diff options
| author | jsing <> | 2015-02-07 06:19:26 +0000 |
|---|---|---|
| committer | jsing <> | 2015-02-07 06:19:26 +0000 |
| commit | 1a38ececbc4737bfb7996d4c0f879c9872e9930b (patch) | |
| tree | 4574673a0c17d6f4e774e9685f9dde91409dc24b /src/lib/libtls/tls_config.c | |
| parent | 4d71037d26a6de59efacc048b6d8eaef040cf31f (diff) | |
| download | openbsd-1a38ececbc4737bfb7996d4c0f879c9872e9930b.tar.gz openbsd-1a38ececbc4737bfb7996d4c0f879c9872e9930b.tar.bz2 openbsd-1a38ececbc4737bfb7996d4c0f879c9872e9930b.zip | |
Add tls_config_set_dheparams() to allow specification of the parameters to
use for DHE. This enables the use of DHE cipher suites.
Rename tls_config_set_ecdhcurve() to tls_config_set_ecdhecurve() since it
is only used to specify the curve for ephemeral ECDH.
Discussed with reyk@
Diffstat (limited to 'src/lib/libtls/tls_config.c')
| -rw-r--r-- | src/lib/libtls/tls_config.c | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c index 16120c5e4e..7697fa6ee8 100644 --- a/src/lib/libtls/tls_config.c +++ b/src/lib/libtls/tls_config.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_config.c,v 1.2 2015/01/22 09:16:24 reyk Exp $ */ | 1 | /* $OpenBSD: tls_config.c,v 1.3 2015/02/07 06:19:26 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -71,7 +71,8 @@ tls_config_new(void) | |||
| 71 | tls_config_free(config); | 71 | tls_config_free(config); |
| 72 | return (NULL); | 72 | return (NULL); |
| 73 | } | 73 | } |
| 74 | tls_config_set_ecdhcurve(config, "auto"); | 74 | tls_config_set_dheparams(config, "none"); |
| 75 | tls_config_set_ecdhecurve(config, "auto"); | ||
| 75 | tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT); | 76 | tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT); |
| 76 | tls_config_set_verify_depth(config, 6); | 77 | tls_config_set_verify_depth(config, 6); |
| 77 | 78 | ||
| @@ -145,18 +146,37 @@ tls_config_set_ciphers(struct tls_config *config, const char *ciphers) | |||
| 145 | } | 146 | } |
| 146 | 147 | ||
| 147 | int | 148 | int |
| 148 | tls_config_set_ecdhcurve(struct tls_config *config, const char *name) | 149 | tls_config_set_dheparams(struct tls_config *config, const char *params) |
| 150 | { | ||
| 151 | int keylen; | ||
| 152 | |||
| 153 | if (params == NULL || strcasecmp(params, "none") == 0) | ||
| 154 | keylen = 0; | ||
| 155 | else if (strcasecmp(params, "auto") == 0) | ||
| 156 | keylen = -1; | ||
| 157 | else if (strcmp(params, "legacy")) | ||
| 158 | keylen = 1024; | ||
| 159 | else | ||
| 160 | return (-1); | ||
| 161 | |||
| 162 | config->dheparams = keylen; | ||
| 163 | |||
| 164 | return (0); | ||
| 165 | } | ||
| 166 | |||
| 167 | int | ||
| 168 | tls_config_set_ecdhecurve(struct tls_config *config, const char *name) | ||
| 149 | { | 169 | { |
| 150 | int nid; | 170 | int nid; |
| 151 | 171 | ||
| 152 | if (name == NULL) | 172 | if (name == NULL || strcasecmp(name, "none") == 0) |
| 153 | nid = NID_undef; | 173 | nid = NID_undef; |
| 154 | else if (strcasecmp(name, "auto") == 0) | 174 | else if (strcasecmp(name, "auto") == 0) |
| 155 | nid = -1; | 175 | nid = -1; |
| 156 | else if ((nid = OBJ_txt2nid(name)) == NID_undef) | 176 | else if ((nid = OBJ_txt2nid(name)) == NID_undef) |
| 157 | return (-1); | 177 | return (-1); |
| 158 | 178 | ||
| 159 | config->ecdhcurve = nid; | 179 | config->ecdhecurve = nid; |
| 160 | 180 | ||
| 161 | return (0); | 181 | return (0); |
| 162 | } | 182 | } |