mirror of
https://repo.or.cz/socat.git
synced 2025-01-09 06:22:33 +00:00
FIPS requires 1024 bit DH prime
This commit is contained in:
parent
6a79aa6529
commit
8a1cd142f2
2 changed files with 18 additions and 11 deletions
3
CHANGES
3
CHANGES
|
@ -204,6 +204,9 @@ corrections:
|
|||
|
||||
Fixed a few minor bugs with OpenSSL in configure and with messages
|
||||
|
||||
Socat did not work in FIPS mode because 1024 instead of 512 bit DH prime
|
||||
is required. Thanks to Zhigang Wang for reporting and sending a patch.
|
||||
|
||||
porting:
|
||||
Red Hat issue 1020203: configure checks fail with some compilers.
|
||||
Use case: clang
|
||||
|
|
|
@ -1045,15 +1045,20 @@ int
|
|||
}
|
||||
|
||||
{
|
||||
static unsigned char dh512_p[] = {
|
||||
0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
|
||||
0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
|
||||
0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
|
||||
0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
|
||||
0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
|
||||
0x47,0x74,0xE8,0x33,
|
||||
static unsigned char dh1024_p[] = {
|
||||
0xCC,0x17,0xF2,0xDC,0x96,0xDF,0x59,0xA4,0x46,0xC5,0x3E,0x0E,
|
||||
0xB8,0x26,0x55,0x0C,0xE3,0x88,0xC1,0xCE,0xA7,0xBC,0xB3,0xBF,
|
||||
0x16,0x94,0xD8,0xA9,0x45,0xA2,0xCE,0xA9,0x5B,0x22,0x25,0x5F,
|
||||
0x92,0x59,0x94,0x1C,0x22,0xBF,0xCB,0xC8,0xC8,0x57,0xCB,0xBF,
|
||||
0xBC,0x0E,0xE8,0x40,0xF9,0x87,0x03,0xBF,0x60,0x9B,0x08,0xC6,
|
||||
0x8E,0x99,0xC6,0x05,0xFC,0x00,0xD6,0x6D,0x90,0xA8,0xF5,0xF8,
|
||||
0xD3,0x8D,0x43,0xC8,0x8F,0x7A,0xBD,0xBB,0x28,0xAC,0x04,0x69,
|
||||
0x4A,0x0B,0x86,0x73,0x37,0xF0,0x6D,0x4F,0x04,0xF6,0xF5,0xAF,
|
||||
0xBF,0xAB,0x8E,0xCE,0x75,0x53,0x4D,0x7F,0x7D,0x17,0x78,0x0E,
|
||||
0x12,0x46,0x4A,0xAF,0x95,0x99,0xEF,0xBC,0xA6,0xC5,0x41,0x77,
|
||||
0x43,0x7A,0xB9,0xEC,0x8E,0x07,0x3C,0x6D,
|
||||
};
|
||||
static unsigned char dh512_g[] = {
|
||||
static unsigned char dh1024_g[] = {
|
||||
0x02,
|
||||
};
|
||||
DH *dh;
|
||||
|
@ -1066,8 +1071,8 @@ int
|
|||
}
|
||||
Error("DH_new() failed");
|
||||
} else {
|
||||
dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
|
||||
dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
|
||||
dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
|
||||
dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
|
||||
if ((dh->p == NULL) || (dh->g == NULL)) {
|
||||
while (err = ERR_get_error()) {
|
||||
Warn1("BN_bin2bn(): %s",
|
||||
|
@ -1362,7 +1367,6 @@ static bool openssl_check_peername(X509_NAME *name, const char *peername) {
|
|||
return openssl_check_name((const char *)text, peername);
|
||||
}
|
||||
|
||||
/* retrieves certificate provided by peer, sets env vars containing
|
||||
/* retrieves certificate provided by peer, sets env vars containing
|
||||
certificates field values, and checks peername if provided by
|
||||
calling function */
|
||||
|
|
Loading…
Reference in a new issue