From 0d1aba2ce2e74159bcc549b034307502ad6a7fd0 Mon Sep 17 00:00:00 2001 From: Matthew Mondor Date: Sun, 8 Jun 2014 18:05:29 +0000 Subject: [PATCH] - Now use vsprintf()/vsnprintf() instead of the buggy internal version which crashed when recompiled for new systems - Fixed various gcc warnings, and use socklen_t where appropriate/ - Made client reverse DNS optional, disabled by default, as there seemed to be timeout issues with the resolver when rebuilt for new systems, delaying connections until DNS timeout. - Make SSL connections support forward secrecy using Diffie-Hellman per-session keys loaded with strong parameters, favor strong ciphers, and refuse to use the old insecure SSLv2 protocol. - Only client SSL connections are supported, as before, but eventually it should be used for inter-server links as well. --- RUBIKS-CHANGES | 17 ++ include/patchlevel.h | 4 +- src/dh.c | 4 +- src/ircsprintf.c | 11 + src/m_server.c | 8 +- src/packet.c | 8 +- src/res.c | 5 +- src/s_auth.c | 6 +- src/s_bsd.c | 45 ++-- src/s_conf.c | 4 +- src/s_misc.c | 17 +- src/send.c | 11 +- src/ssl.c | 697 ++++++++++++++++++++++++++++++++++++++++++++++++++- src/zlink.c | 12 +- 14 files changed, 795 insertions(+), 54 deletions(-) diff --git a/RUBIKS-CHANGES b/RUBIKS-CHANGES index 5f2d88f..5f5b547 100644 --- a/RUBIKS-CHANGES +++ b/RUBIKS-CHANGES @@ -1,3 +1,20 @@ + +rubiks-ircd-1-0-5 +================= + +- Now use vsprintf()/vsnprintf() instead of the buggy internal version which + crashed when recompiled for new systems +- Fixed various gcc warnings, and use socklen_t where appropriate/ +- Made client reverse DNS optional, disabled by default, as there seemed to + be timeout issues with the resolver when rebuilt for new systems, delaying + connections until DNS timeout. +- Make SSL connections support forward secrecy using Diffie-Hellman + per-session keys loaded with strong parameters, favor strong ciphers, and + refuse to use the old insecure SSLv2 protocol. +- Only client SSL connections are supported, as before, but eventually it + should be used for inter-server links as well. + + rubiks-ircd-1-0-4 ================= diff --git a/include/patchlevel.h b/include/patchlevel.h index 0532cda..5852987 100644 --- a/include/patchlevel.h +++ b/include/patchlevel.h @@ -16,7 +16,7 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -/* $Id: patchlevel.h,v 1.5 2006/12/15 19:28:25 mmondor Exp $ */ +/* $Id: patchlevel.h,v 1.6 2014/06/08 18:05:24 mmondor Exp $ */ #ifndef __patchlevel_header__ #define __patchlevel_header__ @@ -31,7 +31,7 @@ #define BASENAME "rubiks-ircd" #define MAJOR 1 #define MINOR 0 -#define PATCH 4 +#define PATCH 5 #define PATCHES "" diff --git a/src/dh.c b/src/dh.c index 8d613d8..f993035 100644 --- a/src/dh.c +++ b/src/dh.c @@ -17,7 +17,7 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -/* $Id: dh.c,v 1.1 2005/01/12 07:44:56 mmondor Exp $ */ +/* $Id: dh.c,v 1.2 2014/06/08 18:05:29 mmondor Exp $ */ /* * Diffie-Hellman key exchange for bahamut ircd. @@ -257,7 +257,7 @@ int dh_generate_shared(void *session, char *public_key) si->session_shared_length = DH_size(si->dh); si->session_shared = (char *) malloc(DH_size(si->dh)); - len = DH_compute_key(si->session_shared, tmp, si->dh); + len = DH_compute_key((unsigned char *)si->session_shared, tmp, si->dh); BN_free(tmp); if(len < 0) diff --git a/src/ircsprintf.c b/src/ircsprintf.c index 4841047..49fae17 100644 --- a/src/ircsprintf.c +++ b/src/ircsprintf.c @@ -6,6 +6,7 @@ char xtoa_tab[16] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; char nullstring[]="(null)"; +#ifdef CUSTOM_VSPRINTF #ifdef WANT_SNPRINTF inline int irc_printf(char *str, size_t size, const char *pattern, va_list vl) #else @@ -206,6 +207,16 @@ inline int irc_printf(char *str, const char *pattern, va_list vl) } #endif /* WANT_SNPRINTF */ } +#else /* CUSTOM_VSPRINTF */ +inline int +irc_printf(char *str, size_t size, const char *pattern, va_list vl) +{ + if (size == 0) + return vsprintf(str, pattern, vl); + else + return vsnprintf(str, size, pattern, vl); +} +#endif /* CUSTOM_VSPRINTF */ int ircsprintf(char *str, const char *format, ...) { diff --git a/src/m_server.c b/src/m_server.c index 9566e40..30e3330 100644 --- a/src/m_server.c +++ b/src/m_server.c @@ -16,7 +16,7 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -/* $Id: m_server.c,v 1.1 2005/01/12 07:44:56 mmondor Exp $ */ +/* $Id: m_server.c,v 1.2 2014/06/08 18:05:29 mmondor Exp $ */ #include "struct.h" #include "common.h" @@ -862,13 +862,15 @@ int m_dkey(aClient *cptr, aClient *sptr, int parc, char *parv[]) if(!dh_get_s_shared(keybuf, &keylen, sptr->serv->sessioninfo_in)) return exit_client(sptr, sptr, sptr, "Could not setup encrypted session"); - sptr->serv->rc4_in = rc4_initstate(keybuf, keylen); + sptr->serv->rc4_in = rc4_initstate((unsigned char *)keybuf, + keylen); keylen = 1024; if(!dh_get_s_shared(keybuf, &keylen, sptr->serv->sessioninfo_out)) return exit_client(sptr, sptr, sptr, "Could not setup encrypted session"); - sptr->serv->rc4_out = rc4_initstate(keybuf, keylen); + sptr->serv->rc4_out = rc4_initstate((unsigned char *)keybuf, + keylen); dh_end_session(sptr->serv->sessioninfo_in); dh_end_session(sptr->serv->sessioninfo_out); diff --git a/src/packet.c b/src/packet.c index 4efc920..6128089 100644 --- a/src/packet.c +++ b/src/packet.c @@ -18,7 +18,7 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -/* $Id: packet.c,v 1.1 2005/01/12 07:44:56 mmondor Exp $ */ +/* $Id: packet.c,v 1.2 2014/06/08 18:05:29 mmondor Exp $ */ #include "struct.h" #include "common.h" @@ -51,7 +51,8 @@ int dopacket(aClient *cptr, char *buffer, int length) #ifdef HAVE_ENCRYPTION_ON if(IsRC4IN(cptr)) - rc4_process_stream(cptr->serv->rc4_in, buffer, length); + rc4_process_stream(cptr->serv->rc4_in, (unsigned char *)buffer, + length); #endif me.receiveB += length; /* Update bytes received */ @@ -145,7 +146,8 @@ zcontinue: #ifdef HAVE_ENCRYPTION_ON case RC4_NEXT_BUFFER: if(length) - rc4_process_stream(cptr->serv->rc4_in, ch2, length); + rc4_process_stream(cptr->serv->rc4_in, + (unsigned char *)ch2, length); break; #endif diff --git a/src/res.c b/src/res.c index 06fb3e3..716dfc1 100644 --- a/src/res.c +++ b/src/res.c @@ -5,7 +5,7 @@ * loss of property which results from the use of this software. */ -/* $Id: res.c,v 1.1 2005/01/12 07:44:57 mmondor Exp $ */ +/* $Id: res.c,v 1.2 2014/06/08 18:05:29 mmondor Exp $ */ #include "struct.h" #include "common.h" @@ -1098,7 +1098,8 @@ struct hostent *get_res(char *lp) ResRQ *rptr = NULL; aCache *cp = (aCache *) NULL; struct sockaddr_in sin; - int rc, a, len = sizeof(sin), max; + int rc, a, max; + socklen_t len = sizeof(sin); rc = recvfrom(resfd, buf, sizeof(buf), 0, (struct sockaddr *) &sin, &len); if (rc <= sizeof(HEADER)) diff --git a/src/s_auth.c b/src/s_auth.c index 3d5f434..fd79a36 100644 --- a/src/s_auth.c +++ b/src/s_auth.c @@ -17,7 +17,7 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -/* $Id: s_auth.c,v 1.1 2005/01/12 07:44:57 mmondor Exp $ */ +/* $Id: s_auth.c,v 1.2 2014/06/08 18:05:29 mmondor Exp $ */ #include "struct.h" #include "common.h" @@ -54,7 +54,7 @@ void start_auth(aClient *cptr) { struct sockaddr_in sock; struct sockaddr_in localaddr; - int locallen; + socklen_t locallen; Debug((DEBUG_NOTICE, "start_auth(%x) fd %d status %d", cptr, cptr->fd, cptr->status)); @@ -141,7 +141,7 @@ void send_authports(aClient *cptr) { struct sockaddr_in us, them; char authbuf[32]; - int ulen, tlen; + socklen_t ulen, tlen; Debug((DEBUG_NOTICE, "write_authports(%x) fd %d authfd %d stat %d", cptr, cptr->fd, cptr->authfd, cptr->status)); diff --git a/src/s_bsd.c b/src/s_bsd.c index a0bf5ba..db70a02 100644 --- a/src/s_bsd.c +++ b/src/s_bsd.c @@ -18,7 +18,7 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -/* $Id: s_bsd.c,v 1.2 2005/01/13 10:35:44 mmondor Exp $ */ +/* $Id: s_bsd.c,v 1.3 2014/06/08 18:05:29 mmondor Exp $ */ #include "struct.h" #include "common.h" @@ -177,7 +177,8 @@ void report_error(char *text, aClient * cptr) { int errtmp = errno; /* debug may change 'errno' */ char *host; - int err, len = sizeof(err); + int err; + socklen_t len = sizeof(err); extern char *strerror(); host = (cptr) ? get_client_name(cptr, (IsServer(cptr) ? HIDEME : FALSE)) @@ -212,7 +213,8 @@ void report_listener_error(char *text, aListener *lptr) { int errtmp = errno; /* debug may change 'errno' */ char *host; - int err, len = sizeof(err); + int err; + socklen_t len = sizeof(err); extern char *strerror(); host = get_listener_name(lptr); @@ -274,7 +276,8 @@ int add_listener(aPort *aport) aListener *lptr; aListener lstn; struct sockaddr_in server; - int ad[4], len = sizeof(server); + int ad[4]; + socklen_t len = sizeof(server); char ipname[20]; #ifdef USE_SSL extern int ssl_capable; @@ -577,7 +580,7 @@ void write_pidfile() static int check_init(aClient * cptr, char *sockn) { struct sockaddr_in sk; - int len = sizeof(struct sockaddr_in); +socklen_t len = sizeof(struct sockaddr_in); /* If descriptor is a tty, special checking... * IT can't EVER be a tty */ @@ -1001,7 +1004,7 @@ static void set_sock_opts(int fd, aClient * cptr) #if defined(MAXBUFFERS) if (rcvbufmax == 0) { - int optlen; + socklen_t optlen; optlen = sizeof(rcvbufmax); getsockopt(fd, SOL_SOCKET, SO_RCVBUF, (char *) &rcvbufmax, &optlen); @@ -1025,7 +1028,7 @@ static void set_sock_opts(int fd, aClient * cptr) #if defined(MAXBUFFERS) if (sndbufmax == 0) { - int optlen; + socklen_t optlen; optlen = sizeof(sndbufmax); getsockopt(fd, SOL_SOCKET, SO_SNDBUF, (char *) &sndbufmax, &optlen); @@ -1048,17 +1051,16 @@ static void set_sock_opts(int fd, aClient * cptr) { #if defined(MAXBUFFERS) char *s = readbuf, *t = readbuf + (rcvbufmax * sizeof(char)) / 2; - opt = (rcvbufmax * sizeof(char)) / 8; + socklen_t optlen = (rcvbufmax * sizeof(char)) / 8; #else char *s = readbuf, *t = readbuf + sizeof(readbuf) / 2; - - opt = sizeof(readbuf) / 8; + socklen_t optlen = sizeof(readbuf) / 8; #endif - if (getsockopt(fd, IPPROTO_IP, IP_OPTIONS, t, &opt) < 0) + if (getsockopt(fd, IPPROTO_IP, IP_OPTIONS, t, &optlen) < 0) silent_report_error("getsockopt(IP_OPTIONS) %s:%s", cptr); - else if (opt > 0) + else if (optlen > 0) { - for (*readbuf = '\0'; opt > 0; opt--, s += 3) + for (*readbuf = '\0'; optlen > 0; optlen--, s += 3) ircsprintf(s, "%02.2x:", *t++); *s = '\0'; sendto_realops("Connection %s using IP opts: (%s)", @@ -1100,7 +1102,7 @@ static void set_listener_sock_opts(int fd, aListener *lptr) # if defined(MAXBUFFERS) if (rcvbufmax == 0) { - int optlen; + socklen_t optlen; optlen = sizeof(rcvbufmax); getsockopt(fd, SOL_SOCKET, SO_RCVBUF, (char *) &rcvbufmax, &optlen); @@ -1121,7 +1123,7 @@ static void set_listener_sock_opts(int fd, aListener *lptr) #if defined(MAXBUFFERS) if (sndbufmax == 0) { - int optlen; + socklen_t optlen; optlen = sizeof(sndbufmax); getsockopt(fd, SOL_SOCKET, SO_SNDBUF, (char *) &sndbufmax, &optlen); @@ -1142,7 +1144,8 @@ static void set_listener_sock_opts(int fd, aListener *lptr) int get_sockerr(aClient * cptr) { - int errtmp = errno, err = 0, len = sizeof(err); + int errtmp = errno, err = 0; + socklen_t len = sizeof(err); #ifdef SO_ERROR if (cptr->fd >= 0) @@ -1214,11 +1217,13 @@ void set_listener_non_blocking(int fd, aListener *lptr) */ aClient *add_connection(aListener *lptr, int fd) { +#ifdef DO_REVERSE_DNS_RESOLVE Link lin; +#endif aClient *acptr = NULL; char *s, *t; struct sockaddr_in addr; - int len = sizeof(struct sockaddr_in); + socklen_t len = sizeof(struct sockaddr_in); struct userBan *ban; if (getpeername(fd, (struct sockaddr *) &addr, &len) == -1) @@ -1308,6 +1313,7 @@ aClient *add_connection(aListener *lptr, int fd) if(call_hooks(CHOOK_PREACCESS, acptr) == FLUSH_BUFFER) return NULL; +#ifdef DO_REVERSE_DNS_RESOLVE #ifdef SHOW_HEADERS sendto_one(acptr, REPORT_DO_DNS); #endif @@ -1322,7 +1328,8 @@ aClient *add_connection(aListener *lptr, int fd) sendto_one(acptr, REPORT_FIN_DNSC); #endif nextdnscheck = 1; - +#endif /* DO_REVERSE_DNS_RESOLVE */ + #ifdef DO_IDENTD start_auth(acptr); #endif @@ -1566,7 +1573,7 @@ void read_error_exit(aClient *cptr, int length, int err) void accept_connection(aListener *lptr) { static struct sockaddr_in addr; - int addrlen = sizeof(struct sockaddr_in); + socklen_t addrlen = sizeof(struct sockaddr_in); char host[HOSTLEN + 2]; int newfd; int i; diff --git a/src/s_conf.c b/src/s_conf.c index 08954c7..156ba57 100644 --- a/src/s_conf.c +++ b/src/s_conf.c @@ -18,7 +18,7 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -/* $Id: s_conf.c,v 1.4 2005/01/13 10:35:45 mmondor Exp $ */ +/* $Id: s_conf.c,v 1.5 2014/06/08 18:05:29 mmondor Exp $ */ #include "struct.h" #include "common.h" @@ -1311,7 +1311,7 @@ confadd_global(cVar *vars[], int lnum) { if(tmp->type && (tmp->type->flag & SCONFF_NAME)) { - unsigned char *s; + char *s; int valid = 0; if(x->servername) { diff --git a/src/s_misc.c b/src/s_misc.c index 09e8228..7afb240 100644 --- a/src/s_misc.c +++ b/src/s_misc.c @@ -21,7 +21,7 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -/* $Id: s_misc.c,v 1.3 2005/01/13 10:35:45 mmondor Exp $ */ +/* $Id: s_misc.c,v 1.4 2014/06/08 18:05:29 mmondor Exp $ */ #include #include "struct.h" @@ -712,14 +712,17 @@ exit_client(aClient *cptr, aClient *sptr, aClient *from, char *comment) */ if (IsServer(sptr)) { - sendto_ops("%s was connected for %lu seconds. %lu/%lu " - "sendK/recvK.", sptr->name, timeofday - sptr->firsttime, - sptr->sendK, sptr->receiveK); + sendto_ops("%s was connected for %llu seconds. %llu/%llu " + "sendK/recvK.", sptr->name, + (unsigned long long)(timeofday - sptr->firsttime), + (unsigned long long)sptr->sendK, + (unsigned long long)sptr->receiveK); #ifdef USE_SYSLOG - syslog(LOG_NOTICE, "%s was connected for %lu seconds. %lu/%lu " + syslog(LOG_NOTICE, "%s was connected for %llu seconds. %llu/%llu " "sendK/recvK.", sptr->name, - (u_long) timeofday - sptr->firsttime, - sptr->sendK, sptr->receiveK); + (unsigned long long)(timeofday - sptr->firsttime), + (unsigned long long)sptr->sendK, + (unsigned long long)sptr->receiveK); #endif close_connection(sptr); sptr->sockerr = 0; diff --git a/src/send.c b/src/send.c index f6f494c..ef37f93 100644 --- a/src/send.c +++ b/src/send.c @@ -18,7 +18,7 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -/* $Id: send.c,v 1.2 2005/01/13 06:20:45 mmondor Exp $ */ +/* $Id: send.c,v 1.3 2014/06/08 18:05:29 mmondor Exp $ */ #include "struct.h" #include "common.h" @@ -228,7 +228,8 @@ static int send_message(aClient *to, char *msg, int len, void* sbuf) if(IsRC4OUT(to)) { /* don't destroy the data in 'msg' */ - rc4_process_stream_to_buf(to->serv->rc4_out, msg, rc4buf, len); + rc4_process_stream_to_buf(to->serv->rc4_out, (unsigned char *)msg, + (unsigned char *)rc4buf, len); msg = rc4buf; } #endif @@ -332,7 +333,8 @@ int send_queued(aClient *to) #ifdef HAVE_ENCRYPTION_ON if(IsRC4OUT(to)) - rc4_process_stream(to->serv->rc4_out, msg, len); + rc4_process_stream(to->serv->rc4_out, (unsigned char *)msg, + len); #endif /* silently stick this on the sendq... */ if (!sbuf_put(&to->sendQ, msg, len)) @@ -384,7 +386,8 @@ int send_queued(aClient *to) #ifdef HAVE_ENCRYPTION_ON if(IsRC4OUT(to)) - rc4_process_stream(to->serv->rc4_out, msg, len); + rc4_process_stream(to->serv->rc4_out, (unsigned char *)msg, + len); #endif /* silently stick this on the sendq... */ if (!sbuf_put(&to->sendQ, msg, len)) diff --git a/src/ssl.c b/src/ssl.c index 554c504..903ca17 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1,6 +1,9 @@ +/* $Id: ssl.c,v 1.2 2014/06/08 18:05:29 mmondor Exp $ */ + /************************************************************************ * IRC - Internet Relay Chat, src/ssl.c * Copyright (C) 2002 Barnaba Marcello + * Updated 2014 by Matthew Mondor * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -32,20 +35,703 @@ #define SAFE_SSL_WRITE 2 #define SAFE_SSL_ACCEPT 3 +#define DH_MAX 8192 + +typedef struct dh_param { + int len; + DH *dh; +} dh_param_t; + + +static DH *get_dh1024(void); +static DH *get_dh2048(void); +static DH *get_dh3072(void); +static DH *get_dh4096(void); +static DH *get_dh5120(void); +static DH *get_dh6144(void); +static DH *get_dh7168(void); +static DH *get_dh8192(void); +static DH *tmp_dh_load(int); +static DH *tmp_dh_callback(SSL *, int, int); +static EC_KEY *tmp_ecdh_callback(SSL *, int, int); +static int tmp_dh_load_all(void); + + +static dh_param_t *dh_params = NULL; + extern int errno; SSL_CTX *ircdssl_ctx; int ssl_capable = 0; + +static DH * +get_dh1024() +{ + static unsigned char dh1024_p[] = { + 0xCD, 0xCC, 0x27, 0x22, 0x6C, 0xF5, 0x0B, 0x43, 0x17, 0x59, 0x26, 0x02, + 0xEF, 0x76, 0xCF, 0xD6, 0x00, 0x8B, 0x33, 0x99, 0x51, 0x5C, 0x94, 0x46, + 0xEA, 0x57, 0xD4, 0xBD, 0x70, 0xA7, 0xDD, 0xF3, 0xE4, 0x19, 0x3E, 0x5C, + 0xCA, 0x46, 0x13, 0xE8, 0x82, 0xE5, 0x47, 0x73, 0x0A, 0x93, 0x9A, 0xF2, + 0x8D, 0xF8, 0xB0, 0x38, 0xF6, 0xD3, 0xF9, 0xAF, 0x5E, 0xB8, 0x91, 0x42, + 0xAC, 0xC7, 0xF1, 0xBB, 0x5E, 0xB0, 0x26, 0xC3, 0x40, 0x35, 0x48, 0xE5, + 0x6A, 0x84, 0x94, 0x8C, 0xDA, 0x56, 0xEF, 0x0A, 0x49, 0x59, 0xC7, 0xD3, + 0x19, 0x6A, 0xD1, 0x2D, 0xE6, 0xF9, 0x8E, 0x33, 0xBD, 0x44, 0x3B, 0x83, + 0x4E, 0x47, 0xBF, 0xC0, 0x91, 0x43, 0x37, 0x7D, 0x3D, 0xA0, 0xD2, 0x41, + 0x2E, 0xC9, 0x0B, 0x70, 0x33, 0xCB, 0x81, 0xE0, 0xF9, 0x32, 0x79, 0x69, + 0x96, 0xAD, 0xAD, 0xCD, 0xC8, 0xE5, 0xB3, 0xBB + }; + static unsigned char dh1024_g[] = { + 0x02 + }; + DH *dh; + + if ((dh = DH_new()) == NULL) + return NULL; + dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); + dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); + if ((dh->p == NULL) || (dh->g == NULL)) { + DH_free(dh); + return NULL; + } + return dh; +} + +static DH * +get_dh2048(void) +{ + static unsigned char dh2048_p[] = { + 0x8D, 0x82, 0x44, 0xAD, 0xB0, 0x14, 0x5A, 0xBF, 0x26, 0x2B, 0xDA, 0x35, + 0xA6, 0x4D, 0xCD, 0xC4, 0xC9, 0xD3, 0x3A, 0x05, 0x20, 0x8C, 0x49, 0x12, + 0x88, 0x17, 0x10, 0xC3, 0xF2, 0xAC, 0xEF, 0x93, 0xAE, 0x41, 0x6A, 0xA1, + 0x00, 0x38, 0xCE, 0x16, 0xB2, 0x8F, 0x45, 0xE6, 0xE8, 0xB7, 0xC9, 0x27, + 0xBE, 0x3F, 0xF4, 0x69, 0xDB, 0x59, 0x7F, 0xBD, 0x53, 0xCC, 0xFD, 0x8E, + 0xB3, 0xB7, 0x5F, 0xFE, 0x1C, 0xC2, 0xDC, 0xBD, 0x4F, 0x42, 0x2A, 0xD6, + 0x2B, 0xD3, 0x4D, 0x3B, 0x0F, 0xBC, 0x46, 0x11, 0x0E, 0xE9, 0x6C, 0xCF, + 0x95, 0x1F, 0x5B, 0xDD, 0x91, 0x17, 0x49, 0xBB, 0x39, 0xB4, 0x3C, 0x61, + 0x1C, 0x89, 0x03, 0x6A, 0x00, 0xBE, 0x20, 0x38, 0xEB, 0xB5, 0x44, 0x69, + 0x82, 0x80, 0x54, 0x51, 0x11, 0x73, 0x14, 0xE8, 0xCE, 0xB2, 0x73, 0x33, + 0x22, 0x45, 0x07, 0xF4, 0xA7, 0x6B, 0xC1, 0x60, 0x4A, 0xD3, 0x31, 0x12, + 0x17, 0x59, 0x5D, 0x9E, 0x81, 0x51, 0xED, 0x54, 0x67, 0xC4, 0x8C, 0x5F, + 0x1E, 0xFD, 0x4A, 0xF0, 0xA6, 0x2C, 0xC3, 0xFF, 0x58, 0x8E, 0x50, 0x96, + 0x79, 0x0E, 0xF5, 0x00, 0xBA, 0x6E, 0xCC, 0x44, 0xAE, 0xDC, 0xE7, 0xA6, + 0xC7, 0xCA, 0x36, 0xC9, 0x90, 0x4D, 0x27, 0x1E, 0xE4, 0xBD, 0x18, 0x84, + 0x36, 0xD2, 0xEE, 0x6A, 0x87, 0x61, 0xB4, 0xFF, 0xB0, 0x2F, 0x3F, 0x0D, + 0x51, 0x99, 0xB6, 0x03, 0x7B, 0xF8, 0x65, 0x73, 0x05, 0x9A, 0xF3, 0x98, + 0xB1, 0xF1, 0x39, 0x3F, 0x2C, 0x8C, 0x90, 0x6F, 0x1E, 0xF8, 0x35, 0x83, + 0xD6, 0x61, 0x9A, 0x9C, 0x10, 0xF4, 0xFC, 0x9E, 0x37, 0xD7, 0x18, 0xCB, + 0x7B, 0x97, 0x13, 0xF6, 0xCF, 0xAF, 0xEE, 0xED, 0x19, 0x9E, 0x89, 0x98, + 0x8D, 0x0F, 0xAF, 0x9D, 0xBD, 0x36, 0xAA, 0xA8, 0xBD, 0x52, 0xEB, 0xD7, + 0x75, 0xCC, 0xF7, 0xFB + }; + static unsigned char dh2048_g[] = { + 0x02 + }; + DH *dh; + + if ((dh = DH_new()) == NULL) + return NULL; + dh->p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL); + dh->g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL); + if ((dh->p == NULL) || (dh->g == NULL)) { + DH_free(dh); + return NULL; + } + return dh; +} + +static DH * +get_dh3072(void) +{ + static unsigned char dh3072_p[] = { + 0xA4, 0x9E, 0x13, 0x25, 0x9E, 0xEB, 0x2D, 0x5F, 0xCA, 0xE5, 0x77, 0x59, + 0x7A, 0x34, 0x80, 0xA5, 0x45, 0x87, 0xA3, 0x9E, 0xE3, 0x28, 0x47, 0x05, + 0xAA, 0x5D, 0x02, 0x69, 0xFB, 0xD7, 0x74, 0x08, 0x41, 0xA3, 0x1C, 0x57, + 0xD9, 0xBF, 0x1E, 0xBD, 0x56, 0x93, 0x3B, 0xD3, 0xC0, 0xA6, 0x6B, 0x5E, + 0x90, 0x09, 0xD1, 0x86, 0xE5, 0x3F, 0x19, 0x3C, 0x3A, 0x58, 0x67, 0xD9, + 0x1F, 0x0F, 0x1D, 0xF5, 0x3E, 0x0A, 0xFD, 0x1A, 0xFB, 0x42, 0xAF, 0xB8, + 0x8F, 0xE9, 0xF0, 0xF9, 0x7C, 0x1C, 0x37, 0xD3, 0xDA, 0xAC, 0x42, 0xFC, + 0x72, 0xC0, 0x85, 0xF7, 0x01, 0x57, 0x0C, 0x82, 0x4D, 0xAC, 0xBD, 0x2B, + 0x08, 0x2D, 0x7A, 0xC2, 0xD9, 0xAA, 0x54, 0x99, 0xF7, 0x21, 0x03, 0x52, + 0x6A, 0xEA, 0xF1, 0xE7, 0xD4, 0x7C, 0xF2, 0x14, 0x6B, 0xE6, 0xE9, 0x11, + 0xB0, 0xF7, 0xF9, 0xB1, 0xB4, 0xD3, 0x73, 0xB3, 0xBE, 0xBF, 0x2A, 0xFC, + 0xDE, 0x4E, 0x28, 0xB7, 0xB2, 0xD4, 0x70, 0x96, 0x67, 0xF1, 0x4D, 0x99, + 0x0C, 0xC2, 0xA2, 0x2C, 0x74, 0xA5, 0xAC, 0xF7, 0xD8, 0xFC, 0xB3, 0x4F, + 0x18, 0xE1, 0xBA, 0x0B, 0x3D, 0x65, 0x93, 0xE6, 0xA2, 0x9A, 0x0E, 0x60, + 0xB3, 0x2B, 0x39, 0xFD, 0x53, 0x29, 0xB2, 0x08, 0x9C, 0x4D, 0xC1, 0x12, + 0x19, 0xEE, 0x06, 0x34, 0x3C, 0x8B, 0x6B, 0xE8, 0xD4, 0xE9, 0x91, 0x4F, + 0xA6, 0x07, 0x82, 0xFE, 0xC5, 0xEB, 0x19, 0x83, 0xD6, 0x88, 0x10, 0xFC, + 0x12, 0x6F, 0xEC, 0x16, 0x67, 0x5E, 0x10, 0xBE, 0xBA, 0x8E, 0xC3, 0x60, + 0x11, 0xF2, 0x46, 0x24, 0xC5, 0x95, 0xAD, 0x29, 0xDF, 0x14, 0x79, 0xDC, + 0xF0, 0x5B, 0x47, 0x64, 0x2B, 0x18, 0xA0, 0x93, 0x49, 0xBA, 0x44, 0xA9, + 0xC3, 0x31, 0xC8, 0x6E, 0xF4, 0xCE, 0x27, 0x2E, 0x4D, 0x28, 0xCC, 0x7E, + 0x38, 0xC7, 0xC4, 0xDC, 0x9D, 0x0D, 0x9D, 0x76, 0x42, 0xCA, 0xB9, 0x13, + 0x15, 0x54, 0x25, 0x2C, 0x45, 0xA6, 0x0E, 0xAE, 0xC4, 0x88, 0x1B, 0x81, + 0x5F, 0x0A, 0x97, 0x87, 0xB4, 0xB5, 0x4E, 0x48, 0x27, 0x80, 0xF5, 0x68, + 0x84, 0xB6, 0x36, 0xA0, 0xCC, 0xAA, 0x6F, 0xF0, 0xDE, 0x07, 0xBB, 0x80, + 0x2A, 0x41, 0xD4, 0x94, 0x4A, 0x41, 0xDF, 0xEF, 0x90, 0x29, 0x8A, 0x3A, + 0xC4, 0x60, 0x63, 0xB9, 0x57, 0x43, 0xA3, 0x76, 0xC3, 0x48, 0x41, 0x56, + 0x57, 0xC6, 0x87, 0x3A, 0x63, 0x0D, 0x85, 0x35, 0xCC, 0xDF, 0xEF, 0x5C, + 0x14, 0x79, 0x9F, 0x77, 0x3C, 0xC2, 0xF6, 0xB8, 0x42, 0x14, 0x59, 0x6D, + 0x90, 0x9D, 0x0B, 0x87, 0x4B, 0x14, 0x32, 0x17, 0x72, 0x06, 0xDB, 0x71, + 0x2A, 0x20, 0x9D, 0xE5, 0xC2, 0x14, 0x6F, 0xD9, 0xD2, 0x44, 0xE0, 0x9D, + 0x07, 0x0A, 0xE7, 0x18, 0x1A, 0x70, 0x8E, 0x5B, 0xAB, 0x09, 0x98, 0xB3, + }; + static unsigned char dh3072_g[] = { + 0x02 + }; + DH *dh; + + if ((dh = DH_new()) == NULL) + return NULL; + dh->p = BN_bin2bn(dh3072_p, sizeof(dh3072_p), NULL); + dh->g = BN_bin2bn(dh3072_g, sizeof(dh3072_g), NULL); + if ((dh->p == NULL) || (dh->g == NULL)) { + DH_free(dh); + return NULL; + } + return dh; +} + +static DH * +get_dh4096(void) +{ + static unsigned char dh4096_p[] = { + 0xFF, 0x59, 0x54, 0x42, 0xD8, 0xCD, 0x56, 0x20, 0x51, 0xCC, 0x56, 0xB6, + 0x1F, 0x1F, 0x7D, 0x0E, 0x03, 0xD1, 0x28, 0xA4, 0xE3, 0x8C, 0x25, 0xBB, + 0x84, 0xFB, 0x00, 0x67, 0x37, 0x00, 0x49, 0x5C, 0x3E, 0x59, 0xD2, 0x33, + 0x4D, 0xF4, 0xCD, 0xAF, 0xB6, 0xFE, 0x39, 0x91, 0xE2, 0x1A, 0x61, 0x66, + 0x08, 0x99, 0x73, 0x96, 0x27, 0x5C, 0x8F, 0x02, 0xA1, 0x0C, 0xFC, 0xB9, + 0x40, 0x0F, 0xCA, 0x7B, 0x01, 0x53, 0xE6, 0xF9, 0xAF, 0x29, 0x56, 0xFC, + 0x77, 0xCE, 0x8B, 0x6C, 0xD7, 0xC3, 0x46, 0x5C, 0x80, 0x79, 0x42, 0x26, + 0x57, 0x7E, 0xC9, 0xB5, 0xFC, 0xF2, 0x4F, 0x2C, 0xD4, 0x0F, 0x72, 0x08, + 0xC6, 0x9E, 0x50, 0xA8, 0xD2, 0x33, 0x66, 0x51, 0x3C, 0xE6, 0xE4, 0x5E, + 0x7F, 0xBF, 0x10, 0xBB, 0x80, 0xFF, 0x05, 0x43, 0x15, 0xC2, 0x13, 0xD1, + 0xCC, 0x91, 0x78, 0x9E, 0xDD, 0x1B, 0x00, 0xDE, 0x02, 0xAF, 0x2A, 0x75, + 0x25, 0x26, 0x2D, 0x41, 0x7B, 0x0B, 0x3A, 0xB9, 0xD1, 0x2D, 0xB5, 0xFE, + 0x68, 0x33, 0xAF, 0x67, 0xE3, 0xE4, 0x5F, 0x2E, 0x64, 0x1E, 0x8C, 0x2B, + 0x86, 0xB1, 0x69, 0xA3, 0x8D, 0xA6, 0x65, 0x01, 0x78, 0xC2, 0xD4, 0xE8, + 0xA9, 0x33, 0xFE, 0x91, 0x5A, 0x85, 0xC4, 0x09, 0x5F, 0x0D, 0x9A, 0x92, + 0x97, 0xCE, 0x9D, 0xAD, 0x62, 0x35, 0x23, 0x36, 0xF3, 0x8D, 0x21, 0x6D, + 0x7D, 0x82, 0xAB, 0x36, 0x99, 0x4A, 0x85, 0x6C, 0xB6, 0x5E, 0xC6, 0xCB, + 0xED, 0x1B, 0x0F, 0x48, 0x16, 0x03, 0x4D, 0x29, 0x21, 0xDA, 0x5E, 0xFA, + 0x49, 0x81, 0xA7, 0xB4, 0xDC, 0x39, 0x1B, 0x3D, 0xA8, 0xEB, 0x10, 0x25, + 0x47, 0x35, 0xA6, 0x8C, 0x3C, 0xD3, 0x73, 0xA1, 0x10, 0xD7, 0xA7, 0x11, + 0xD6, 0xB3, 0xD2, 0x50, 0xBA, 0xF0, 0x6E, 0x82, 0x07, 0xB0, 0x77, 0x75, + 0x0A, 0x35, 0xC6, 0xE8, 0xE5, 0xC3, 0x37, 0x2A, 0xDF, 0x78, 0xCB, 0x1C, + 0x3D, 0x3A, 0x6D, 0xA6, 0xC8, 0x62, 0x81, 0xAE, 0xD8, 0xC6, 0x4D, 0xA2, + 0xD8, 0x93, 0x21, 0xEC, 0xBD, 0x0A, 0x44, 0x08, 0xB6, 0x83, 0x19, 0x8E, + 0x61, 0x9E, 0xF1, 0x9C, 0xD2, 0x15, 0xB5, 0x7D, 0xF9, 0x05, 0xFD, 0xEC, + 0x23, 0x2D, 0xDD, 0x39, 0x45, 0xF2, 0x47, 0xAA, 0x65, 0x92, 0x31, 0x71, + 0x5A, 0x6D, 0x69, 0x6B, 0xAD, 0x49, 0xCC, 0xC1, 0x05, 0x92, 0x27, 0x8A, + 0xA5, 0x68, 0xD0, 0x6B, 0xC0, 0x8D, 0x80, 0x58, 0xE2, 0x7C, 0xED, 0xC9, + 0xF5, 0x0B, 0xE4, 0xAD, 0x30, 0x80, 0x99, 0x49, 0x79, 0x97, 0xDA, 0x98, + 0x5C, 0x6B, 0xC8, 0x40, 0xC2, 0x8C, 0x38, 0xF4, 0x0C, 0x44, 0xC7, 0x6E, + 0x95, 0xF7, 0x6C, 0x7E, 0x51, 0x43, 0xE8, 0xF0, 0x67, 0xA0, 0x76, 0xD3, + 0x0E, 0xD6, 0x30, 0x78, 0xF4, 0x57, 0x48, 0xC5, 0x0B, 0xB2, 0x13, 0x4C, + 0x91, 0xE3, 0x22, 0x82, 0xE3, 0xA1, 0x58, 0xD3, 0xCE, 0x32, 0x90, 0xE7, + 0x1E, 0xF0, 0x30, 0x87, 0x24, 0xAC, 0x51, 0xDC, 0xEB, 0x97, 0x9B, 0xCB, + 0xE9, 0xDB, 0xCF, 0x80, 0x0D, 0xB4, 0xF1, 0x91, 0xB8, 0x8C, 0x2A, 0x24, + 0x6C, 0xED, 0x75, 0x8A, 0xCC, 0x66, 0x32, 0x43, 0x70, 0xFA, 0x41, 0x27, + 0xC7, 0xF7, 0x22, 0x45, 0x08, 0x8D, 0xD5, 0xFD, 0xC8, 0xC4, 0x3E, 0xC4, + 0xAC, 0xA4, 0x4C, 0x19, 0xA1, 0x02, 0x47, 0x12, 0x86, 0xB0, 0xD4, 0x25, + 0x40, 0x18, 0xC3, 0xCC, 0x4B, 0x0A, 0x11, 0x8F, 0xFA, 0xE9, 0x95, 0xFB, + 0x65, 0x68, 0x2A, 0xD8, 0x22, 0x57, 0x26, 0xBA, 0x3E, 0x10, 0xEE, 0xE5, + 0x6A, 0x19, 0x48, 0x8B, 0xA4, 0xA6, 0x7C, 0xF9, 0xD8, 0x47, 0x11, 0x9A, + 0xD1, 0xDC, 0xC6, 0xF1, 0x4B, 0x7F, 0xE4, 0xE4, 0x3E, 0x13, 0x68, 0x50, + 0x58, 0x43, 0x3D, 0xF1, 0xD8, 0x0C, 0xC8, 0xE3 + }; + static unsigned char dh4096_g[] = { + 0x02 + }; + DH *dh; + + if ((dh = DH_new()) == NULL) + return NULL; + dh->p = BN_bin2bn(dh4096_p, sizeof(dh4096_p), NULL); + dh->g = BN_bin2bn(dh4096_g, sizeof(dh4096_g), NULL); + if ((dh->p == NULL) || (dh->g == NULL)) { + DH_free(dh); + return NULL; + } + return dh; +} + +static DH * +get_dh5120(void) +{ + static unsigned char dh5120_p[] = { + 0xCF, 0x00, 0xAB, 0x2D, 0x52, 0x74, 0x89, 0xF1, 0xE0, 0x81, 0xBE, 0x94, + 0xCB, 0x31, 0x2B, 0x65, 0x89, 0xC1, 0x26, 0xE8, 0x91, 0x17, 0x0E, 0xCC, + 0x14, 0x68, 