rpms / freeradius

Clone
Source Code
GIT

Blame SOURCES/freeradius-bootstrap-fixed-dhparam.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-3.0 c8-stream-3.0 c8s-stream-3.0 c9 c9-beta
  1.   42d0ad4c00afbbcecfa9e32f387f7d51d25a5590
  2.   SOURCES
  3.   freeradius-bootstrap-fixed-dhparam.patch
Blob History Raw
42d0ad 
From b31f1ab9a0e1c010037d2d660e3ce4ea7eb07d6c Mon Sep 17 00:00:00 2001
42d0ad 
From: Alexander Scheel <ascheel@redhat.com>
42d0ad 
Date: Wed, 5 Aug 2020 16:10:52 -0400
42d0ad 
Subject: [PATCH] Use fixed FIPS-approved dhparam by default
42d0ad
42d0ad 
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
42d0ad 
---
42d0ad 
 raddb/certs/Makefile  | 2 +-
42d0ad 
 raddb/certs/bootstrap | 7 +++++--
42d0ad 
 2 files changed, 6 insertions(+), 3 deletions(-)
42d0ad
42d0ad 
diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile
42d0ad 
index 5cbfd46..41b7aea 100644
42d0ad 
--- a/raddb/certs/Makefile
42d0ad 
+++ b/raddb/certs/Makefile
42d0ad 
@@ -59,7 +59,7 @@ passwords.mk: server.cnf ca.cnf client.cnf inner-server.cnf
42d0ad 
 #
42d0ad 
 ######################################################################
42d0ad 
 dh:
42d0ad 
-	$(OPENSSL) dhparam -out dh -2 $(DH_KEY_SIZE)
42d0ad 
+	cp rfc3526-group-18-8192.dhparam dh
42d0ad
42d0ad 
 ######################################################################
42d0ad 
 #
42d0ad 
diff --git a/raddb/certs/bootstrap b/raddb/certs/bootstrap
42d0ad 
index 9920ecf..59b3310 100755
42d0ad 
--- a/raddb/certs/bootstrap
42d0ad 
+++ b/raddb/certs/bootstrap
42d0ad 
@@ -13,6 +13,10 @@
42d0ad 
 umask 027
42d0ad 
 cd `dirname $0`
42d0ad
42d0ad 
+if [ ! -e random ]; then
42d0ad 
+  ln -sf /dev/urandom random
42d0ad 
+fi
42d0ad 
+
42d0ad 
 make -h > /dev/null 2>&1
42d0ad
42d0ad 
 #
42d0ad 
@@ -35,8 +39,7 @@ fi
42d0ad 
 #  re-generate these commands.
42d0ad 
 #
42d0ad 
 if [ ! -e dh ]; then
42d0ad 
-  openssl dhparam -out dh 2048 || exit 1
42d0ad 
-  ln -sf /dev/urandom random
42d0ad 
+  cp rfc3526-group-18-8192.dhparam dh
42d0ad 
 fi
42d0ad
42d0ad 
 if [ ! -e server.key ]; then
42d0ad 
--
42d0ad 
2.26.2
42d0ad

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation