From f9a3f7e080ce62eefeb03f7926777e687c169f3b Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Wed, 15 Oct 2014 18:27:20 +0200 Subject: m_ssl_openssl Add compile time option to enable ECDH --- src/modules/extra/m_ssl_openssl.cpp | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 01bf11678..737dab914 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -141,6 +141,38 @@ class ModuleSSLOpenSSL : public Module ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "OpenSSL %s context options: %ld", ctxname.c_str(), final); } +#ifdef INSPIRCD_OPENSSL_ENABLE_ECDH + void SetupECDH(ConfigTag* tag) + { + std::string curvename = tag->getString("ecdhcurve", "prime256v1"); + if (curvename.empty()) + return; + + int nid = OBJ_sn2nid(curvename.c_str()); + if (nid == 0) + { + ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Unknown curve: \"%s\"", curvename.c_str()); + return; + } + + EC_KEY* eckey = EC_KEY_new_by_curve_name(nid); + if (!eckey) + { + ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Unable to create EC key object"); + return; + } + + ERR_clear_error(); + if (SSL_CTX_set_tmp_ecdh(ctx, eckey) < 0) + { + ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Couldn't set ECDH parameters"); + ERR_print_errors_cb(error_callback, this); + } + + EC_KEY_free(eckey); + } +#endif + public: ModuleSSLOpenSSL() : iohook(this, "ssl/openssl", SERVICE_IOHOOK) @@ -334,6 +366,10 @@ class ModuleSSLOpenSSL : public Module #ifndef _WIN32 fclose(dhpfile); #endif + +#ifdef INSPIRCD_OPENSSL_ENABLE_ECDH + SetupECDH(conf); +#endif } void On005Numeric(std::string &output) -- cgit v1.2.3