summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/doc-docbook/spec.xfpt38
-rw-r--r--doc/doc-txt/ChangeLog3
-rw-r--r--doc/doc-txt/NewStuff2
-rw-r--r--src/scripts/source_checks1
-rw-r--r--src/src/std-crypto.c503
-rw-r--r--src/util/.gitignore2
-rw-r--r--src/util/gen_pkcs3.c41
7 files changed, 574 insertions, 16 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index b3f97e1ea..7608dc680 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -17034,7 +17034,15 @@ larger prime than requested.
The value of this option is expanded and indicates the source of DH parameters
to be used by Exim.
-If it is a filename starting with a &`/`&, then it names a file from which DH
+.new
+&*Note: The Exim Maintainers strongly recommend using a filename with site-generated
+local DH parameters*&, which has been supported across all versions of Exim. The
+other specific constants available are a fallback so that even when
+"unconfigured", Exim can offer Perfect Forward Secrecy in older ciphersuites in TLS.
+.wen
+
+If &%tls_dhparam%& is a filename starting with a &`/`&,
+then it names a file from which DH
parameters should be loaded. If the file exists, it should hold a PEM-encoded
PKCS#3 representation of the DH prime. If the file does not exist, for
OpenSSL it is an error. For GnuTLS, Exim will attempt to create the file and
@@ -17050,23 +17058,39 @@ Exim will attempt to load a file from inside the spool directory. If the file
does not exist, Exim will attempt to create it.
See section &<<SECTgnutlsparam>>& for further details.
+.new
If Exim is using OpenSSL and this option is empty or unset, then Exim will load
-a default DH prime; the default is the 2048 bit prime described in section
+a default DH prime; the default is Exim-specific but lacks verifiable provenance.
+
+In older versions of Exim the default was the 2048 bit prime described in section
2.2 of RFC 5114, "2048-bit MODP Group with 224-bit Prime Order Subgroup", which
in IKE is assigned number 23.
Otherwise, the option must expand to the name used by Exim for any of a number
-of DH primes specified in RFC 2409, RFC 3526 and RFC 5114. As names, Exim uses
-"ike" followed by the number used by IKE, or "default" which corresponds to
-"ike23".
+of DH primes specified in RFC 2409, RFC 3526, RFC 5114, RFC 7919, or from other
+sources. As names, Exim uses a standard specified name, else "ike" followed by
+the number used by IKE, or "default" which corresponds to
+&`exim.dev.20160529.3`&.
-The available primes are:
+The available standard primes are:
+&`ffdhe2048`&, &`ffdhe3072`&, &`ffdhe4096`&, &`ffdhe6144`&, &`ffdhe8192`&,
&`ike1`&, &`ike2`&, &`ike5`&,
&`ike14`&, &`ike15`&, &`ike16`&, &`ike17`&, &`ike18`&,
-&`ike22`&, &`ike23`& (aka &`default`&) and &`ike24`&.
+&`ike22`&, &`ike23`& and &`ike24`&.
+
+The available additional primes are:
+&`exim.dev.20160529.1`&, &`exim.dev.20160529.2`& and &`exim.dev.20160529.3`&.
Some of these will be too small to be accepted by clients.
Some may be too large to be accepted by clients.
+The open cryptographic community has suspicions about the integrity of some
+of the later IKE values, which led into RFC7919 providing new fixed constants
+(the "ffdhe" identifiers).
+
+At this point, all of the "ike" values should be considered obsolete;
+they're still in Exim to avoid breaking unusual configurations, but are
+candidates for removal the next time we have backwards-incompatible changes.
+.wen
The TLS protocol does not negotiate an acceptable size for this; clients tend
to hard-drop connections if what is offered by the server is unacceptable,
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 80ea2105d..c68e45ce8 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -114,6 +114,9 @@ JH/29 Fix the connection_reject log selector to apply to the connect ACL.
JH/30 Bug 1897: fix callouts connection fallback from TLS to cleartext.
+PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created
+ by me. Added RFC7919 DH primes as an alternative.
+
Exim version 4.87
-----------------
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index d99b8e0a6..2e060cce2 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -49,6 +49,8 @@ Version 4.88
returns from the target back to the initiator, rather than spooling the
message.
+13. New built-in constants available for tls_dhparam and default changed.
+
Version 4.87
------------
diff --git a/src/scripts/source_checks b/src/scripts/source_checks
index 6da8a8664..918a6f8eb 100644
--- a/src/scripts/source_checks
+++ b/src/scripts/source_checks
@@ -19,6 +19,7 @@ done <<-END
globals.c header_names
globals.c log_options
expand.c item_table
+ std-crypto.c dh_constants
transport.c optionlist_transports
route.c optionlist_routers
transports/appendfile.c appendfile_transport_options
diff --git a/src/src/std-crypto.c b/src/src/std-crypto.c
index 3f0fec897..8ccef122b 100644
--- a/src/src/std-crypto.c
+++ b/src/src/std-crypto.c
@@ -2,7 +2,7 @@
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) Phil Pennock 2012
+/* Copyright (c) Phil Pennock 2012, 2016
* But almost everything here is fixed published constants from RFCs, so also:
* Copyright (C) The Internet Society (2003)
* Copyright (C) The IETF Trust (2008)
@@ -459,6 +459,497 @@ static const char dh_ike_24_pem[] =
"KM3GfrYYS1I9HbJGwy9jB4SQ8A741kfRSNR5VFFeIyfP75jFgmZLTA9sxBZZ\n"
"-----END DH PARAMETERS-----\n";
+/* ------------------------------------------------------------------------- */
+/* RFC 7919 Published August 2016, so strength estimates date from then.
+
+A.1. ffdhe2048
+
+ The 2048-bit group has registry value 256 and is calculated from the
+ following formula:
+
+ The modulus is:
+
+ p = 2^2048 - 2^1984 + {[2^1918 * e] + 560316 } * 2^64 - 1
+
+ The hexadecimal representation of p is:
+
+ FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1
+ D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9
+ 7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561
+ 2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935
+ 984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735
+ 30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB
+ B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19
+ 0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61
+ 9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73
+ 3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA
+ 886B4238 61285C97 FFFFFFFF FFFFFFFF
+
+ The generator is: g = 2
+
+ The group size is: q = (p-1)/2
+
+ The hexadecimal representation of q is:
+
+ 7FFFFFFF FFFFFFFF D6FC2A2C 515DA54D 57EE2B10 139E9E78
+ EC5CE2C1 E7169B4A D4F09B20 8A3219FD E649CEE7 124D9F7C
+ BE97F1B1 B1863AEC 7B40D901 576230BD 69EF8F6A EAFEB2B0
+ 9219FA8F AF833768 42B1B2AA 9EF68D79 DAAB89AF 3FABE49A
+ CC278638 707345BB F15344ED 79F7F439 0EF8AC50 9B56F39A
+ 98566527 A41D3CBD 5E0558C1 59927DB0 E88454A5 D96471FD
+ DCB56D5B B06BFA34 0EA7A151 EF1CA6FA 572B76F3 B1B95D8C
+ 8583D3E4 770536B8 4F017E70 E6FBF176 601A0266 941A17B0
+ C8B97F4E 74C2C1FF C7278919 777940C1 E1FF1D8D A637D6B9
+ 9DDAFE5E 17611002 E2C778C1 BE8B41D9 6379A513 60D977FD
+ 4435A11C 30942E4B FFFFFFFF FFFFFFFF
+
+ The estimated symmetric-equivalent strength of this group is 103
+ bits.
+*/
+static const char dh_ffdhe2048_pem[] =
+"-----BEGIN DH PARAMETERS-----\n"
+"MIH+AoH4DfhUWKK7Spqv3FYgJz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v\n"
+"42NjDHXY9oGyAq7EYXrT3x7V1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhP\n"
+"DHDg5ot34qaJ2vPv6HId8VihNq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq\n"
+"2rdg1/RoHU9Co945TfSuVu3nY3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy\n"
+"/pzphYP/jk8SMu7ygYPD/jsbTG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohr\n"
+"QjhhKFyX//////////8CAQI=\n"
+"-----END DH PARAMETERS-----\n";
+
+/*
+A.2. ffdhe3072
+
+ The 3072-bit prime has registry value 257 and is calculated from the
+ following formula:
+
+ The modulus is:
+
+ p = 2^3072 - 2^3008 + {[2^2942 * e] + 2625351} * 2^64 - 1
+
+ The hexadecimal representation of p is:
+
+ FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1
+ D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9
+ 7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561
+ 2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935
+ 984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735
+ 30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB
+ B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19
+ 0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61
+ 9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73
+ 3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA
+ 886B4238 611FCFDC DE355B3B 6519035B BC34F4DE F99C0238
+ 61B46FC9 D6E6C907 7AD91D26 91F7F7EE 598CB0FA C186D91C
+ AEFE1309 85139270 B4130C93 BC437944 F4FD4452 E2D74DD3
+ 64F2E21E 71F54BFF 5CAE82AB 9C9DF69E E86D2BC5 22363A0D
+ ABC52197 9B0DEADA 1DBF9A42 D5C4484E 0ABCD06B FA53DDEF
+ 3C1B20EE 3FD59D7C 25E41D2B 66C62E37 FFFFFFFF FFFFFFFF
+
+ The generator is: g = 2
+
+ The group size is: q = (p-1)/2
+
+ The hexadecimal representation of q is:
+
+ 7FFFFFFF FFFFFFFF D6FC2A2C 515DA54D 57EE2B10 139E9E78
+ EC5CE2C1 E7169B4A D4F09B20 8A3219FD E649CEE7 124D9F7C
+ BE97F1B1 B1863AEC 7B40D901 576230BD 69EF8F6A EAFEB2B0
+ 9219FA8F AF833768 42B1B2AA 9EF68D79 DAAB89AF 3FABE49A
+ CC278638 707345BB F15344ED 79F7F439 0EF8AC50 9B56F39A
+ 98566527 A41D3CBD 5E0558C1 59927DB0 E88454A5 D96471FD
+ DCB56D5B B06BFA34 0EA7A151 EF1CA6FA 572B76F3 B1B95D8C
+ 8583D3E4 770536B8 4F017E70 E6FBF176 601A0266 941A17B0
+ C8B97F4E 74C2C1FF C7278919 777940C1 E1FF1D8D A637D6B9
+ 9DDAFE5E 17611002 E2C778C1 BE8B41D9 6379A513 60D977FD
+ 4435A11C 308FE7EE 6F1AAD9D B28C81AD DE1A7A6F 7CCE011C
+ 30DA37E4 EB736483 BD6C8E93 48FBFBF7 2CC6587D 60C36C8E
+ 577F0984 C289C938 5A098649 DE21BCA2 7A7EA229 716BA6E9
+ B279710F 38FAA5FF AE574155 CE4EFB4F 743695E2 911B1D06
+ D5E290CB CD86F56D 0EDFCD21 6AE22427 055E6835 FD29EEF7
+ 9E0D9077 1FEACEBE 12F20E95 B363171B FFFFFFFF FFFFFFFF
+
+ The estimated symmetric-equivalent strength of this group is 125
+ bits.
+*/
+static const char dh_ffdhe3072_pem[] =
+"-----BEGIN DH PARAMETERS-----\n"
+"MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n"
+"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n"
+"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n"
+"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n"
+"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n"
+"ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n"
+"7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n"
+"nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu\n"
+"N///////////AgEC\n"
+"-----END DH PARAMETERS-----\n";
+
+/*
+A.3. ffdhe4096
+
+ The 4096-bit group has registry value 258 and is calculated from the
+ following formula:
+
+ The modulus is:
+
+ p = 2^4096 - 2^4032 + {[2^3966 * e] + 5736041} * 2^64 - 1
+
+ The hexadecimal representation of p is:
+
+ FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1
+ D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9
+ 7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561
+ 2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935
+ 984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735
+ 30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB
+ B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19
+ 0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61
+ 9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73
+ 3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA
+ 886B4238 611FCFDC DE355B3B 6519035B BC34F4DE F99C0238
+ 61B46FC9 D6E6C907 7AD91D26 91F7F7EE 598CB0FA C186D91C
+ AEFE1309 85139270 B4130C93 BC437944 F4FD4452 E2D74DD3
+ 64F2E21E 71F54BFF 5CAE82AB 9C9DF69E E86D2BC5 22363A0D
+ ABC52197 9B0DEADA 1DBF9A42 D5C4484E 0ABCD06B FA53DDEF
+ 3C1B20EE 3FD59D7C 25E41D2B 669E1EF1 6E6F52C3 164DF4FB
+ 7930E9E4 E58857B6 AC7D5F42 D69F6D18 7763CF1D 55034004
+ 87F55BA5 7E31CC7A 7135C886 EFB4318A ED6A1E01 2D9E6832
+ A907600A 918130C4 6DC778F9 71AD0038 092999A3 33CB8B7A
+ 1A1DB93D 7140003C 2A4ECEA9 F98D0ACC 0A8291CD CEC97DCF
+ 8EC9B55A 7F88A46B 4DB5A851 F44182E1 C68A007E 5E655F6A
+ FFFFFFFF FFFFFFFF
+
+ The generator is: g = 2
+
+ The group size is: q = (p-1)/2
+
+ The hexadecimal representation of q is:
+
+ 7FFFFFFF FFFFFFFF D6FC2A2C 515DA54D 57EE2B10 139E9E78
+ EC5CE2C1 E7169B4A D4F09B20 8A3219FD E649CEE7 124D9F7C
+ BE97F1B1 B1863AEC 7B40D901 576230BD 69EF8F6A EAFEB2B0
+ 9219FA8F AF833768 42B1B2AA 9EF68D79 DAAB89AF 3FABE49A
+ CC278638 707345BB F15344ED 79F7F439 0EF8AC50 9B56F39A
+ 98566527 A41D3CBD 5E0558C1 59927DB0 E88454A5 D96471FD
+ DCB56D5B B06BFA34 0EA7A151 EF1CA6FA 572B76F3 B1B95D8C
+ 8583D3E4 770536B8 4F017E70 E6FBF176 601A0266 941A17B0
+ C8B97F4E 74C2C1FF C7278919 777940C1 E1FF1D8D A637D6B9
+ 9DDAFE5E 17611002 E2C778C1 BE8B41D9 6379A513 60D977FD
+ 4435A11C 308FE7EE 6F1AAD9D B28C81AD DE1A7A6F 7CCE011C
+ 30DA37E4 EB736483 BD6C8E93 48FBFBF7 2CC6587D 60C36C8E
+ 577F0984 C289C938 5A098649 DE21BCA2 7A7EA229 716BA6E9
+ B279710F 38FAA5FF AE574155 CE4EFB4F 743695E2 911B1D06
+ D5E290CB CD86F56D 0EDFCD21 6AE22427 055E6835 FD29EEF7
+ 9E0D9077 1FEACEBE 12F20E95 B34F0F78 B737A961 8B26FA7D
+ BC9874F2 72C42BDB 563EAFA1 6B4FB68C 3BB1E78E AA81A002
+ 43FAADD2 BF18E63D 389AE443 77DA18C5 76B50F00 96CF3419
+ 5483B005 48C09862 36E3BC7C B8D6801C 0494CCD1 99E5C5BD
+ 0D0EDC9E B8A0001E 15276754 FCC68566 054148E6 E764BEE7
+ C764DAAD 3FC45235 A6DAD428 FA20C170 E345003F 2F32AFB5
+ 7FFFFFFF FFFFFFFF
+
+ The estimated symmetric-equivalent strength of this group is 150
+ bits.
+*/
+static const char dh_ffdhe4096_pem[] =
+"-----BEGIN DH PARAMETERS-----\n"
+"MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n"
+"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n"
+"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n"
+"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n"
+"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n"
+"ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n"
+"7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n"
+"nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e\n"
+"8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx\n"
+"iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K\n"
+"zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=\n"
+"-----END DH PARAMETERS-----\n";
+
+/*
+A.4. ffdhe6144
+
+ The 6144-bit group has registry value 259 and is calculated from the
+ following formula:
+
+ The modulus is:
+
+ p = 2^6144 - 2^6080 + {[2^6014 * e] + 15705020} * 2^64 - 1
+
+ The hexadecimal representation of p is:
+
+ FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1
+ D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9
+ 7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561
+ 2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935
+ 984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735
+ 30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB
+ B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19
+ 0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61
+ 9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73
+ 3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA
+ 886B4238 611FCFDC DE355B3B 6519035B BC34F4DE F99C0238
+ 61B46FC9 D6E6C907 7AD91D26 91F7F7EE 598CB0FA C186D91C
+ AEFE1309 85139270 B4130C93 BC437944 F4FD4452 E2D74DD3
+ 64F2E21E 71F54BFF 5CAE82AB 9C9DF69E E86D2BC5 22363A0D
+ ABC52197 9B0DEADA 1DBF9A42 D5C4484E 0ABCD06B FA53DDEF
+ 3C1B20EE 3FD59D7C 25E41D2B 669E1EF1 6E6F52C3 164DF4FB
+ 7930E9E4 E58857B6 AC7D5F42 D69F6D18 7763CF1D 55034004
+ 87F55BA5 7E31CC7A 7135C886 EFB4318A ED6A1E01 2D9E6832
+ A907600A 918130C4 6DC778F9 71AD0038 092999A3 33CB8B7A
+ 1A1DB93D 7140003C 2A4ECEA9 F98D0ACC 0A8291CD CEC97DCF
+ 8EC9B55A 7F88A46B 4DB5A851 F44182E1 C68A007E 5E0DD902
+ 0BFD64B6 45036C7A 4E677D2C 38532A3A 23BA4442 CAF53EA6
+ 3BB45432 9B7624C8 917BDD64 B1C0FD4C B38E8C33 4C701C3A
+ CDAD0657 FCCFEC71 9B1F5C3E 4E46041F 388147FB 4CFDB477
+ A52471F7 A9A96910 B855322E DB6340D8 A00EF092 350511E3
+ 0ABEC1FF F9E3A26E 7FB29F8C 183023C3 587E38DA 0077D9B4
+ 763E4E4B 94B2BBC1 94C6651E 77CAF992 EEAAC023 2A281BF6
+ B3A739C1 22611682 0AE8DB58 47A67CBE F9C9091B 462D538C
+ D72B0374 6AE77F5E 62292C31 1562A846 505DC82D B854338A
+ E49F5235 C95B9117 8CCF2DD5 CACEF403 EC9D1810 C6272B04
+ 5B3B71F9 DC6B80D6 3FDD4A8E 9ADB1E69 62A69526 D43161C1
+ A41D570D 7938DAD4 A40E329C D0E40E65 FFFFFFFF FFFFFFFF
+
+ The generator is: g = 2
+
+ The group size is: q = (p-1)/2
+
+ The hexadecimal representation of q is:
+
+ 7FFFFFFF FFFFFFFF D6FC2A2C 515DA54D 57EE2B10 139E9E78
+ EC5CE2C1 E7169B4A D4F09B20 8A3219FD E649CEE7 124D9F7C
+ BE97F1B1 B1863AEC 7B40D901 576230BD 69EF8F6A EAFEB2B0
+ 9219FA8F AF833768 42B1B2AA 9EF68D79 DAAB89AF 3FABE49A
+ CC278638 707345BB F15344ED 79F7F439 0EF8AC50 9B56F39A
+ 98566527 A41D3CBD 5E0558C1 59927DB0 E88454A5 D96471FD
+ DCB56D5B B06BFA34 0EA7A151 EF1CA6FA 572B76F3 B1B95D8C
+ 8583D3E4 770536B8 4F017E70 E6FBF176 601A0266 941A17B0
+ C8B97F4E 74C2C1FF C7278919 777940C1 E1FF1D8D A637D6B9
+ 9DDAFE5E 17611002 E2C778C1 BE8B41D9 6379A513 60D977FD
+ 4435A11C 308FE7EE 6F1AAD9D B28C81AD DE1A7A6F 7CCE011C
+ 30DA37E4 EB736483 BD6C8E93 48FBFBF7 2CC6587D 60C36C8E
+ 577F0984 C289C938 5A098649 DE21BCA2 7A7EA229 716BA6E9
+ B279710F 38FAA5FF AE574155 CE4EFB4F 743695E2 911B1D06
+ D5E290CB CD86F56D 0EDFCD21 6AE22427 055E6835 FD29EEF7
+ 9E0D9077 1FEACEBE 12F20E95 B34F0F78 B737A961 8B26FA7D
+ BC9874F2 72C42BDB 563EAFA1 6B4FB68C 3BB1E78E AA81A002
+ 43FAADD2 BF18E63D 389AE443 77DA18C5 76B50F00 96CF3419
+ 5483B005 48C09862 36E3BC7C B8D6801C 0494CCD1 99E5C5BD
+ 0D0EDC9E B8A0001E 15276754 FCC68566 054148E6 E764BEE7
+ C764DAAD 3FC45235 A6DAD428 FA20C170 E345003F 2F06EC81
+ 05FEB25B 2281B63D 2733BE96 1C29951D 11DD2221 657A9F53
+ 1DDA2A19 4DBB1264 48BDEEB2 58E07EA6 59C74619 A6380E1D
+ 66D6832B FE67F638 CD8FAE1F 2723020F 9C40A3FD A67EDA3B
+ D29238FB D4D4B488 5C2A9917 6DB1A06C 50077849 1A8288F1
+ 855F60FF FCF1D137 3FD94FC6 0C1811E1 AC3F1C6D 003BECDA
+ 3B1F2725 CA595DE0 CA63328F 3BE57CC9 77556011 95140DFB
+ 59D39CE0 91308B41 05746DAC 23D33E5F 7CE4848D A316A9C6
+ 6B9581BA 3573BFAF 31149618 8AB15423 282EE416 DC2A19C5
+ 724FA91A E4ADC88B C66796EA E5677A01 F64E8C08 63139582
+ 2D9DB8FC EE35C06B 1FEEA547 4D6D8F34 B1534A93 6A18B0E0
+ D20EAB86 BC9C6D6A 5207194E 68720732 FFFFFFFF FFFFFFFF
+
+ The estimated symmetric-equivalent strength of this group is 175
+ bits.
+*/
+static const char dh_ffdhe6144_pem[] =
+"-----BEGIN DH PARAMETERS-----\n"
+"MIIDCAKCAwEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n"
+"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n"
+"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n"
+"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n"
+"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n"
+"ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n"
+"7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n"
+"nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e\n"
+"8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx\n"
+"iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K\n"
+"zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq\n"
+"OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE\n"
+"HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj\n"
+"w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8\n"
+"vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70\n"
+"A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKc0OQO\n"
+"Zf//////////AgEC\n"
+"-----END DH PARAMETERS-----\n";
+
+/*
+A.5. ffdhe8192
+
+ The 8192-bit group has registry value 260 and is calculated from the
+ following formula:
+
+ The modulus is:
+
+ p = 2^8192 - 2^8128 + {[2^8062 * e] + 10965728} * 2^64 - 1
+
+ The hexadecimal representation of p is:
+
+ FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1
+ D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9
+ 7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561
+ 2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935
+ 984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735
+ 30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB
+ B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19
+ 0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61
+ 9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73
+ 3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA
+ 886B4238 611FCFDC DE355B3B 6519035B BC34F4DE F99C0238
+ 61B46FC9 D6E6C907 7AD91D26 91F7F7EE 598CB0FA C186D91C
+ AEFE1309 85139270 B4130C93 BC437944 F4FD4452 E2D74DD3
+ 64F2E21E 71F54BFF 5CAE82AB 9C9DF69E E86D2BC5 22363A0D
+ ABC52197 9B0DEADA 1DBF9A42 D5C4484E 0ABCD06B FA53DDEF
+ 3C1B20EE 3FD59D7C 25E41D2B 669E1EF1 6E6F52C3 164DF4FB
+ 7930E9E4 E58857B6 AC7D5F42 D69F6D18 7763CF1D 55034004
+ 87F55BA5 7E31CC7A 7135C886 EFB4318A ED6A1E01 2D9E6832
+ A907600A 918130C4 6DC778F9 71AD0038 092999A3 33CB8B7A
+ 1A1DB93D 7140003C 2A4ECEA9 F98D0ACC 0A8291CD CEC97DCF
+ 8EC9B55A 7F88A46B 4DB5A851 F44182E1 C68A007E 5E0DD902
+ 0BFD64B6 45036C7A 4E677D2C 38532A3A 23BA4442 CAF53EA6
+ 3BB45432 9B7624C8 917BDD64 B1C0FD4C B38E8C33 4C701C3A
+ CDAD0657 FCCFEC71 9B1F5C3E 4E46041F 388147FB 4CFDB477
+ A52471F7 A9A96910 B855322E DB6340D8 A00EF092 350511E3
+ 0ABEC1FF F9E3A26E 7FB29F8C 183023C3 587E38DA 0077D9B4
+ 763E4E4B 94B2BBC1 94C6651E 77CAF992 EEAAC023 2A281BF6
+ B3A739C1 22611682 0AE8DB58 47A67CBE F9C9091B 462D538C
+ D72B0374 6AE77F5E 62292C31 1562A846 505DC82D B854338A
+ E49F5235 C95B9117 8CCF2DD5 CACEF403 EC9D1810 C6272B04
+ 5B3B71F9 DC6B80D6 3FDD4A8E 9ADB1E69 62A69526 D43161C1
+ A41D570D 7938DAD4 A40E329C CFF46AAA 36AD004C F600C838
