mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-10 06:47:55 -08:00
Code

Add the API function ressl_config_set_ecdhcurve(config, name) to set a

Browse Source 
non-standard ECDH curve by name or to disable it by passing NULL.

OK jsing@
This commit is contained in:
reyk 2014-08-27 10:46:53 +00:00
parent 4788b1e03f
commit 254ffb6aa9
4 changed files with 29 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/libressl/ressl.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ressl.h,v 1.12 2014/08/15 16:55:32 tedu Exp $ */
/* $OpenBSD: ressl.h,v 1.13 2014/08/27 10:46:53 reyk Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
@ -37,6 +37,7 @@ void ressl_config_set_cert_file(struct ressl_config *config, char *cert_file);
void ressl_config_set_cert_mem(struct ressl_config *config, char *cert,
size_t len);
void ressl_config_set_ciphers(struct ressl_config *config, char *ciphers);
int ressl_config_set_ecdhcurve(struct ressl_config *config, const char *);
void ressl_config_set_key_file(struct ressl_config *config, char *key_file);
void ressl_config_set_key_mem(struct ressl_config *config, char *key,
size_t len);

15
lib/libressl/ressl_config.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ressl_config.c,v 1.7 2014/08/06 01:54:01 jsing Exp $ */
/* $OpenBSD: ressl_config.c,v 1.8 2014/08/27 10:46:53 reyk Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
@ -28,6 +28,7 @@ struct ressl_config ressl_config_default = {
.ca_file = _PATH_SSL_CA_FILE,
.ca_path = NULL,
.ciphers = NULL,
.ecdhcurve = NID_X9_62_prime256v1,
.verify = 1,
.verify_depth = 6,
};
@ -82,6 +83,18 @@ ressl_config_set_ciphers(struct ressl_config *config, char *ciphers)
config->ciphers = ciphers;
}
int
ressl_config_set_ecdhcurve(struct ressl_config *config, const char *name)
{
int nid = NID_undef;
if (name != NULL && (nid = OBJ_txt2nid(name)) == NID_undef)
return (-1);
config->ecdhcurve = nid;
return (0);
}
void
ressl_config_set_key_file(struct ressl_config *config, char *key_file)
{

3
lib/libressl/ressl_internal.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ressl_internal.h,v 1.9 2014/08/06 01:54:01 jsing Exp $ */
/* $OpenBSD: ressl_internal.h,v 1.10 2014/08/27 10:46:53 reyk Exp $ */
/*
* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@ -32,6 +32,7 @@ struct ressl_config {
char *cert_mem;
size_t cert_len;
const char *ciphers;
int ecdhcurve;
const char *key_file;
char *key_mem;
size_t key_len;

17
lib/libressl/ressl_server.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ressl_server.c,v 1.6 2014/08/05 12:46:16 jsing Exp $ */
/* $OpenBSD: ressl_server.c,v 1.7 2014/08/27 10:46:53 reyk Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
@ -69,11 +69,16 @@ ressl_configure_server(struct ressl *ctx)
}
}
if ((ecdh_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) == NULL)
goto err;
SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key);
SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
EC_KEY_free(ecdh_key);
if (ctx->config->ecdhcurve != NID_undef) {
if ((ecdh_key = EC_KEY_new_by_curve_name(
ctx->config->ecdhcurve)) == NULL) {
ressl_set_error(ctx, "failed to set ECDH curve");
goto err;
}
SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key);
SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
EC_KEY_free(ecdh_key);
}
return (0);