diff options
Diffstat (limited to '')
-rw-r--r-- | src/lib/libtls/tls_config.c | 84 |
1 files changed, 72 insertions, 12 deletions
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c index 40374ea220..581c493a55 100644 --- a/src/lib/libtls/tls_config.c +++ b/src/lib/libtls/tls_config.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tls_config.c,v 1.42 2017/08/09 21:27:24 claudio Exp $ */ | 1 | /* $OpenBSD: tls_config.c,v 1.43 2017/08/10 18:18:30 jsing Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
4 | * | 4 | * |
@@ -214,7 +214,7 @@ tls_config_new(void) | |||
214 | */ | 214 | */ |
215 | if (tls_config_set_dheparams(config, "none") != 0) | 215 | if (tls_config_set_dheparams(config, "none") != 0) |
216 | goto err; | 216 | goto err; |
217 | if (tls_config_set_ecdhecurve(config, "auto") != 0) | 217 | if (tls_config_set_ecdhecurves(config, "default") != 0) |
218 | goto err; | 218 | goto err; |
219 | if (tls_config_set_ciphers(config, "secure") != 0) | 219 | if (tls_config_set_ciphers(config, "secure") != 0) |
220 | goto err; | 220 | goto err; |
@@ -269,6 +269,7 @@ tls_config_free(struct tls_config *config) | |||
269 | free((char *)config->ca_path); | 269 | free((char *)config->ca_path); |
270 | free((char *)config->ciphers); | 270 | free((char *)config->ciphers); |
271 | free((char *)config->crl_mem); | 271 | free((char *)config->crl_mem); |
272 | free(config->ecdhecurves); | ||
272 | 273 | ||
273 | free(config); | 274 | free(config); |
274 | } | 275 | } |
@@ -616,22 +617,81 @@ tls_config_set_dheparams(struct tls_config *config, const char *params) | |||
616 | } | 617 | } |
617 | 618 | ||
618 | int | 619 | int |
619 | tls_config_set_ecdhecurve(struct tls_config *config, const char *name) | 620 | tls_config_set_ecdhecurve(struct tls_config *config, const char *curve) |
620 | { | 621 | { |
622 | if (strchr(curve, ',') != NULL || strchr(curve, ':') != NULL) { | ||
623 | tls_config_set_errorx(config, "invalid ecdhe curve '%s'", | ||
624 | curve); | ||
625 | return (-1); | ||
626 | } | ||
627 | |||
628 | if (curve == NULL || | ||
629 | strcasecmp(curve, "none") == 0 || | ||
630 | strcasecmp(curve, "auto") == 0) | ||
631 | curve = TLS_ECDHE_CURVES; | ||
632 | |||
633 | return tls_config_set_ecdhecurves(config, curve); | ||
634 | } | ||
635 | |||
636 | int | ||
637 | tls_config_set_ecdhecurves(struct tls_config *config, const char *curves) | ||
638 | { | ||
639 | int *curves_list = NULL, *curves_new; | ||
640 | size_t curves_num = 0; | ||
641 | char *cs = NULL; | ||
642 | char *p, *q; | ||
643 | int rv = -1; | ||
621 | int nid; | 644 | int nid; |
622 | 645 | ||
623 | if (name == NULL || strcasecmp(name, "none") == 0) | 646 | free(config->ecdhecurves); |
624 | nid = NID_undef; | 647 | config->ecdhecurves = NULL; |
625 | else if (strcasecmp(name, "auto") == 0) | 648 | config->ecdhecurves_len = 0; |
626 | nid = -1; | 649 | |
627 | else if ((nid = OBJ_txt2nid(name)) == NID_undef) { | 650 | if (curves == NULL || strcasecmp(curves, "default") == 0) |
628 | tls_config_set_errorx(config, "invalid ecdhe curve '%s'", name); | 651 | curves = TLS_ECDHE_CURVES; |
629 | return (-1); | 652 | |
653 | if ((cs = strdup(curves)) == NULL) { | ||
654 | tls_config_set_errorx(config, "out of memory"); | ||
655 | goto err; | ||
656 | } | ||
657 | |||
658 | q = cs; | ||
659 | while ((p = strsep(&q, ",:")) != NULL) { | ||
660 | while (*p == ' ' || *p == '\t') | ||
661 | p++; | ||
662 | |||
663 | nid = OBJ_sn2nid(p); | ||
664 | if (nid == NID_undef) | ||
665 | nid = OBJ_ln2nid(p); | ||
666 | if (nid == NID_undef) | ||
667 | nid = EC_curve_nist2nid(p); | ||
668 | if (nid == NID_undef) { | ||
669 | tls_config_set_errorx(config, | ||
670 | "invalid ecdhe curve '%s'", p); | ||
671 | goto err; | ||
672 | } | ||
673 | |||
674 | if ((curves_new = reallocarray(curves_list, curves_num + 1, | ||
675 | sizeof(int))) == NULL) { | ||
676 | tls_config_set_errorx(config, "out of memory"); | ||
677 | goto err; | ||
678 | } | ||
679 | curves_list = curves_new; | ||
680 | curves_list[curves_num] = nid; | ||
681 | curves_num++; | ||
630 | } | 682 | } |
631 | 683 | ||
632 | config->ecdhecurve = nid; | 684 | config->ecdhecurves = curves_list; |
685 | config->ecdhecurves_len = curves_num; | ||
686 | curves_list = NULL; | ||
633 | 687 | ||
634 | return (0); | 688 | rv = 0; |
689 | |||
690 | err: | ||
691 | free(cs); | ||
692 | free(curves_list); | ||
693 | |||
694 | return (rv); | ||
635 | } | 695 | } |
636 | 696 | ||
637 | int | 697 | int |