+ 1E425A31 D951AE64 FDB23FCE C9509D43 687FEB69 EDD1CC5E
+ 0B8CC3BD F64B10EF 86B63142 A3AB8829 555B2F74 7C932665
+ CB2C0F1C C01BD702 29388839 D2AF05E4 54504AC7 8B758282
+ 2846C0BA 35C35F5C 59160CC0 46FD8251 541FC68C 9C86B022
+ BB709987 6A460E74 51A8A931 09703FEE 1C217E6C 3826E52C
+ 51AA691E 0E423CFC 99E9E316 50C1217B 624816CD AD9A95F9
+ D5B80194 88D9C0A0 A1FE3075 A577E231 83F81D4A 3F2FA457
+ 1EFC8CE0 BA8A4FE8 B6855DFE 72B0A66E DED2FBAB FBE58A30
+ FAFABE1C 5D71A87E 2F741EF8 C1FE86FE A6BBFDE5 30677F0D
+ 97D11D49 F7A8443D 0822E506 A9F4614E 011E2A94 838FF88C
+ D68C8BB7 C5C6424C FFFFFFFF FFFFFFFF
+
+ The generator is: g = 2
+
+ The group size is: q = (p-1)/2
+
+ The hexadecimal representation of q is:
+
+ 7FFFFFFF FFFFFFFF D6FC2A2C 515DA54D 57EE2B10 139E9E78
+ EC5CE2C1 E7169B4A D4F09B20 8A3219FD E649CEE7 124D9F7C
+ BE97F1B1 B1863AEC 7B40D901 576230BD 69EF8F6A EAFEB2B0
+ 9219FA8F AF833768 42B1B2AA 9EF68D79 DAAB89AF 3FABE49A
+ CC278638 707345BB F15344ED 79F7F439 0EF8AC50 9B56F39A
+ 98566527 A41D3CBD 5E0558C1 59927DB0 E88454A5 D96471FD
+ DCB56D5B B06BFA34 0EA7A151 EF1CA6FA 572B76F3 B1B95D8C
+ 8583D3E4 770536B8 4F017E70 E6FBF176 601A0266 941A17B0
+ C8B97F4E 74C2C1FF C7278919 777940C1 E1FF1D8D A637D6B9
+ 9DDAFE5E 17611002 E2C778C1 BE8B41D9 6379A513 60D977FD
+ 4435A11C 308FE7EE 6F1AAD9D B28C81AD DE1A7A6F 7CCE011C
+ 30DA37E4 EB736483 BD6C8E93 48FBFBF7 2CC6587D 60C36C8E
+ 577F0984 C289C938 5A098649 DE21BCA2 7A7EA229 716BA6E9
+ B279710F 38FAA5FF AE574155 CE4EFB4F 743695E2 911B1D06
+ D5E290CB CD86F56D 0EDFCD21 6AE22427 055E6835 FD29EEF7
+ 9E0D9077 1FEACEBE 12F20E95 B34F0F78 B737A961 8B26FA7D
+ BC9874F2 72C42BDB 563EAFA1 6B4FB68C 3BB1E78E AA81A002
+ 43FAADD2 BF18E63D 389AE443 77DA18C5 76B50F00 96CF3419
+ 5483B005 48C09862 36E3BC7C B8D6801C 0494CCD1 99E5C5BD
+ 0D0EDC9E B8A0001E 15276754 FCC68566 054148E6 E764BEE7
+ C764DAAD 3FC45235 A6DAD428 FA20C170 E345003F 2F06EC81
+ 05FEB25B 2281B63D 2733BE96 1C29951D 11DD2221 657A9F53
+ 1DDA2A19 4DBB1264 48BDEEB2 58E07EA6 59C74619 A6380E1D
+ 66D6832B FE67F638 CD8FAE1F 2723020F 9C40A3FD A67EDA3B
+ D29238FB D4D4B488 5C2A9917 6DB1A06C 50077849 1A8288F1
+ 855F60FF FCF1D137 3FD94FC6 0C1811E1 AC3F1C6D 003BECDA
+ 3B1F2725 CA595DE0 CA63328F 3BE57CC9 77556011 95140DFB
+ 59D39CE0 91308B41 05746DAC 23D33E5F 7CE4848D A316A9C6
+ 6B9581BA 3573BFAF 31149618 8AB15423 282EE416 DC2A19C5
+ 724FA91A E4ADC88B C66796EA E5677A01 F64E8C08 63139582
+ 2D9DB8FC EE35C06B 1FEEA547 4D6D8F34 B1534A93 6A18B0E0
+ D20EAB86 BC9C6D6A 5207194E 67FA3555 1B568026 7B00641C
+ 0F212D18 ECA8D732 7ED91FE7 64A84EA1 B43FF5B4 F6E8E62F
+ 05C661DE FB258877 C35B18A1 51D5C414 AAAD97BA 3E499332
+ E596078E 600DEB81 149C441C E95782F2 2A282563 C5BAC141
+ 1423605D 1AE1AFAE 2C8B0660 237EC128 AA0FE346 4E435811
+ 5DB84CC3 B523073A 28D45498 84B81FF7 0E10BF36 1C137296
+ 28D5348F 07211E7E 4CF4F18B 286090BD B1240B66 D6CD4AFC
+ EADC00CA 446CE050 50FF183A D2BBF118 C1FC0EA5 1F97D22B
+ 8F7E4670 5D4527F4 5B42AEFF 39585337 6F697DD5 FDF2C518
+ 7D7D5F0E 2EB8D43F 17BA0F7C 60FF437F 535DFEF2 9833BF86
+ CBE88EA4 FBD4221E 84117283 54FA30A7 008F154A 41C7FC46
+ 6B4645DB E2E32126 7FFFFFFF FFFFFFFF
+
+ The estimated symmetric-equivalent strength of this group is 192
+ bits.
