Commit aacec4c8 authored by Howard Chu's avatar Howard Chu Committed by Quanah Gibson-Mount
Browse files

ITS#9054 Add support for multiple EECDH curves

Requires OpenSSL 1.0.2 or newer
parent 2d8d526a
...@@ -711,7 +711,7 @@ and its contents need to be freed by the caller using ...@@ -711,7 +711,7 @@ and its contents need to be freed by the caller using
Ignored by GnuTLS and Mozilla NSS. Ignored by GnuTLS and Mozilla NSS.
.TP .TP
.B LDAP_OPT_X_TLS_ECNAME .B LDAP_OPT_X_TLS_ECNAME
Gets/sets the name of the curve used for Gets/sets the name of the curve(s) used for
elliptic curve key exchanges. elliptic curve key exchanges.
.BR invalue .BR invalue
must be must be
......
...@@ -345,6 +345,12 @@ Use certutil \-L to list the certificates by name: ...@@ -345,6 +345,12 @@ Use certutil \-L to list the certificates by name:
certutil \-d /path/to/certdbdir \-L certutil \-d /path/to/certdbdir \-L
.fi .fi
.TP .TP
.B TLS_ECNAME <name>
Specify the name of the curve(s) to use for Elliptic curve Diffie-Hellman
ephemeral key exchange. This option is only used for OpenSSL.
This option is not used with GnuTLS; the curves may be
chosen in the GnuTLS ciphersuite specification.
.TP
.B TLS_KEY <filename> .B TLS_KEY <filename>
Specifies the file that contains the private key that matches the certificate Specifies the file that contains the private key that matches the certificate
stored in the stored in the
......
...@@ -923,9 +923,9 @@ When using Mozilla NSS these parameters are always generated randomly ...@@ -923,9 +923,9 @@ When using Mozilla NSS these parameters are always generated randomly
so this directive is ignored. so this directive is ignored.
.TP .TP
.B olcTLSECName: <name> .B olcTLSECName: <name>
Specify the name of a curve to use for Elliptic curve Diffie-Hellman Specify the name of the curve(s) to use for Elliptic curve Diffie-Hellman
ephemeral key exchange. This is required to enable ECDHE algorithms in ephemeral key exchange. This option is only used for OpenSSL.
OpenSSL. This option is not used with GnuTLS; the curves may be This option is not used with GnuTLS; the curves may be
chosen in the GnuTLS ciphersuite specification. This option is also chosen in the GnuTLS ciphersuite specification. This option is also
ignored for Mozilla NSS. ignored for Mozilla NSS.
.TP .TP
......
...@@ -1154,9 +1154,9 @@ When using Mozilla NSS these parameters are always generated randomly ...@@ -1154,9 +1154,9 @@ When using Mozilla NSS these parameters are always generated randomly
so this directive is ignored. so this directive is ignored.
.TP .TP
.B TLSECName <name> .B TLSECName <name>
Specify the name of a curve to use for Elliptic curve Diffie-Hellman Specify the name of the curve(s) to use for Elliptic curve Diffie-Hellman
ephemeral key exchange. This is required to enable ECDHE algorithms in ephemeral key exchange. This option is only used for OpenSSL.
OpenSSL. This option is not used with GnuTLS; the curves may be This option is not used with GnuTLS; the curves may be
chosen in the GnuTLS ciphersuite specification. This option is also chosen in the GnuTLS ciphersuite specification. This option is also
ignored for Mozilla NSS. ignored for Mozilla NSS.
.TP .TP
......
