summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorreyk <>2014-08-27 10:46:53 +0000
committerreyk <>2014-08-27 10:46:53 +0000
commit10e31157bd2d409218ed09f4b52af2de773a8a0f (patch)
tree6959d89a329bfde79fac24d2c75497ac68a02cc4 /src
parent35ccc7b528b967f2e5c6d562a48ff5a2907ba8e7 (diff)
downloadopenbsd-10e31157bd2d409218ed09f4b52af2de773a8a0f.tar.gz
openbsd-10e31157bd2d409218ed09f4b52af2de773a8a0f.tar.bz2
openbsd-10e31157bd2d409218ed09f4b52af2de773a8a0f.zip
Add the API function ressl_config_set_ecdhcurve(config, name) to set a
non-standard ECDH curve by name or to disable it by passing NULL. OK jsing@
Diffstat (limited to 'src')
-rw-r--r--src/lib/libressl/ressl.h3
-rw-r--r--src/lib/libressl/ressl_config.c15
-rw-r--r--src/lib/libressl/ressl_internal.h3
-rw-r--r--src/lib/libressl/ressl_server.c17
4 files changed, 29 insertions, 9 deletions
diff --git a/src/lib/libressl/ressl.h b/src/lib/libressl/ressl.h
index 46672d97cb..ebd589313b 100644
--- a/src/lib/libressl/ressl.h
+++ b/src/lib/libressl/ressl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ressl.h,v 1.12 2014/08/15 16:55:32 tedu Exp $ */ 1/* $OpenBSD: ressl.h,v 1.13 2014/08/27 10:46:53 reyk Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -37,6 +37,7 @@ void ressl_config_set_cert_file(struct ressl_config *config, char *cert_file);
37void ressl_config_set_cert_mem(struct ressl_config *config, char *cert, 37void ressl_config_set_cert_mem(struct ressl_config *config, char *cert,
38 size_t len); 38 size_t len);
39void ressl_config_set_ciphers(struct ressl_config *config, char *ciphers); 39void ressl_config_set_ciphers(struct ressl_config *config, char *ciphers);
40int ressl_config_set_ecdhcurve(struct ressl_config *config, const char *);
40void ressl_config_set_key_file(struct ressl_config *config, char *key_file); 41void ressl_config_set_key_file(struct ressl_config *config, char *key_file);
41void ressl_config_set_key_mem(struct ressl_config *config, char *key, 42void ressl_config_set_key_mem(struct ressl_config *config, char *key,
42 size_t len); 43 size_t len);
diff --git a/src/lib/libressl/ressl_config.c b/src/lib/libressl/ressl_config.c
index 133ef81b02..aa353be01f 100644
--- a/src/lib/libressl/ressl_config.c
+++ b/src/lib/libressl/ressl_config.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ressl_config.c,v 1.7 2014/08/06 01:54:01 jsing Exp $ */ 1/* $OpenBSD: ressl_config.c,v 1.8 2014/08/27 10:46:53 reyk Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -28,6 +28,7 @@ struct ressl_config ressl_config_default = {
28 .ca_file = _PATH_SSL_CA_FILE, 28 .ca_file = _PATH_SSL_CA_FILE,
29 .ca_path = NULL, 29 .ca_path = NULL,
30 .ciphers = NULL, 30 .ciphers = NULL,
31 .ecdhcurve = NID_X9_62_prime256v1,
31 .verify = 1, 32 .verify = 1,
32 .verify_depth = 6, 33 .verify_depth = 6,
33}; 34};
@@ -82,6 +83,18 @@ ressl_config_set_ciphers(struct ressl_config *config, char *ciphers)
82 config->ciphers = ciphers; 83 config->ciphers = ciphers;
83} 84}
84 85
86int
87ressl_config_set_ecdhcurve(struct ressl_config *config, const char *name)
88{
89 int nid = NID_undef;
90
91 if (name != NULL && (nid = OBJ_txt2nid(name)) == NID_undef)
92 return (-1);
93
94 config->ecdhcurve = nid;
95 return (0);
96}
97
85void 98void
86ressl_config_set_key_file(struct ressl_config *config, char *key_file) 99ressl_config_set_key_file(struct ressl_config *config, char *key_file)
87{ 100{
diff --git a/src/lib/libressl/ressl_internal.h b/src/lib/libressl/ressl_internal.h
index 3f667526ad..02dded3e7e 100644
--- a/src/lib/libressl/ressl_internal.h
+++ b/src/lib/libressl/ressl_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ressl_internal.h,v 1.9 2014/08/06 01:54:01 jsing Exp $ */ 1/* $OpenBSD: ressl_internal.h,v 1.10 2014/08/27 10:46:53 reyk Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> 3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 4 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -32,6 +32,7 @@ struct ressl_config {
32 char *cert_mem; 32 char *cert_mem;
33 size_t cert_len; 33 size_t cert_len;
34 const char *ciphers; 34 const char *ciphers;
35 int ecdhcurve;
35 const char *key_file; 36 const char *key_file;
36 char *key_mem; 37 char *key_mem;
37 size_t key_len; 38 size_t key_len;
diff --git a/src/lib/libressl/ressl_server.c b/src/lib/libressl/ressl_server.c
index 7b812bfd27..24b54ad0d0 100644
--- a/src/lib/libressl/ressl_server.c
+++ b/src/lib/libressl/ressl_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ressl_server.c,v 1.6 2014/08/05 12:46:16 jsing Exp $ */ 1/* $OpenBSD: ressl_server.c,v 1.7 2014/08/27 10:46:53 reyk Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -69,11 +69,16 @@ ressl_configure_server(struct ressl *ctx)
69 } 69 }
70 } 70 }
71 71
72 if ((ecdh_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) == NULL) 72 if (ctx->config->ecdhcurve != NID_undef) {
73 goto err; 73 if ((ecdh_key = EC_KEY_new_by_curve_name(
74 SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key); 74 ctx->config->ecdhcurve)) == NULL) {
75 SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE); 75 ressl_set_error(ctx, "failed to set ECDH curve");
76 EC_KEY_free(ecdh_key); 76 goto err;
77 }
78 SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key);
79 SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
80 EC_KEY_free(ecdh_key);
81 }
77 82
78 return (0); 83 return (0);
79 84
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-25 14:57:48 +0000