+*/
+static const char dh_ffdhe8192_pem[] =
+"-----BEGIN DH PARAMETERS-----\n"
+"MIIECAKCBAEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n"
+"+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n"
+"87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n"
+"YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n"
+"7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n"
+"ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n"
+"7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n"
+"nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e\n"
+"8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx\n"
+"iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K\n"
+"zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq\n"
+"OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE\n"
+"HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj\n"
+"w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8\n"
+"vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70\n"
+"A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKcz/Rq\n"
+"qjatAEz2AMg4HkJaMdlRrmT9sj/OyVCdQ2h/62nt0cxeC4zDvfZLEO+GtjFCo6uI\n"
+"KVVbL3R8kyZlyywPHMAb1wIpOIg50q8F5FRQSseLdYKCKEbAujXDX1xZFgzARv2C\n"
+"UVQfxoychrAiu3CZh2pGDnRRqKkxCXA/7hwhfmw4JuUsUappHg5CPPyZ6eMWUMEh\n"
+"e2JIFs2tmpX51bgBlIjZwKCh/jB1pXfiMYP4HUo/L6RXHvyM4LqKT+i2hV3+crCm\n"
+"bt7S+6v75Yow+vq+HF1xqH4vdB74wf6G/qa7/eUwZ38Nl9EdSfeoRD0IIuUGqfRh\n"
+"TgEeKpSDj/iM1oyLt8XGQkz//////////wIBAg==\n"
+"-----END DH PARAMETERS-----\n";
+
+/* ========================================================================= */
+
+/*
+ * Generated by Phil as a non-standard option.
+ * openssl dhparam -2 2048
+ * No provenance to prove non-tampering available, beyond trusting that this
+ * developer generated this as stated above.
+ */
+
+/* MacOSX 10.10.5 invoking system OpenSSL 0.9.8zg */
+static const char dh_exim_20160529_1[] =
+"-----BEGIN DH PARAMETERS-----\n"
+"MIIBCAKCAQEA8ZMf89Gaye4bDEX1BXZ9+2edkXym9EK0GxmFilHEGpnhgLNmCk+H\n"
+"cCb+zn8Ed5bpCOmRuEv9N/VKPjSpno8jYiQbFgUL3vh8uKvQLJNTzDVDbpd3YO7E\n"
+"tiS0L0qWL57zIf8b3VZTMRsH4Orz2Rla61wVl6XpxE5WRfGqPS264Vvfew7xmCoi\n"
+"INaFzIU6zwk2WeD6K5asctYlQG/UtgY1nRFkQTebIOpm03a6/hw7F14l3yUZgXfv\n"
+"I3m4MFaWvxGcuZxddTijXw3VfjMdWvdH3Iz7IcqD32uEzK6Rgi/t4OVSw1kE2oDt\n"
+"cFThPUCWb7O4TVq9Xt2UZqZFNU6kUAkv2wIBAg==\n"
+"-----END DH PARAMETERS-----\n";
+
+/* MacOSX 10.10.5 invoking OpenSSL 1.0.2h installed from brew bottle */
+static const char dh_exim_20160529_2[] =
+"-----BEGIN DH PARAMETERS-----\n"
+"MIIBCAKCAQEAot84eqyfSb5l8GRCN2ioWP5T85Z/2lVX9A9r9JzwDfvliAAqm6Vp\n"
+"UcHdAfVt54kc8DsmLiHdDhxY1I/wo+DcBylfVx13cmkroAocowOD5dwQMYk6iXjV\n"
+"ys4heRJhYlAHgt8QZH8dA8c/HLs+rlAHhSUPnetsZmcoPE0LRsjigJsiVXasm+sl\n"
+"g/77u5FCkgSrFILcD9PLPto1ciIXp2y8cjXQDk+D9FH1HaSCXLCLkuHxhQXxjTYO\n"
+"C3Q53aNLkDJ4zpPt7Kc9NxQFBVlNc260IFDOHTWhgV2zpyG6oIzQoHSmmiLAAfcF\n"
+"HrG7I06uZBLjuNGGaM0eeuxHNhs2G2EduwIBAg==\n"
+"-----END DH PARAMETERS-----\n";
+
+/* Ubuntu 14.04.4 running on dual-core Atom D2500 with OneRNG entropy key */
+static const char dh_exim_20160529_3[] =
+"-----BEGIN DH PARAMETERS-----\n"
+"MIIBCAKCAQEAkbRYVoge2PtrmV1eKCKluSBFELgckuLSnkuH0TffqbmfoYM34lFu\n"
+"2vPM2LhnzKvEBQlIICOTzQD29kROacRfSKpsNINRXhXKUqI6sFXzUZu4Flk69XKG\n"
+"ZOSDYvWkI5pSn1amQ4Nnvn6s+uwn/f0ZDZDiKLW9TgntxJV4A2+yeymaeoGCbIXX\n"
+"5q8WgajFhAeut36RL93HBnXT1hT7Eja1Y81w9fOzQrwBuXhyfCkAdiMA/VCp0UD4\n"
+"0p7uf+okpckVnwD6WnUCHMij8nGlVblZELFYzNi0udtzIrSwlALbZXIeAqhbZXJO\n"
+"lCuYspJhzV0Vs0lDJwrxvNwtdg1ernVIowIBAg==\n"
+"-----END DH PARAMETERS-----\n";
/* ========================================================================= */
@@ -470,7 +961,15 @@ struct dh_constant {
/* KEEP SORTED ALPHABETICALLY;
* duplicate PEM are okay, if we want aliases, but names must be alphabetical */
static struct dh_constant dh_constants[] = {
- { "default", dh_ike_23_pem },
+ { "default", dh_exim_20160529_3 },
+ { "exim.dev.20160529.1", dh_exim_20160529_1 },
+ { "exim.dev.20160529.2", dh_exim_20160529_2 },
+ { "exim.dev.20160529.3", dh_exim_20160529_3 },
+ { "ffdhe2048", dh_ffdhe2048_pem },
+ { "ffdhe3072", dh_ffdhe3072_pem },
+ { "ffdhe4096", dh_ffdhe4096_pem },
+ { "ffdhe6144", dh_ffdhe6144_pem },
+ { "ffdhe8192", dh_ffdhe8192_pem },
{ "ike1", dh_ike_1_pem },
{ "ike14", dh_ike_14_pem },
{ "ike15", dh_ike_15_pem },
diff --git a/src/util/.gitignore b/src/util/.gitignore
new file mode 100644
index 000000000..5d4972483
--- /dev/null
+++ b/src/util/.gitignore
@@ -0,0 +1,2 @@
+# Compiled programs:
+gen_pkcs3
diff --git a/src/util/gen_pkcs3.c b/src/util/gen_pkcs3.c
index 4be2c581e..6a467e07a 100644
--- a/src/util/gen_pkcs3.c
+++ b/src/util/gen_pkcs3.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2012 Phil Pennock.