...@@ -130,6 +130,7 @@ static const struct ol_attribute { ...@@ -130,6 +130,7 @@ static const struct ol_attribute {
{0, ATTR_TLS, "TLS_RANDFILE", NULL, LDAP_OPT_X_TLS_RANDOM_FILE}, {0, ATTR_TLS, "TLS_RANDFILE", NULL, LDAP_OPT_X_TLS_RANDOM_FILE},
{0, ATTR_TLS, "TLS_CIPHER_SUITE", NULL, LDAP_OPT_X_TLS_CIPHER_SUITE}, {0, ATTR_TLS, "TLS_CIPHER_SUITE", NULL, LDAP_OPT_X_TLS_CIPHER_SUITE},
{0, ATTR_TLS, "TLS_PROTOCOL_MIN", NULL, LDAP_OPT_X_TLS_PROTOCOL_MIN}, {0, ATTR_TLS, "TLS_PROTOCOL_MIN", NULL, LDAP_OPT_X_TLS_PROTOCOL_MIN},
{0, ATTR_TLS, "TLS_ECNAME", NULL, LDAP_OPT_X_TLS_ECNAME},
#ifdef HAVE_OPENSSL_CRL #ifdef HAVE_OPENSSL_CRL
{0, ATTR_TLS, "TLS_CRLCHECK", NULL, LDAP_OPT_X_TLS_CRLCHECK}, {0, ATTR_TLS, "TLS_CRLCHECK", NULL, LDAP_OPT_X_TLS_CRLCHECK},
......
...@@ -532,6 +532,7 @@ ldap_int_tls_config( LDAP *ld, int option, const char *arg ) ...@@ -532,6 +532,7 @@ ldap_int_tls_config( LDAP *ld, int option, const char *arg )
case LDAP_OPT_X_TLS_RANDOM_FILE: case LDAP_OPT_X_TLS_RANDOM_FILE:
case LDAP_OPT_X_TLS_CIPHER_SUITE: case LDAP_OPT_X_TLS_CIPHER_SUITE:
case LDAP_OPT_X_TLS_DHFILE: case LDAP_OPT_X_TLS_DHFILE:
case LDAP_OPT_X_TLS_ECNAME:
case LDAP_OPT_X_TLS_CRLFILE: /* GnuTLS only */ case LDAP_OPT_X_TLS_CRLFILE: /* GnuTLS only */
return ldap_pvt_tls_set_option( ld, option, (void *) arg ); return ldap_pvt_tls_set_option( ld, option, (void *) arg );
......
...@@ -407,34 +407,30 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) ...@@ -407,34 +407,30 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
DH_free( dh ); DH_free( dh );
} }
if ( is_server && lo->ldo_tls_ecname ) { if ( lo->ldo_tls_ecname ) {
#ifdef OPENSSL_NO_EC #ifdef OPENSSL_NO_EC
Debug( LDAP_DEBUG_ANY, Debug( LDAP_DEBUG_ANY,
"TLS: Elliptic Curves not supported.\n", 0,0,0 ); "TLS: Elliptic Curves not supported.\n", 0,0,0 );
return -1; return -1;
#else #else
EC_KEY *ecdh; if ( SSL_CTX_set1_curves_list( ctx, lt->lt_ecname )) {
int nid = OBJ_sn2nid( lt->lt_ecname );
if ( nid == NID_undef ) {
Debug( LDAP_DEBUG_ANY, Debug( LDAP_DEBUG_ANY,
"TLS: could not use EC name `%s'.\n", "TLS: could not set EC name `%s'.\n",
lo->ldo_tls_ecname,0,0); lo->ldo_tls_ecname,0,0);
tlso_report_error(); tlso_report_error();
return -1; return -1;
} }
ecdh = EC_KEY_new_by_curve_name( nid ); /*
if ( ecdh == NULL ) { * This is a NOP in OpenSSL 1.1.0 and later, where curves are always
* auto-negotiated.
*/
#if OPENSSL_VERSION_NUMBER < 0x10100000UL
if ( SSL_CTX_set_ecdh_auto( ctx, 1 ) <= 0 ) {
Debug( LDAP_DEBUG_ANY, Debug( LDAP_DEBUG_ANY,
"TLS: could not generate key for EC name `%s'.\n", "TLS: could not enable automatic EC negotiation.\n", 0, 0, 0 );
lo->ldo_tls_ecname,0,0);
tlso_report_error();
return -1;
} }
SSL_CTX_set_tmp_ecdh( ctx, ecdh );
SSL_CTX_set_options( ctx, SSL_OP_SINGLE_ECDH_USE );
EC_KEY_free( ecdh );
#endif #endif
#endif /* OPENSSL_NO_EC */
} }
if ( tlso_opt_trace ) { if ( tlso_opt_trace ) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment