diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libressl/ressl.h | 3 | ||||
| -rw-r--r-- | src/lib/libressl/ressl_config.c | 15 | ||||
| -rw-r--r-- | src/lib/libressl/ressl_internal.h | 3 | ||||
| -rw-r--r-- | src/lib/libressl/ressl_server.c | 17 | 
4 files changed, 29 insertions, 9 deletions
| diff --git a/src/lib/libressl/ressl.h b/src/lib/libressl/ressl.h index 46672d97cb..ebd589313b 100644 --- a/src/lib/libressl/ressl.h +++ b/src/lib/libressl/ressl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ressl.h,v 1.12 2014/08/15 16:55:32 tedu Exp $ */ | 1 | /* $OpenBSD: ressl.h,v 1.13 2014/08/27 10:46:53 reyk Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 
| 4 | * | 4 | * | 
| @@ -37,6 +37,7 @@ void ressl_config_set_cert_file(struct ressl_config *config, char *cert_file); | |||
| 37 | void ressl_config_set_cert_mem(struct ressl_config *config, char *cert, | 37 | void ressl_config_set_cert_mem(struct ressl_config *config, char *cert, | 
| 38 | size_t len); | 38 | size_t len); | 
| 39 | void ressl_config_set_ciphers(struct ressl_config *config, char *ciphers); | 39 | void ressl_config_set_ciphers(struct ressl_config *config, char *ciphers); | 
| 40 | int ressl_config_set_ecdhcurve(struct ressl_config *config, const char *); | ||
| 40 | void ressl_config_set_key_file(struct ressl_config *config, char *key_file); | 41 | void ressl_config_set_key_file(struct ressl_config *config, char *key_file); | 
| 41 | void ressl_config_set_key_mem(struct ressl_config *config, char *key, | 42 | void ressl_config_set_key_mem(struct ressl_config *config, char *key, | 
| 42 | size_t len); | 43 | size_t len); | 
| diff --git a/src/lib/libressl/ressl_config.c b/src/lib/libressl/ressl_config.c index 133ef81b02..aa353be01f 100644 --- a/src/lib/libressl/ressl_config.c +++ b/src/lib/libressl/ressl_config.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ressl_config.c,v 1.7 2014/08/06 01:54:01 jsing Exp $ */ | 1 | /* $OpenBSD: ressl_config.c,v 1.8 2014/08/27 10:46:53 reyk Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 
| 4 | * | 4 | * | 
| @@ -28,6 +28,7 @@ struct ressl_config ressl_config_default = { | |||
| 28 | .ca_file = _PATH_SSL_CA_FILE, | 28 | .ca_file = _PATH_SSL_CA_FILE, | 
| 29 | .ca_path = NULL, | 29 | .ca_path = NULL, | 
| 30 | .ciphers = NULL, | 30 | .ciphers = NULL, | 
| 31 | .ecdhcurve = NID_X9_62_prime256v1, | ||
| 31 | .verify = 1, | 32 | .verify = 1, | 
| 32 | .verify_depth = 6, | 33 | .verify_depth = 6, | 
| 33 | }; | 34 | }; | 
| @@ -82,6 +83,18 @@ ressl_config_set_ciphers(struct ressl_config *config, char *ciphers) | |||
| 82 | config->ciphers = ciphers; | 83 | config->ciphers = ciphers; | 
| 83 | } | 84 | } | 
| 84 | 85 | ||
| 86 | int | ||
| 87 | ressl_config_set_ecdhcurve(struct ressl_config *config, const char *name) | ||
| 88 | { | ||
| 89 | int nid = NID_undef; | ||
| 90 | |||
| 91 | if (name != NULL && (nid = OBJ_txt2nid(name)) == NID_undef) | ||
| 92 | return (-1); | ||
| 93 | |||
| 94 | config->ecdhcurve = nid; | ||
| 95 | return (0); | ||
| 96 | } | ||
| 97 | |||
| 85 | void | 98 | void | 
| 86 | ressl_config_set_key_file(struct ressl_config *config, char *key_file) | 99 | ressl_config_set_key_file(struct ressl_config *config, char *key_file) | 
| 87 | { | 100 | { | 
| diff --git a/src/lib/libressl/ressl_internal.h b/src/lib/libressl/ressl_internal.h index 3f667526ad..02dded3e7e 100644 --- a/src/lib/libressl/ressl_internal.h +++ b/src/lib/libressl/ressl_internal.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ressl_internal.h,v 1.9 2014/08/06 01:54:01 jsing Exp $ */ | 1 | /* $OpenBSD: ressl_internal.h,v 1.10 2014/08/27 10:46:53 reyk Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> | 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> | 
| 4 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 
| @@ -32,6 +32,7 @@ struct ressl_config { | |||
| 32 | char *cert_mem; | 32 | char *cert_mem; | 
| 33 | size_t cert_len; | 33 | size_t cert_len; | 
| 34 | const char *ciphers; | 34 | const char *ciphers; | 
| 35 | int ecdhcurve; | ||
| 35 | const char *key_file; | 36 | const char *key_file; | 
| 36 | char *key_mem; | 37 | char *key_mem; | 
| 37 | size_t key_len; | 38 | size_t key_len; | 
| diff --git a/src/lib/libressl/ressl_server.c b/src/lib/libressl/ressl_server.c index 7b812bfd27..24b54ad0d0 100644 --- a/src/lib/libressl/ressl_server.c +++ b/src/lib/libressl/ressl_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ressl_server.c,v 1.6 2014/08/05 12:46:16 jsing Exp $ */ | 1 | /* $OpenBSD: ressl_server.c,v 1.7 2014/08/27 10:46:53 reyk Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 
| 4 | * | 4 | * | 
| @@ -69,11 +69,16 @@ ressl_configure_server(struct ressl *ctx) | |||
| 69 | } | 69 | } | 
| 70 | } | 70 | } | 
| 71 | 71 | ||
| 72 | if ((ecdh_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) == NULL) | 72 | if (ctx->config->ecdhcurve != NID_undef) { | 
| 73 | goto err; | 73 | if ((ecdh_key = EC_KEY_new_by_curve_name( | 
| 74 | SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key); | 74 | ctx->config->ecdhcurve)) == NULL) { | 
| 75 | SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE); | 75 | ressl_set_error(ctx, "failed to set ECDH curve"); | 
| 76 | EC_KEY_free(ecdh_key); | 76 | goto err; | 
| 77 | } | ||
| 78 | SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key); | ||
| 79 | SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE); | ||
| 80 | EC_KEY_free(ecdh_key); | ||
| 81 | } | ||
| 77 | 82 | ||
| 78 | return (0); | 83 | return (0); | 
| 79 | 84 | ||
