]> git.netwichtig.de Git - user/henk/code/inspircd.git/commitdiff
projects / user / henk / code / inspircd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5fe0592)
m_ssl_openssl Add compile time option to enable ECDH
authorAttila Molnar <attilamolnar@hush.com>
Wed, 15 Oct 2014 16:27:20 +0000 (18:27 +0200)
committerAttila Molnar <attilamolnar@hush.com>
Mon, 20 Oct 2014 19:00:26 +0000 (21:00 +0200)
src/modules/extra/m_ssl_openssl.cpp patch | blob | history

diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 01bf11678811985531fb69f41efb44b3fc54de87..737dab91417cf93f3f85356f2ce8fef74271200c 100644 (file)
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -141,6 +141,38 @@ class ModuleSSLOpenSSL : public Module
                ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "OpenSSL %s context options: %ld", ctxname.c_str(), final);
        }
 
+#ifdef INSPIRCD_OPENSSL_ENABLE_ECDH
+       void SetupECDH(ConfigTag* tag)
+       {
+               std::string curvename = tag->getString("ecdhcurve", "prime256v1");
+               if (curvename.empty())
+                       return;
+
+               int nid = OBJ_sn2nid(curvename.c_str());
+               if (nid == 0)
+               {
+                       ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Unknown curve: \"%s\"", curvename.c_str());
+                       return;
+               }
+
+               EC_KEY* eckey = EC_KEY_new_by_curve_name(nid);
+               if (!eckey)
+               {
+                       ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Unable to create EC key object");
+                       return;
+               }
+
+               ERR_clear_error();
+               if (SSL_CTX_set_tmp_ecdh(ctx, eckey) < 0)
+               {
+                       ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Couldn't set ECDH parameters");
+                       ERR_print_errors_cb(error_callback, this);
+               }
+
+               EC_KEY_free(eckey);
+       }
+#endif
+
  public:
 
        ModuleSSLOpenSSL() : iohook(this, "ssl/openssl", SERVICE_IOHOOK)
@@ -334,6 +366,10 @@ class ModuleSSLOpenSSL : public Module
 #ifndef _WIN32
                fclose(dhpfile);
 #endif
+
+#ifdef INSPIRCD_OPENSSL_ENABLE_ECDH
+               SetupECDH(conf);
+#endif
        }
 
        void On005Numeric(std::string &output)