + static unsigned char dhg_2236[] = { + 0x02 + }; + DH *dh = DH_new(); + + if (dh == NULL) + return NULL; + dh->p=BN_bin2bn(dhp_2236,sizeof(dhp_2236),NULL); + dh->g=BN_bin2bn(dhg_2236,sizeof(dhg_2236),NULL); + if (dh->p == NULL || dh->g == NULL) { + DH_free(dh); + return NULL; + } + return dh; +} + /*****************************************************************************/ struct ssl_tls * ssl_tls_create(struct trans *trans, const char *key, const char *cert) @@ -592,6 +647,12 @@ ssl_tls_accept(struct ssl_tls *self, long ssl_protocols, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_ENABLE_PARTIAL_WRITE); SSL_CTX_set_options(self->ctx, options); + DH *dh = get_dh2236 (); + if (SSL_CTX_set_tmp_dh(self->ctx, dh) != 1) { + g_writeln("SSL_CTX_set_tmp_dh failed"); + return 1; + } + DH_free (dh); #if defined(SSL_CTX_set_ecdh_auto) SSL_CTX_set_ecdh_auto(self->ctx, 1); #endif