summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAttila Molnar <attilamolnar@hush.com>2014-10-15 18:27:20 +0200
committerAttila Molnar <attilamolnar@hush.com>2014-10-20 21:00:26 +0200
commitf9a3f7e080ce62eefeb03f7926777e687c169f3b (patch)
tree724c22c0957b6e9df8168247457a581a7f917870 /src
parent5fe0592bbc049c2e7801ddb59182fa7219427d45 (diff)
m_ssl_openssl Add compile time option to enable ECDH
Diffstat (limited to 'src')
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp36
1 files changed, 36 insertions, 0 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 01bf11678..737dab914 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -141,6 +141,38 @@ class ModuleSSLOpenSSL : public Module
ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "OpenSSL %s context options: %ld", ctxname.c_str(), final);
}
+#ifdef INSPIRCD_OPENSSL_ENABLE_ECDH
+ void SetupECDH(ConfigTag* tag)
+ {
+ std::string curvename = tag->getString("ecdhcurve", "prime256v1");
+ if (curvename.empty())
+ return;
+
+ int nid = OBJ_sn2nid(curvename.c_str());
+ if (nid == 0)
+ {
+ ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Unknown curve: \"%s\"", curvename.c_str());
+ return;
+ }
+
+ EC_KEY* eckey = EC_KEY_new_by_curve_name(nid);
+ if (!eckey)
+ {
+ ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Unable to create EC key object");
+ return;
+ }
+
+ ERR_clear_error();
+ if (SSL_CTX_set_tmp_ecdh(ctx, eckey) < 0)
+ {
+ ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Couldn't set ECDH parameters");
+ ERR_print_errors_cb(error_callback, this);
+ }
+
+ EC_KEY_free(eckey);
+ }
+#endif
+
public:
ModuleSSLOpenSSL() : iohook(this, "ssl/openssl", SERVICE_IOHOOK)
@@ -334,6 +366,10 @@ class ModuleSSLOpenSSL : public Module
#ifndef _WIN32
fclose(dhpfile);
#endif
+
+#ifdef INSPIRCD_OPENSSL_ENABLE_ECDH
+ SetupECDH(conf);
+#endif
}
void On005Numeric(std::string &output)