+/* Copyright (C) 2012,2016 Phil Pennock.
* This is distributed as part of Exim and licensed under the GPL.
* See the file "NOTICE" for more details.
*/
@@ -86,7 +86,7 @@ bn_from_text(const char *text)
rc = BN_hex2bn(&b, spaceless);
if (rc != p - spaceless)
- die("BN_hex2bn did not convert entire input; took %d of %z bytes",
+ die("BN_hex2bn did not convert entire input; took %d of %zu bytes",
rc, p - spaceless);
return b;
@@ -134,7 +134,7 @@ emit_c_format_dh(FILE *stream, DH *dh)
break;
}
*nl = '\0';
- fprintf(stream, "\"%s\\n\"\n", p);
+ fprintf(stream, "\"%s\\n\"%s\n", p, (nl == end - 1 ? ";" : ""));
p = nl + 1;
}
}
@@ -143,9 +143,11 @@ emit_c_format_dh(FILE *stream, DH *dh)
void __attribute__((__noreturn__))
usage(FILE *stream, int exitcode)
{
- fprintf(stream, "Usage: %s [-CPcst] <dh_p> <dh_g>\n"
+ fprintf(stream, "Usage: %s [-CPcst] <dh_p> <dh_g> [<dh_q>]\n"
"Both dh_p and dh_g should be hex strings representing the numbers\n"
+"The same applies to the optional dh_q (prime-order subgroup).\n"
"They may contain whitespace.\n"
+"Older values, dh_g is often just '2', not a long string.\n"
"\n"
" -C show C string form of PEM result\n"
" -P do not show PEM\n"
@@ -161,7 +163,7 @@ usage(FILE *stream, int exitcode)
int
main(int argc, char *argv[])
{
- BIGNUM *p, *g;
+ BIGNUM *p, *g, *q;
DH *dh;
int ch;
bool perform_dh_check = false;
@@ -169,6 +171,7 @@ main(int argc, char *argv[])
bool show_numbers = false;
bool show_pem = true;
bool show_text = false;
+ bool given_q = false;
while ((ch = getopt(argc, argv, "CPcsth")) != -1) {
switch (ch) {
@@ -201,25 +204,49 @@ main(int argc, char *argv[])
argc -= optind;
argv += optind;
- if (argc != 3) {
+ if ((argc < 3) || (argc > 4)) {
fprintf(stderr, "argc: %d\n", argc);
usage(stderr, 1);
}
+ // If we use DH_set0_pqg instead of setting dh fields directly; the q value
+ // is optional and may be NULL.
+ // Just blank them all.
+ p = g = q = NULL;
+
p = bn_from_text(argv[1]);
g = bn_from_text(argv[2]);
+ if (argc >= 4) {
+ q = bn_from_text(argv[3]);
+ given_q = true;
+ }
if (show_numbers) {
printf("p = ");
BN_print_fp(stdout, p);
printf("\ng = ");
BN_print_fp(stdout, g);
+ if (given_q) {
+ printf("\nq = ");
+ BN_print_fp(stdout, q);
+ }
printf("\n");
}
dh = DH_new();
+ // The documented method for setting q appeared in OpenSSL 1.1.0.
+#if OPENSSL_VERSION_NUMBER >= 0x1010000f
+ // NULL okay for q; yes, the optional value is in the middle.
+ if (DH_set0_pqg(dh, p, q, g) != 1) {
+ die_openssl_err("initialising DH pqg values failed");
+ }
+#else
dh->p = p;
dh->g = g;
+ if (given_q) {
+ dh->q = q;
+ }
+#endif
if (perform_dh_check)
our_dh_check(dh);
@@ -234,6 +261,6 @@ main(int argc, char *argv[])
PEM_write_DHparams(stdout, dh);
}
- DH_free(dh); /* should free p & g too */
+ DH_free(dh); /* should free p,g (& q if non-NULL) too */
return 0;
}