0xA6, 0x01, 0x21, 0xBA, 0xF2, 0x2B, 0x25, 0x38, 0xFC, 0x70, + 0x60, 0x3D, 0xDB, 0xD8, 0x36, 0x5A, 0x74, 0x1A, 0x83, 0xA2, 0xE2, 0x18, + 0xD9, 0xCD, 0x90, 0x66, 0x41, 0xAB, 0x78, 0x24, 0x21, 0x58, 0x75, 0xB2, + 0xA1, 0x16, 0x76, 0xCB, 0x00, 0xA2, 0x72, 0x8F, 0xFC, 0xC3, 0x10, 0x60, + 0x8E, 0x26, 0xEF, 0xFF, 0x26, 0xA5, 0xF6, 0xEE, 0x25, 0x2E, 0x7A, 0x11, + 0xEA, 0xA3, 0x02, 0x47, 0x07, 0xBA, 0xC4, 0x2C, 0x7E, 0x58, 0xEF, 0x5C, + 0x92, 0xFD, 0xD8, 0xBC, 0x11, 0x5A, 0x2D, 0xDD, 0x07, 0xD3, 0xA1, 0x06, + 0x2A, 0xB3, 0xB1, 0x73, 0x37, 0x79, 0xC8, 0xBE, 0xA6, 0xC8, 0x80, 0x79, + 0xDB, 0xD4, 0x2F, 0x1F, 0x83, 0x12, 0xC4, 0x5C, 0xC1, 0x77, 0x2E, 0x60, + 0xB0, 0x50, 0x5C, 0xDE, 0x90, 0x57, 0x56, 0x4F, 0x35, 0xFA, 0x4F, 0x23, + 0x06, 0xF0, 0x0E, 0x21, 0x68, 0x93, 0xF0, 0xD3, 0xF0, 0xB3, 0xDE, 0xE5, + 0xA8, 0xBD, 0x1B, 0x32, 0x4F, 0x54, 0x01, 0x48, 0x60, 0xD0, 0xAB, 0x64, + 0xF0, 0xD8, 0xBD, 0x0A, 0xC7, 0xFE, 0x24, 0x3E, 0x55, 0x34, 0x7F, 0x9D, + 0x34, 0xF5, 0x39, 0x38, 0x47, 0x12, 0x65, 0x20, 0xA3, 0xFF, 0x8C, 0x6D, + 0x8E, 0x47, 0xB4, 0x71, 0xA0, 0xBB, 0x16, 0xD8, 0x69, 0xF6, 0xDF, 0x77, + 0x6F, 0x19, 0x30, 0xAA, 0xE6, 0x7F, 0x4E, 0x4E, 0x0D, 0xEE, 0xA6, 0xC8, + 0xF9, 0xF6, 0xBE, 0xF8, 0x93, 0x7E, 0xC9, 0xF5, 0x3D, 0x20, 0x32, 0x0C, + 0x8C, 0x33, 0x22, 0x77, 0x4D, 0x7C, 0xB3, 0x48, 0x8A, 0xF8, 0x42, 0x06, + 0x8F, 0x2D, 0x9D, 0x91, 0xAA, 0x43, 0xBB, 0x32, 0x3A, 0xF8, 0xBB, 0xAA, + 0xE3, 0x46, 0xB8, 0x0D, 0xD8, 0xD5, 0xE9, 0x74, 0xE5, 0x17, 0x0A, 0x54, + 0x8A, 0x82, 0xB1, 0x29, 0xE5, 0xEB, 0x16, 0xB2, 0x5C, 0xD3, 0xC2, 0x5B, + 0xF7, 0xFC, 0x70, 0x2E, 0x25, 0x12, 0x96, 0x2A, 0x81, 0xAF, 0x79, 0x76, + 0x89, 0x31, 0x3F, 0x34, 0x7E, 0xD4, 0x3E, 0xDD, 0xB7, 0x0C, 0x95, 0xD5, + 0xAE, 0x61, 0x69, 0xEF, 0xF9, 0x37, 0xA6, 0x77, 0xBF, 0xA6, 0x6D, 0x4C, + 0xB4, 0xD0, 0x56, 0xA6, 0x5D, 0x71, 0xDB, 0x65, 0x79, 0xE6, 0x4D, 0x22, + 0x8C, 0x28, 0x39, 0x7C, 0xC5, 0x24, 0x86, 0x1A, 0x98, 0xCC, 0x62, 0x71, + 0x03, 0x10, 0x42, 0x3B, 0x14, 0xB4, 0xEB, 0xC7, 0xFD, 0xF6, 0xEE, 0xE7, + 0x56, 0x43, 0x02, 0x53, 0x5D, 0xD1, 0x89, 0x44, 0xD6, 0x8F, 0xC5, 0x63, + 0x82, 0x60, 0xD8, 0xCC, 0x6A, 0xFC, 0x0E, 0x98, 0xA7, 0x4E, 0xF1, 0x22, + 0xDC, 0xD9, 0x9B, 0x3C, 0xF5, 0x08, 0xAB, 0x1E, 0x05, 0x92, 0x66, 0xE6, + 0x8A, 0xDC, 0x90, 0x98, 0x2B, 0x64, 0x5C, 0x45, 0x4D, 0x1E, 0x93, 0xF1, + 0x22, 0xD1, 0x42, 0x86, 0xAF, 0x1C, 0x7C, 0x17, 0xE7, 0xC0, 0x78, 0x63, + 0x57, 0x99, 0xF9, 0x0E, 0xC8, 0xA9, 0xBF, 0x85, 0xB1, 0xA4, 0xE8, 0x8E, + 0x1F, 0xD9, 0x73, 0xEC, 0xD1, 0x54, 0x70, 0x86, 0x78, 0xA2, 0x10, 0x85, + 0x7F, 0xB3, 0x26, 0xED, 0x21, 0x6F, 0xAD, 0xD5, 0xFC, 0x99, 0x16, 0x8D, + 0xE2, 0x80, 0x98, 0x35, 0xF0, 0xF6, 0x33, 0x2E, 0x4D, 0x7B, 0x5B, 0x58, + 0xBC, 0x1F, 0xBE, 0x94, 0x90, 0xD2, 0xE7, 0x0A, 0x6C, 0x4F, 0xD5, 0xE9, + 0x8B, 0x6C, 0x74, 0x90, 0x2E, 0xE2, 0xE2, 0x6A, 0xC0, 0x4A, 0x08, 0xA4, + 0x3C, 0x3D, 0xF9, 0x1C, 0xF0, 0x2F, 0xA0, 0x44, 0x68, 0xE6, 0x0F, 0x9F, + 0xCF, 0x26, 0xDF, 0xA5, 0xA7, 0x87, 0x51, 0x90, 0x1A, 0xB4, 0x9A, 0x72, + 0xC9, 0x56, 0x99, 0xB7, 0x42, 0x97, 0xA7, 0xEC, 0x21, 0x36, 0x9A, 0x16, + 0xFC, 0xDE, 0xED, 0x04, 0x15, 0x9A, 0xBA, 0x86, 0x68, 0xF9, 0x69, 0x23, + 0xA2, 0xC2, 0x07, 0x2E, 0xAF, 0xEF, 0x05, 0x26, 0xAA, 0x1D, 0x26, 0xDF, + 0x6B, 0x61, 0x6E, 0xFE, 0xF7, 0x4B, 0xA1, 0xDD, 0xA6, 0x51, 0x3C, 0x1F, + 0xF2, 0x56, 0xCB, 0x50, 0xA8, 0x7C, 0xA4, 0x0B, 0x98, 0x32, 0xCC, 0xA8, + 0x85, 0xB6, 0x33, 0x4F, 0xF2, 0x63, 0x45, 0xF3, 0x25, 0xA2, 0x50, 0x55, + 0x12, 0x76, 0xC9, 0x49, 0x5B, 0xE5, 0x51, 0xB7, 0x50, 0x2D, 0x32, 0xC2, + 0x73, 0x33, 0x92, 0x3A, 0x69, 0x0A, 0x8B, 0xCD, 0xD0, 0x22, 0xB1, 0x11, + 0x82, 0x6A, 0xBF, 0xEA, 0xE6, 0x94, 0x21, 0x23, 0x7F, 0xA2, 0xE4, 0xE1, + 0xD8, 0x3F, 0x5B, 0xB8, 0xD5, 0xA4, 0xA5, 0xD0, 0x7F, 0xBD, 0xE7, 0x21, + 0x46, 0x83, 0x4E, 0x13, 0xE9, 0xB7, 0xE1, 0x78, 0x64, 0x5C, 0x60, 0x9A, + 0x68, 0x4C, 0x1E, 0x0B + }; + static unsigned char dh5120_g[] = { + 0x02 + }; + DH *dh; + + if ((dh = DH_new()) == NULL) + return NULL; + dh->p = BN_bin2bn(dh5120_p, sizeof(dh5120_p), NULL); + dh->g = BN_bin2bn(dh5120_g, sizeof(dh5120_g), NULL); + if ((dh->p == NULL) || (dh->g == NULL)) { + DH_free(dh); + return NULL; + } + return dh; +} + +static DH * +get_dh6144(void) +{ + static unsigned char dh6144_p[] = { + 0x90, 0x0F, 0x56, 0xB7, 0x4C, 0x52, 0x3D, 0xCC, 0x8E, 0xFB, 0x62, 0x00, + 0x22, 0x5D, 0x7B, 0xB3, 0x2D, 0xB2, 0x1A, 0x89, 0xC1, 0x92, 0x13, 0x9C, + 0xC2, 0x71, 0x6F, 0x81, 0xE7, 0xA8, 0x07, 0x01, 0x02, 0x46, 0xC6, 0x01, + 0xDF, 0xEF, 0x40, 0xBD, 0x83, 0xBB, 0x93, 0x2D, 0x54, 0x88, 0xAE, 0x9A, + 0xFD, 0x37, 0xEC, 0x58, 0x2E, 0x4F, 0x8A, 0x69, 0xB7, 0x2C, 0x03, 0xBF, + 0x38, 0x51, 0x29, 0x5E, 0xE2, 0x68, 0x1D, 0xA3, 0x40, 0x06, 0x68, 0x6B, + 0x02, 0x45, 0x9F, 0x0F, 0xEA, 0x6B, 0x5F, 0xEF, 0xAB, 0xB9, 0xD3, 0x14, + 0x83, 0x3C, 0xEC, 0xDA, 0xC4, 0x54, 0xEC, 0xDD, 0xF4, 0x91, 0xE0, 0xAB, + 0x64, 0xB5, 0xD7, 0xF8, 0x45, 0xCF, 0xB5, 0x01, 0x95, 0x40, 0x6D, 0xB1, + 0x71, 0x50, 0x3D, 0x8D, 0xB8, 0x35, 0x97, 0x1A, 0x5C, 0x50, 0xF7, 0x47, + 0x6A, 0x95, 0xC4, 0x07, 0x97, 0xB2, 0x97, 0x8A, 0x96, 0xCC, 0x79, 0x5E, + 0x44, 0x42, 0x2B, 0xBE, 0xBE, 0x4F, 0xC6, 0x29, 0xAE, 0xFB, 0x67, 0xA6, + 0x32, 0x8D, 0x5B, 0x7E, 0x13, 0x8A, 0x37, 0x14, 0xAE, 0x32, 0x97, 0xB9, + 0xF6, 0x2D, 0xAB, 0xD9, 0x03, 0x8A, 0xDF, 0x76, 0x02, 0x19, 0xD7, 0x99, + 0x89, 0x30, 0x7A, 0xFE, 0xB6, 0x30, 0x8B, 0x4D, 0xF6, 0x06, 0xC5, 0xCB, + 0x31, 0xE5, 0xA4, 0x45, 0xDF, 0xB6, 0x61, 0xBF, 0x6F, 0x22, 0xE3, 0xCD, + 0x44, 0x07, 0x82, 0xA1, 0xED, 0x45, 0xAE, 0x7A, 0xF3, 0x1E, 0x95, 0x8B, + 0x3A, 0xD4, 0x79, 0xD9, 0x23, 0x5B, 0x61, 0x91, 0x90, 0x84, 0x57, 0x28, + 0x45, 0x34, 0xE1, 0x66, 0x89, 0x8E, 0xB6, 0x14, 0x1B, 0xC5, 0xB9, 0x70, + 0xBC, 0x78, 0x19, 0x7F, 0xE7, 0x72, 0x5F, 0x82, 0x3A, 0x7C, 0x70, 0xED, + 0xCA, 0xD4, 0xEF, 0x90, 0xDC, 0x01, 0xD5, 0xCD, 0x5E, 0xF6, 0x22, 0x8E, + 0xF7, 0x0A, 0xC3, 0x5C, 0x4E, 0xBA, 0x21, 0x80, 0xCC, 0x97, 0xD4, 0xC2, + 0x0A, 0x68, 0x6F, 0x3D, 0xFB, 0xF6, 0x5A, 0xB7, 0x8D, 0xEC, 0x88, 0xDF, + 0x35, 0xCB, 0x56, 0xD6, 0x29, 0x95, 0x18, 0x6A, 0x0C, 0xA1, 0xAC, 0xFE, + 0x6D, 0xCA, 0x2A, 0x30, 0xD2, 0xC9, 0xA5, 0xC3, 0xC5, 0x89, 0x79, 0x96, + 0x3F, 0x7D, 0xBE, 0xC7, 0xB5, 0x39, 0xCC, 0x66, 0xD9, 0xFA, 0x3B, 0x34, + 0xFC, 0xB5, 0xC8, 0xCD, 0x4A, 0x23, 0x45, 0x52, 0x0D, 0xC0, 0x3C, 0xC2, + 0xE1, 0x65, 0xCE, 0xDF, 0x1A, 0x9F, 0x3C, 0xAE, 0x3D, 0xC0, 0xCE, 0x4A, + 0x71, 0xBB, 0xCB, 0xD3, 0x97, 0xD6, 0x8A, 0x7B, 0xE6, 0x39, 0x3A, 0xA4, + 0x92, 0x56, 0x9E, 0x30, 0x8B, 0x28, 0x5A, 0x98, 0x5F, 0xCE, 0x4D, 0xF4, + 0xA9, 0x88, 0xC4, 0xFA, 0xE3, 0xA0, 0x17, 0x01, 0xF3, 0xCB, 0x71, 0xAC, + 0x45, 0x53, 0x8D, 0xF9, 0xDE, 0xB3, 0x8F, 0x03, 0xC1, 0xD2, 0x5E, 0x58, + 0xEA, 0xC5, 0x8C, 0x5F, 0x25, 0x90, 0xCB, 0x12, 0x85, 0x94, 0x19, 0x6D, + 0x2F, 0x61, 0x6D, 0x93, 0x09, 0x10, 0x59, 0x82, 0xBC, 0x4A, 0xBF, 0x18, + 0x64, 0x1B, 0x0A, 0x5E, 0x65, 0xA4, 0xA8, 0x39, 0xA9, 0xC6, 0xA5, 0xC6, + 0xE5, 0xF4, 0x95, 0x3E, 0xF0, 0x95, 0x10, 0x6F, 0xB8, 0x49, 0xE4, 0x1A, + 0x69, 0xA7, 0x5C, 0x32, 0x33, 0x79, 0xFF, 0xDD, 0xC2, 0x64, 0x74, 0x23, + 0xC1, 0x36, 0x5D, 0x27, 0xE4, 0xAE, 0x89, 0x2C, 0x7B, 0x12, 0xB1, 0xBE, + 0x5F, 0x02, 0x37, 0x1F, 0x6B, 0x40, 0x9C, 0x8E, 0xB1, 0xE6, 0x9F, 0x9A, + 0x57, 0x61, 0x3F, 0x47, 0xC6, 0xA2, 0x5F, 0x50, 0xF7, 0x25, 0x67, 0xE2, + 0xC7, 0x77, 0xF8, 0xC6, 0x88, 0x7C, 0x39, 0x6E, 0xF5, 0xE8, 0x05, 0x51, + 0xB9, 0x44, 0x5D, 0x70, 0x15, 0xD3, 0x9B, 0xC7, 0x4D, 0xA9, 0x62, 0x4B, + 0x36, 0xA4, 0x9A, 0xC6, 0x23, 0x36, 0xA2, 0xED, 0xA2, 0xA5, 0x19, 0x0F, + 0xF4, 0x20, 0xD8, 0x54, 0xDF, 0x20, 0x3F, 0x37, 0x6D, 0x3B, 0x50, 0xD0, + 0xBE, 0xEF, 0x58, 0x6D, 0x2B, 0xE5, 0xB4, 0xE4, 0x2F, 0xC6, 0xBE, 0xAF, + 0xB6, 0x2D, 0x6E, 0x3C, 0x00, 0x9B, 0xA9, 0xC9, 0x38, 0x7A, 0xC5, 0x2A, + 0xD3, 0x96, 0x20, 0x1E, 0x48, 0x5E, 0xFB, 0xE2, 0x67, 0x06, 0xF8, 0xC4, + 0x6B, 0xE8, 0x3E, 0x92, 0x5A, 0x90, 0x49, 0xF3, 0x89, 0xFA, 0x2F, 0x10, + 0xE2, 0xDB, 0xF0, 0xAC, 0x81, 0x80, 0xEF, 0x6E, 0xBE, 0x35, 0x15, 0x4A, + 0xCC, 0x4E, 0x8D, 0xB7, 0x15, 0x38, 0x03, 0x80, 0x6F, 0x51, 0x14, 0x92, + 0x0E, 0x9F, 0xF6, 0x7B, 0x22, 0x19, 0x27, 0x5C, 0xCB, 0x4D, 0xB9, 0x36, + 0x1E, 0x02, 0x89, 0xDA, 0x92, 0x29, 0x88, 0xEE, 0xE0, 0x9B, 0x69, 0xE2, + 0x44, 0x4C, 0x3C, 0x57, 0x00, 0x66, 0x97, 0x88, 0x7C, 0x84, 0xC7, 0xE7, + 0xE6, 0x1E, 0x3A, 0x2B, 0x54, 0x7F, 0xF0, 0xA1, 0x9A, 0x53, 0xA1, 0x24, + 0xE1, 0x58, 0xB9, 0x0D, 0xAC, 0x9B, 0xD8, 0x34, 0x2F, 0xBE, 0x33, 0x4B, + 0x9E, 0x16, 0x5A, 0x97, 0xB0, 0x7A, 0x47, 0x5E, 0xF9, 0xF8, 0x24, 0x0C, + 0x4D, 0x6B, 0x88, 0x07, 0x6E, 0x7D, 0x7D, 0x50, 0xCA, 0x1C, 0x87, 0x31, + 0xB4, 0xF9, 0x40, 0xA6, 0x31, 0x9F, 0x67, 0x3C, 0x2B, 0x83, 0x3C, 0x33, + 0xFB, 0x58, 0x17, 0x1E, 0xCE, 0x08, 0xBB, 0x07, 0x53, 0x0F, 0xE3, 0x54, + 0xA6, 0x09, 0x2E, 0x22, 0x4A, 0x29, 0xB2, 0x1F, 0x0E, 0x10, 0x15, 0x18, + 0x01, 0x20, 0x86, 0x33, 0x6B, 0x8F, 0x3E, 0x5E, 0x2F, 0x16, 0x3A, 0x42, + 0x63, 0x05, 0xE9, 0x35, 0xB7, 0x53, 0x70, 0x63, 0xDA, 0x7C, 0xD4, 0x32, + 0xFA, 0xF7, 0x4E, 0x84, 0x49, 0xA3, 0xD8, 0x4E, 0xB5, 0x88, 0x29, 0xF5, + 0x9C, 0x9E, 0x2C, 0x4D, 0x11, 0xB8, 0x13, 0xEB, 0x7B, 0xC2, 0x4D, 0x83 + }; + static unsigned char dh6144_g[] = { + 0x02 + }; + DH *dh; + + if ((dh = DH_new()) == NULL) + return NULL; + dh->p = BN_bin2bn(dh6144_p, sizeof(dh6144_p), NULL); + dh->g = BN_bin2bn(dh6144_g, sizeof(dh6144_g), NULL); + if ((dh->p == NULL) || (dh->g == NULL)) { + DH_free(dh); + return NULL; + } + return dh; +} + +static DH * +get_dh7168(void) +{ + static unsigned char dh7168_p[] = { + 0xB0, 0x7E, 0xEE, 0x86, 0xE0, 0xCB, 0x4C, 0xC2, 0x60, 0x80, 0x11, 0xC3, + 0x7B, 0x34, 0x39, 0x81, 0x96, 0xCF, 0x51, 0x87, 0x7A, 0x0D, 0xEB, 0x6F, + 0xAD, 0x02, 0x7C, 0xFE, 0xA3, 0xA7, 0xB1, 0xC6, 0xEF, 0xAA, 0x72, 0x2C, + 0xC9, 0x83, 0x33, 0xF2, 0xFD, 0xEB, 0x5B, 0x20, 0xAC, 0x44, 0x26, 0x78, + 0x54, 0x7D, 0xC1, 0x0A, 0x66, 0x21, 0x97, 0xD2, 0x72, 0xFF, 0x35, 0x92, + 0x9D, 0x57, 0x9D, 0x6E, 0xA3, 0x7C, 0x1A, 0x93, 0x6A, 0xD4, 0x77, 0x0E, + 0x90, 0x53, 0x3F, 0xE6, 0x2F, 0x4C, 0x3E, 0x5F, 0xD0, 0xF4, 0xE2, 0x98, + 0x33, 0x5B, 0x1C, 0xF1, 0x1B, 0x87, 0xF1, 0x71, 0x44, 0x95, 0xA6, 0xE6, + 0x5E, 0xF1, 0xB7, 0xDA, 0x79, 0x87, 0xB5, 0xCA, 0x56, 0x7D, 0xC0, 0x9E, + 0x4E, 0xDA, 0xDD, 0xE9, 0xF4, 0xAB, 0x40, 0xC6, 0x05, 0x87, 0xBA, 0x54, + 0xBE, 0x74, 0x6A, 0x42, 0x9C, 0xA8, 0xE0, 0xF3, 0xBC, 0x7E, 0x43, 0x4C, + 0xC5, 0x10, 0x49, 0x95, 0x0C, 0x97, 0x57, 0x59, 0xBD, 0x9D, 0xFF, 0x0C, + 0x9C, 0x8A, 0x45, 0xC9, 0x2F, 0x7A, 0xB3, 0xB5, 0x29, 0x38, 0xA3, 0x0B, + 0xE4, 0xE2, 0x88, 0x3B, 0x28, 0xCF, 0x8D, 0x4E, 0x1A, 0x3E, 0x44, 0x23, + 0x06, 0x4C, 0xAF, 0x12, 0x6A, 0x8F, 0xB8, 0xF7, 0x47, 0xB9, 0x25, 0xCD, + 0xBA, 0xE7, 0x05, 0xF9, 0xCB, 0x9F, 0xC9, 0xB8, 0x35, 0x0F, 0xCD, 0x43, + 0xB7, 0x5F, 0x51, 0x01, 0x95, 0x6E, 0x94, 0xC2, 0xF2, 0xE7, 0x2B, 0x39, + 0xF8, 0x9E, 0x86, 0x68, 0x11, 0xD4, 0x5C, 0x6F, 0x1A, 0x4C, 0xC9, 0xF2, + 0xBC, 0xE7, 0xEF, 0xB6, 0xEE, 0x40, 0xF8, 0xB1, 0x0B, 0xE8, 0xD7, 0x72, + 0x5A, 0xA7, 0xDA, 0xB9, 0x22, 0x23, 0xFF, 0x96, 0x7A, 0xCA, 0xF8, 0x43, + 0x53, 0xEA, 0x21, 0x69, 0x7E, 0xEF, 0x1A, 0x88, 0x04, 0x33, 0x4D, 0xF6, + 0x3F, 0x2B, 0x64, 0x3B, 0x40, 0x4F, 0x3D, 0x71, 0xFB, 0x0C, 0xB7, 0x51, + 0x90, 0x3B, 0x7B, 0x72, 0x03, 0xCD, 0xE0, 0x7D, 0xC4, 0x3F, 0x6A, 0x3A, + 0x15, 0x5F, 0xC8, 0x5C, 0xBF, 0x9A, 0x5D, 0xE6, 0xED, 0x56, 0xC6, 0xBC, + 0x4D, 0xE5, 0x72, 0x80, 0x90, 0xDB, 0x9D, 0x7B, 0x4F, 0x14, 0xD4, 0xC0, + 0x36, 0xB7, 0x35, 0xA7, 0xA9, 0xCE, 0x2F, 0xCD, 0xC3, 0xAB, 0x8C, 0xC1, + 0x7C, 0x3E, 0x6A, 0x8D, 0xF8, 0xC3, 0x6A, 0xFA, 0x99, 0xEA, 0x8D, 0xF5, + 0x6E, 0xA8, 0xB1, 0xED, 0x29, 0x17, 0x36, 0x06, 0xD0, 0xF3, 0x60, 0x0C, + 0x84, 0x54, 0x0A, 0x16, 0x53, 0x9D, 0xE7, 0x8E, 0x37, 0x77, 0xE5, 0x81, + 0xAC, 0x19, 0x6A, 0x53, 0xDD, 0xBE, 0x5B, 0x9E, 0x40, 0x5C, 0x4E, 0xCF, + 0x7E, 0x13, 0x28, 0xDC, 0xE3, 0x17, 0x68, 0x71, 0xA8, 0x43, 0x03, 0x87, + 0x01, 0xB3, 0x15, 0x0C, 0xE9, 0x5C, 0x12, 0x48, 0xBE, 0x72, 0xFE, 0x75, + 0x38, 0x3E, 0x5E, 0x0B, 0x47, 0x1C, 0x0A, 0x49, 0x6F, 0xD5, 0x7E, 0xAE, + 0x98, 0x45, 0xF6, 0xD8, 0x32, 0xF0, 0x43, 0x8B, 0xF6, 0x02, 0xD8, 0x24, + 0x0E, 0xF6, 0xE7, 0xE7, 0x47, 0x36, 0x55, 0x57, 0x43, 0x60, 0x03, 0x4E, + 0x59, 0xA2, 0x46, 0xA0, 0xF0, 0x1D, 0xD6, 0x65, 0x67, 0xE2, 0x1F, 0x39, + 0x61, 0x3D, 0xB4, 0x46, 0x5E, 0x34, 0x6D, 0xA1, 0x3A, 0x68, 0x50, 0x44, + 0x68, 0xF2, 0xAA, 0xAD, 0xAE, 0x35, 0x95, 0xA6, 0xE9, 0xD8, 0x44, 0xC7, + 0x23, 0x3A, 0x74, 0x81, 0x68, 0x90, 0xC1, 0xE8, 0xA3, 0x5E, 0x65, 0x2F, + 0xAC, 0x9B, 0x70, 0xD9, 0xDE, 0xD1, 0xF7, 0xEC, 0x27, 0x4C, 0x29, 0xCE, + 0xE1, 0xA4, 0xDC, 0x4A, 0xE4, 0x65, 0x81, 0x8E, 0x14, 0xF7, 0x2E, 0x20, + 0x44, 0x7B, 0x5A, 0x7C, 0x45, 0x2D, 0x54, 0x61, 0xFF, 0x69, 0x56, 0x0E, + 0xBF, 0x2C, 0x05, 0x6C, 0xDF, 0x65, 0x5E, 0xFB, 0x88, 0x64, 0x83, 0x81, + 0x6C, 0xD2, 0x5B, 0x04, 0x37, 0x78, 0x5C, 0xA2, 0x66, 0x5D, 0x5D, 0x90, + 0x9A, 0x6C, 0x4E, 0x25, 0x06, 0x6E, 0xF0, 0x82, 0x97, 0xC6, 0x6F, 0x5F, + 0x77, 0xFB, 0x0F, 0x88, 0x53, 0x35, 0x59, 0xF9, 0x5C, 0x51, 0x3B, 0xA3, + 0xCB, 0xE5, 0xFA, 0xC1, 0xA0, 0x28, 0x90, 0x62, 0xC6, 0x5F, 0x62, 0x85, + 0x27, 0x00, 0xE8, 0x45, 0xC8, 0x13, 0x4C, 0xAA, 0x5D, 0x4A, 0x91, 0x54, + 0xFC, 0x7D, 0x8F, 0x1C, 0xD3, 0xB2, 0x86, 0x21, 0x5A, 0x53, 0x7B, 0x3E, + 0xBC, 0x81, 0x57, 0x37, 0x1D, 0x4F, 0x5C, 0xEB, 0xFC, 0xE0, 0x7D, 0x5A, + 0x05, 0x0C, 0x92, 0x5E, 0xEA, 0x2B, 0x0C, 0xF4, 0x74, 0xE1, 0x9F, 0x33, + 0xCF, 0xE6, 0xE6, 0x77, 0x61, 0x40, 0x69, 0x28, 0x36, 0x9F, 0x12, 0xBB, + 0xDF, 0xE3, 0xDB, 0xDB, 0x4C, 0xD4, 0xA6, 0x23, 0x28, 0x33, 0xFB, 0x3F, + 0x5A, 0x4F, 0xDA, 0xEF, 0x8B, 0xC6, 0xD7, 0x89, 0x84, 0x96, 0xDD, 0x8D, + 0x08, 0x96, 0x50, 0x3A, 0xDA, 0x3D, 0xC9, 0x57, 0xA6, 0xBD, 0xF4, 0x84, + 0x4D, 0x3F, 0xEF, 0xA6, 0xA1, 0xE7, 0x6C, 0xCD, 0x16, 0x54, 0xFC, 0x61, + 0x09, 0xB1, 0xF6, 0x0A, 0x39, 0x94, 0xCD, 0x9F, 0x6D, 0x7A, 0x5D, 0x3B, + 0x35, 0x56, 0x0B, 0x44, 0xC0, 0xF0, 0xB5, 0x20, 0x38, 0x8F, 0x57, 0xDD, + 0x2B, 0x2A, 0xAA, 0x52, 0x40, 0xF5, 0x7B, 0xA9, 0x70, 0xD8, 0x14, 0x96, + 0x7D, 0x47, 0x9D, 0xD0, 0x38, 0xA5, 0xA6, 0x71, 0x31, 0x57, 0x70, 0x42, + 0x79, 0x02, 0xCE, 0xFB, 0xA0, 0x3F, 0xB5, 0x20, 0x92, 0x7D, 0x7B, 0x27, + 0x51, 0xCE, 0x7F, 0xD1, 0x96, 0x59, 0x08, 0xC9, 0x3A, 0x2A, 0xFC, 0x03, + 0x37, 0x9E, 0x79, 0xE9, 0x0C, 0x0A, 0xAB, 0xF0, 0x49, 0x60, 0x29, 0xB7, + 0x1A, 0xC6, 0x34, 0x15, 0x90, 0xFA, 0x5A, 0x4C, 0xD7, 0xC2, 0xF7, 0x74, + 0xD5, 0x29, 0xE2, 0x06, 0x75, 0x2A, 0x8E, 0x8F, 0x4D, 0x82, 0x61, 0x47, + 0x77, 0x86, 0x2A, 0x04, 0x6B, 0x64, 0x2E, 0x55, 0xFD, 0xC2, 0xE6, 0xBF, + 0xBB, 0x85, 0x11, 0xE8, 0x13, 0xC5, 0x9B, 0xB6, 0x4C, 0x4A, 0x84, 0x3D, + 0x6E, 0x15, 0xA0, 0x15, 0x2D, 0xE6, 0x9F, 0x8E, 0xA6, 0x81, 0x81, 0x99, + 0xD9, 0xAC, 0x17, 0x5D, 0xA5, 0x0F, 0x06, 0x70, 0x4E, 0xCD, 0xBE, 0x70, + 0x69, 0xEE, 0xCD, 0x37, 0x8A, 0x7F, 0x9E, 0xF6, 0xF8, 0x01, 0x61, 0xD5, + 0xA9, 0xE8, 0x9B, 0xFF, 0x59, 0x33, 0xDF, 0xFE, 0x02, 0xEF, 0x0B, 0xCF, + 0x86, 0xA2, 0xCB, 0x9B, 0xB6, 0x8A, 0xA9, 0x55, 0xC3, 0xB1, 0x8D, 0xC4, + 0x5E, 0xB2, 0x0B, 0x55, 0xF8, 0x05, 0x8F, 0x7D, 0xD3, 0x6A, 0xD6, 0xDC, + 0x74, 0xD7, 0xAF, 0x3D, 0xD1, 0x0C, 0x73, 0x3E, 0x50, 0x9C, 0x37, 0x60, + 0xF6, 0x9C, 0x59, 0xC3, 0x9B, 0x66, 0xB8, 0x83 + }; + static unsigned char dh7168_g[] = { + 0x02 + }; + DH *dh; + + if ((dh = DH_new()) == NULL) + return NULL; + dh->p = BN_bin2bn(dh7168_p, sizeof(dh7168_p), NULL); + dh->g = BN_bin2bn(dh7168_g, sizeof(dh7168_g), NULL); + if ((dh->p == NULL) || (dh->g == NULL)) { + DH_free(dh); + return NULL; + } + return dh; +} + +static DH * +get_dh8192(void) +{ + static unsigned char dh8192_p[] = { + 0xDB, 0x93, 0x3A, 0x69, 0xB3, 0x08, 0x2D, 0x30, 0x26, 0x98, 0x13, 0xB0, + 0xEB, 0x51, 0x8D, 0x5C, 0x67, 0x38, 0x18, 0xA6, 0x93, 0x7E, 0x9D, 0x4A, + 0x07, 0xA6, 0xBC, 0x79, 0x06, 0xB2, 0x1F, 0x77, 0xBF, 0x89, 0xB7, 0x08, + 0xC5, 0xB9, 0x12, 0xEF, 0x57, 0x01, 0x7B, 0xB3, 0x99, 0xCE, 0xA9, 0x80, + 0xDE, 0x8C, 0xCC, 0x64, 0x3C, 0x7F, 0x68, 0x53, 0x36, 0x3C, 0x33, 0xDA, + 0x8E, 0xF1, 0x41, 0xAB, 0x68, 0xC1, 0xB3, 0x03, 0x98, 0xB9, 0xC8, 0x36, + 0x8F, 0x1B, 0xBF, 0x4D, 0x3E, 0x9E, 0x8D, 0xA9, 0x78, 0x8E, 0x11, 0x56, + 0x9F, 0x9A, 0x40, 0x09, 0x5C, 0x7A, 0xB5, 0xCE, 0xE3, 0x0F, 0xA0, 0x1A, + 0x4C, 0xCF, 0x32, 0x1A, 0xDB, 0xC4, 0x70, 0x6E, 0x52, 0xCC, 0x92, 0x55, + 0xC1, 0x90, 0x45, 0x79, 0x8E, 0xA8, 0xE1, 0x86, 0x6A, 0xB3, 0xD4, 0xA6, + 0x08, 0x13, 0x74, 0x03, 0x80, 0x4E, 0x29, 0xA9, 0x96, 0x79, 0x26, 0x08, + 0x6B, 0x43, 0x72, 0xC8, 0x22, 0x66, 0x53, 0x9F, 0xFF, 0x27, 0xAC, 0xF8, + 0x7C, 0xBE, 0xAF, 0x7A, 0xA4, 0xB5, 0xEA, 0x6D, 0x1B, 0xD2, 0xF1, 0xE2, + 0xC5, 0x41, 0x06, 0x59, 0xC4, 0x9E, 0xBE, 0x30, 0x4E, 0x39, 0x6D, 0xE0, + 0x8E, 0x33, 0x89, 0x39, 0xED, 0x8D, 0xCD, 0xC6, 0x72, 0x67, 0x8D, 0xF3, + 0x93, 0x0F, 0xD8, 0x49, 0x42, 0x70, 0x70, 0x7E, 0xA3, 0x7E, 0x6B, 0x7A, + 0x89, 0xAF, 0xF9, 0xCD, 0x0A, 0xC9, 0x2C, 0xB6, 0x28, 0x84, 0x57, 0x34, + 0x59, 0x60, 0xDE, 0x2F, 0x97, 0x6C, 0xFB, 0xCC, 0xED, 0xAA, 0x2D, 0x7A, + 0x80, 0x55, 0xC9, 0x46, 0xAE, 0x1E, 0xC4, 0x98, 0x0E, 0x68, 0x15, 0x7F, + 0x7C, 0xF6, 0x0F, 0xCB, 0x1C, 0x41, 0x2C, 0xD5, 0x9D, 0xD4, 0x19, 0x86, + 0x7E, 0xD0, 0xFF, 0x1C, 0x76, 0xCF, 0x8B, 0x3A, 0x17, 0x18, 0x2A, 0xBF, + 0x40, 0x4D, 0x33, 0x3E, 0x1A, 0xB3, 0xBD, 0x9E, 0xDF, 0x87, 0x1E, 0x19, + 0x34, 0x8D, 0x33, 0x57, 0x73, 0xA5, 0x08, 0x68, 0x12, 0x4F, 0x86, 0xB2, + 0xE3, 0x4B, 0x2D, 0xD9, 0xAF, 0x31, 0x2B, 0x6A, 0x4C, 0x2F, 0x6A, 0xB4, + 0x23, 0x13, 0xB1, 0x4E, 0x45, 0xCB, 0x68, 0x85, 0x6E, 0x79, 0xFB, 0xF3, + 0xA8, 0x24, 0x05, 0x87, 0x48, 0x69, 0xB9, 0x3D, 0x45, 0xEF, 0x65, 0x9E, + 0x3C, 0x48, 0x83, 0xAD, 0x3E, 0x9F, 0xDE, 0x86, 0x3F, 0x71, 0x41, 0x8A, + 0xF4, 0x19, 0xF2, 0x38, 0x53, 0x23, 0x82, 0xAC, 0xE1, 0x12, 0x1F, 0x74, + 0x97, 0x2B, 0x7D, 0xB6, 0xCF, 0x77, 0x2B, 0x61, 0x03, 0xAB, 0x0F, 0x0F, + 0x51, 0xBA, 0x88, 0x79, 0x18, 0x55, 0x04, 0xB6, 0xDD, 0x21, 0xC2, 0x11, + 0xDE, 0xA5, 0x32, 0xB4, 0xCD, 0xDA, 0x1C, 0xC1, 0x0E, 0xCF, 0x79, 0x2A, + 0xDE, 0x17, 0x5C, 0x64, 0xB6, 0xA2, 0x6D, 0xDF, 0x01, 0xD2, 0xE1, 0xA5, + 0xFC, 0xC0, 0x17, 0x9A, 0xB8, 0x57, 0xCB, 0x60, 0xE6, 0xD8, 0x6D, 0x74, + 0x59, 0xD5, 0xB5, 0x40, 0x40, 0x5E, 0x4B, 0xBD, 0xED, 0xE4, 0xCC, 0x29, + 0xDD, 0xA4, 0x97, 0xE4, 0x89, 0x00, 0x32, 0xB9, 0x8B, 0xDE, 0xF0, 0x9F, + 0xB6, 0x3F, 0xE4, 0xBF, 0x3D, 0x96, 0xB0, 0x45, 0x32, 0x08, 0x98, 0x57, + 0x7F, 0x79, 0x82, 0x67, 0xC3, 0x37, 0x63, 0xE5, 0xC7, 0x91, 0xD8, 0xF8, + 0x94, 0xD4, 0x4D, 0x8D, 0x88, 0x39, 0x36, 0x18, 0x17, 0xCB, 0x1D, 0x3E, + 0x9A, 0xB4, 0x67, 0xE3, 0xA2, 0xB0, 0x15, 0xD0, 0x06, 0x12, 0xDA, 0x8E, + 0x69, 0x55, 0xB8, 0xC2, 0x63, 0x92, 0xE7, 0xC2, 0xE3, 0x42, 0x21, 0x33, + 0x87, 0x42, 0xBC, 0xEF, 0x6D, 0x55, 0x8E, 0x84, 0x29, 0x2F, 0x3E, 0x92, + 0xB9, 0x29, 0x8D, 0x2E, 0x81, 0xE5, 0x91, 0x8A, 0xD2, 0x5F, 0xF4, 0x4D, + 0xC7, 0x16, 0x60, 0xB8, 0x4B, 0x16, 0x44, 0xC2, 0xC4, 0x38, 0x19, 0xD8, + 0x5D, 0x67, 0x57, 0x72, 0xD8, 0x51, 0xF4, 0x49, 0x92, 0x26, 0x38, 0x8C, + 0x5C, 0xC3, 0x26, 0xAC, 0x12, 0xC7, 0xBA, 0xA6, 0x44, 0xC1, 0xD5, 0x03, + 0x48, 0x5F, 0x57, 0x0F, 0x91, 0xD4, 0x2A, 0x75, 0x85, 0xBF, 0x87, 0x0D, + 0x04, 0xF5, 0xD1, 0x71, 0x0A, 0x92, 0x4E, 0xCE, 0x90, 0xE5, 0x44, 0xFA, + 0xE7, 0x8F, 0x2A, 0xA4, 0xD6, 0x75, 0x14, 0x4A, 0xED, 0xBB, 0xD5, 0x31, + 0x1C, 0x91, 0x93, 0x97, 0x12, 0x33, 0xB1, 0x26, 0xC2, 0xF0, 0x2C, 0xC9, + 0x74, 0xB8, 0xB8, 0xEA, 0x06, 0x84, 0x17, 0xC2, 0xAB, 0x08, 0x10, 0xC5, + 0xA7, 0x1A, 0xC4, 0xE1, 0x6C, 0xD3, 0x60, 0xD0, 0x9B, 0x6A, 0x8E, 0xC4, + 0x3D, 0x2A, 0xFB, 0xFC, 0x99, 0x46, 0x9A, 0x31, 0x3B, 0x71, 0xE4, 0x34, + 0xC4, 0xE6, 0xF3, 0x35, 0xD0, 0xDB, 0x5E, 0xD4, 0x62, 0x86, 0x0C, 0x34, + 0x68, 0xC3, 0xBE, 0x0B, 0xC8, 0xA2, 0x21, 0xCB, 0x22, 0x7A, 0x07, 0xD7, + 0x45, 0x92, 0x1E, 0x35, 0x9D, 0x35, 0x9B, 0x58, 0x76, 0x2C, 0x84, 0x2A, + 0x26, 0x1F, 0x84, 0xB9, 0x6D, 0xB6, 0xA0, 0xE0, 0x7F, 0x5E, 0x6D, 0xDD, + 0xE9, 0x5F, 0x5C, 0xCA, 0xA7, 0xB5, 0x88, 0x8F, 0x8C, 0x2F, 0xA3, 0x6B, + 0x0D, 0x2D, 0x09, 0xF0, 0x1F, 0xF6, 0x08, 0x2C, 0xC4, 0xE6, 0x29, 0x24, + 0xD1, 0x7D, 0xF5, 0xD9, 0x23, 0x26, 0xF2, 0x1E, 0x0C, 0xA5, 0x68, 0x10, + 0x3A, 0x42, 0xAE, 0xDE, 0x99, 0x7D, 0x36, 0x00, 0xA8, 0xB3, 0xAD, 0xD4, + 0xD6, 0x6B, 0x82, 0x82, 0x68, 0x91, 0x4A, 0x5D, 0xA1, 0xF1, 0x8D, 0x98, + 0x89, 0x7D, 0xAE, 0x64, 0xD7, 0x97, 0xBD, 0x94, 0xC7, 0xF1, 0x4D, 0x8F, + 0xFE, 0x34, 0xC9, 0xE0, 0x24, 0xE7, 0x6C, 0x61, 0x65, 0x92, 0xF7, 0xC7, + 0xCD, 0xF6, 0xE5, 0xE5, 0x32, 0x04, 0xCF, 0xBC, 0x5F, 0x22, 0xC6, 0x02, + 0x53, 0xAD, 0xE0, 0x8D, 0x3C, 0x79, 0x73, 0x15, 0x51, 0x26, 0x25, 0x9A, + 0x0B, 0x20, 0x4E, 0xD6, 0x4C, 0x89, 0xC4, 0xCD, 0x83, 0x0C, 0x1A, 0xDD, + 0xD3, 0x41, 0x7F, 0x40, 0x46, 0xCA, 0xB6, 0xDC, 0xE4, 0x01, 0x42, 0x33, + 0xC8, 0x12, 0x29, 0x2B, 0xE0, 0xB0, 0x25, 0x4B, 0x34, 0x56, 0x12, 0x3A, + 0x77, 0xF5, 0xE7, 0x1D, 0xCB, 0x85, 0xA2, 0xB4, 0x66, 0x9E, 0x0E, 0xAB, + 0x59, 0xCE, 0x67, 0x8C, 0x4A, 0x1B, 0x69, 0x63, 0x61, 0xB3, 0x27, 0xB6, + 0xA5, 0x98, 0x70, 0x7C, 0x72, 0x16, 0xEC, 0xC6, 0x0B, 0xB4, 0xEB, 0x5A, + 0x9E, 0x11, 0x0D, 0x15, 0x2B, 0x2F, 0x28, 0x0A, 0xE1, 0xA7, 0xA7, 0x94, + 0x14, 0xAB, 0xF0, 0x15, 0xF2, 0xEE, 0x54, 0x43, 0x75, 0x5F, 0xB2, 0x9F, + 0xD9, 0x27, 0xD6, 0xAF, 0x6A, 0x98, 0x7E, 0xC2, 0xD4, 0x8D, 0xD5, 0xF3, + 0x14, 0x51, 0x8A, 0x39, 0xD4, 0x29, 0x9D, 0xAB, 0xCA, 0x8A, 0x27, 0x40, + 0x23, 0xBE, 0x10, 0x0D, 0xB2, 0x9B, 0xB2, 0xEF, 0x2F, 0xC8, 0x5F, 0x04, + 0x08, 0xC7, 0x40, 0x89, 0x29, 0xDE, 0x54, 0xB9, 0xF8, 0x58, 0x0B, 0x9E, + 0xD3, 0x62, 0xFB, 0x9C, 0xD4, 0xA2, 0x4E, 0x7D, 0xCD, 0x4D, 0xBD, 0xBF, + 0xA4, 0x16, 0x1B, 0x96, 0x2D, 0xAF, 0x67, 0xA4, 0x73, 0xDB, 0x1B, 0xD7, + 0xE4, 0x8D, 0xB1, 0x7F, 0x53, 0xB8, 0x21, 0x87, 0xEF, 0x29, 0x41, 0x95, + 0x21, 0x9E, 0x6D, 0x21, 0x86, 0x1B, 0x20, 0xDB, 0x93, 0xD7, 0x70, 0x55, + 0x58, 0xBA, 0x6C, 0x94, 0x56, 0xE4, 0xAB, 0xA1, 0x8C, 0x8B, 0xE0, 0xAC, + 0x7F, 0x5D, 0xF1, 0xF9, 0x59, 0x30, 0xFE, 0xDD, 0x01, 0xE7, 0xF5, 0xD4, + 0x41, 0x4E, 0xF8, 0xC9, 0x3C, 0x86, 0x3D, 0x00, 0x1B, 0x12, 0xDD, 0xAB, + 0xA6, 0x7B, 0xAF, 0x84, 0x2E, 0x1A, 0x4C, 0xD6, 0x31, 0x1A, 0x57, 0x73, + 0xE3, 0x38, 0x54, 0x2B + }; + static unsigned char dh8192_g[] = { + 0x02 + }; + DH *dh; + + if ((dh = DH_new()) == NULL) + return NULL; + dh->p = BN_bin2bn(dh8192_p, sizeof(dh8192_p), NULL); + dh->g = BN_bin2bn(dh8192_g, sizeof(dh8192_g), NULL); + if ((dh->p == NULL) || (dh->g == NULL)) { + DH_free(dh); + return NULL; + } + return dh; +} + +static DH * +tmp_dh_load(int len) +{ + switch (len) { + case 1024: + return get_dh1024(); + break; + case 2048: + return get_dh2048(); + break; + case 3072: + return get_dh3072(); + break; + case 4096: + return get_dh4096(); + break; + case 5120: + return get_dh5120(); + break; + case 6144: + return get_dh6144(); + break; + case 7168: + return get_dh7168(); + break; + case 8192: + return get_dh8192(); + break; + } + return NULL; +} + +static int +tmp_dh_load_all(void) +{ + int len; + dh_param_t *dhp; + + if ((dh_params = calloc(DH_MAX / 1024, sizeof(dh_param_t))) == NULL) + return 0; + for (dhp = dh_params, len = DH_MAX; len != 0; len -= 1024, dhp++) { + dhp->len = len; + dhp->dh = tmp_dh_load(len); + } + + return 1; +} + +/* ARGSUSED */ +DH * +tmp_dh_callback(SSL *ssl, int export, int len) +{ + EVP_PKEY *pkey = SSL_get_privatekey(ssl); + dh_param_t *dht = dh_params; + int i; + + if (pkey != NULL && EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) + len = EVP_PKEY_bits(pkey); + + for (i = 0, dht = dh_params; i < DH_MAX / 1024; i++, dht++) { + if (len >= dht->len) + break; + } + + return dht->dh; +} + +/* ARGSUSED */ +EC_KEY * +tmp_ecdh_callback(SSL *ssl, int export, int len) +{ + EVP_PKEY *pkey = SSL_get_privatekey(ssl); + + if (pkey != NULL && EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) + len = EVP_PKEY_bits(pkey); + + if (len > 1024) + return EC_KEY_new_by_curve_name(NID_sect571r1); + return EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +} + int initssl(void) { SSL_load_error_strings(); - SSLeay_add_ssl_algorithms(); + SSL_library_init(); ircdssl_ctx = SSL_CTX_new(SSLv23_server_method()); if (!ircdssl_ctx) { ERR_print_errors_fp(stderr); + SSL_CTX_free(ircdssl_ctx); + return 0; + } + + SSL_CTX_set_options(ircdssl_ctx, + SSL_OP_NO_SSLv2 | SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_NO_TICKET | + SSL_OP_NO_COMPRESSION | SSL_OP_SINGLE_DH_USE); + + if (SSL_CTX_set_cipher_list(ircdssl_ctx, + "DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-GCM-SHA384:" + "DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:" + "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:" + "ECDHE-RSA-AES256-SHA:" + "DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-GCM-SHA256:" + "DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:" + "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:" + "ECDHE-RSA-AES128-SHA:" + "!aNULL:!eNULL") + == 0) { + ERR_print_errors_fp(stderr); + SSL_CTX_free(ircdssl_ctx); return 0; } + if (SSL_CTX_use_certificate_file(ircdssl_ctx, IRCDSSL_CPATH, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); @@ -63,6 +749,15 @@ int initssl(void) SSL_CTX_free(ircdssl_ctx); return 0; } + + if (tmp_dh_load_all() == 0) { + fprintf(stderr, "Could not allocate memory"); + SSL_CTX_free(ircdssl_ctx); + return 0; + } + SSL_CTX_set_tmp_dh_callback(ircdssl_ctx, tmp_dh_callback); + SSL_CTX_set_tmp_ecdh_callback(ircdssl_ctx, tmp_ecdh_callback); + return 1; } diff --git a/src/zlink.c b/src/zlink.c index b2bbc51..7b5e4c2 100644 --- a/src/zlink.c +++ b/src/zlink.c @@ -17,7 +17,7 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -/* $Id: zlink.c,v 1.1 2005/01/12 07:44:57 mmondor Exp $ */ +/* $Id: zlink.c,v 1.2 2014/06/08 18:05:29 mmondor Exp $ */ /* * This streaming ircd zlib implementation was @@ -136,9 +136,9 @@ char *zip_input(void *session, char *buffer, int *len, int *err, *nbuf = NULL; *err = 0; - zin->next_in = buffer; + zin->next_in = (unsigned char *)buffer; zin->avail_in = *len; - zin->next_out = zipInBuf; + zin->next_out = (unsigned char *)zipInBuf; zin->avail_out = zipInBufSize; ret = inflate(zin, Z_SYNC_FLUSH); @@ -153,7 +153,7 @@ char *zip_input(void *session, char *buffer, int *len, int *err, *len = -1; return zin->msg ? zin->msg : "????"; } - *nbuf = zin->next_in; + *nbuf = (char *)zin->next_in; *nbuflen = zin->avail_in; *len = zipInBufSize - zin->avail_out; return zipInBuf; @@ -210,9 +210,9 @@ char *zip_output(void *session, char *buffer, int *len, return NULL; } - zout->next_in = z->buf; + zout->next_in = (unsigned char *)z->buf; zout->avail_in = z->bufsize; - zout->next_out = zipOutBuf; + zout->next_out = (unsigned char *)zipOutBuf; zout->avail_out = zipOutBufSize; /* -- 2.9.0