summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/doc-docbook/spec.xfpt18
-rw-r--r--doc/doc-txt/NewStuff2
-rw-r--r--src/src/globals.c1
-rw-r--r--src/src/globals.h1
-rw-r--r--src/src/readconf.c1
-rw-r--r--src/src/tls-openssl.c94
6 files changed, 93 insertions, 24 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index d44349c20..50dfaf1fd 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -13436,6 +13436,7 @@ listed in more than one group.
.row &%tls_crl%& "certificate revocation list"
.row &%tls_dh_max_bits%& "clamp D-H bit count suggestion"
.row &%tls_dhparam%& "DH parameters for server"
+.row &%tls_eccurve%& "EC curve selection for server"
.row &%tls_ocsp_file%& "location of server certificate status proof"
.row &%tls_on_connect_ports%& "specify SSMTP (SMTPS) ports"
.row &%tls_privatekey%& "location of server private key"
@@ -16627,7 +16628,22 @@ prior to the 4.80 release, as Debian used to patch Exim to raise the minimum
acceptable bound from 1024 to 2048.
+.option tls_eccurve main string&!! prime256v1
+.cindex TLS "EC cryptography"
+If built with a recent-enough version of OpenSSL,
+this option selects a EC curve for use by Exim.
+
+Curve names of the form &'prime256v1'& are accepted.
+For even more-recent library versions, names of the form &'P-512'&
+are also accepted, plus the special value &'auto'&
+which tell the library to choose.
+
+If the option is set to an empty string, no EC curves will be enabled.
+
+
.option tls_ocsp_file main string&!! unset
+.cindex TLS "certificate status"
+.cindex TLS "OCSP proof file"
This option
must if set expand to the absolute path to a file which contains a current
status proof for the server's certificate, as obtained from the
@@ -16635,6 +16651,8 @@ Certificate Authority.
.option tls_on_connect_ports main "string list" unset
+.cindex SSMTP
+.cindex SMTPS
This option specifies a list of incoming SSMTP (aka SMTPS) ports that should
operate the obsolete SSMTP (SMTPS) protocol, where a TLS session is immediately
set up without waiting for the client to issue a STARTTLS command. For
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index e10a32b3f..010c90d15 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -37,6 +37,8 @@ Version 4.86
12. A non-SMTP authenticator using information from TLS client certificates.
+13. Main option "tls_eccurve" for selecting an Elliptic Curve for TLS.
+
Version 4.85
------------
diff --git a/src/src/globals.c b/src/src/globals.c
index cb1e8de39..63674e51c 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -156,6 +156,7 @@ that's the interop problem which has been observed: GnuTLS suggesting a higher
bit-count as "NORMAL" (2432) and Thunderbird dropping connection. */
int tls_dh_max_bits = 2236;
uschar *tls_dhparam = NULL;
+uschar *tls_eccurve = US"prime256v1";
#ifndef DISABLE_OCSP
uschar *tls_ocsp_file = NULL;
#endif
diff --git a/src/src/globals.h b/src/src/globals.h
index 18dcf2fd0..36c25906e 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -118,6 +118,7 @@ extern uschar *tls_channelbinding_b64; /* string of base64 channel binding */
extern uschar *tls_crl; /* CRL File */
extern int tls_dh_max_bits; /* don't accept higher lib suggestions */
extern uschar *tls_dhparam; /* DH param file */
+extern uschar *tls_eccurve; /* EC curve */
#ifndef DISABLE_OCSP
extern uschar *tls_ocsp_file; /* OCSP stapling proof file */
#endif
diff --git a/src/src/readconf.c b/src/src/readconf.c
index a36fdd3b7..8b43c7a9f 100644
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -448,6 +448,7 @@ static optionlist optionlist_config[] = {
{ "tls_crl", opt_stringptr, &tls_crl },
{ "tls_dh_max_bits", opt_int, &tls_dh_max_bits },
{ "tls_dhparam", opt_stringptr, &tls_dhparam },
+ { "tls_eccurve", opt_stringptr, &tls_eccurve },
# ifndef DISABLE_OCSP
{ "tls_ocsp_file", opt_stringptr, &tls_ocsp_file },
# endif
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 21e086e65..e1dcd77bc 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -22,6 +22,9 @@ functions from the OpenSSL library. */
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ECDH
+# include <openssl/ec.h>
+#endif
#ifndef DISABLE_OCSP
# include <openssl/ocsp.h>
#endif
@@ -59,6 +62,16 @@ functions from the OpenSSL library. */
&& (OPENSSL_VERSION_NUMBER & 0x0000ff000L) >= 0x000002000L
# define EXIM_HAVE_OPENSSL_CHECKHOST
# endif
+
+# if !defined(OPENSSL_NO_ECDH)
+# if OPENSSL_VERSION_NUMBER >= 0x0090800fL
+# define EXIM_HAVE_ECDH
+# endif
+# if OPENSSL_VERSION_NUMBER >= 0x10002000L
+# define EXIM_HAVE_OPENSSL_ECDH_AUTO
+# define EXIM_HAVE_OPENSSL_EC_NIST2NID
+# endif
+# endif
#endif
#if !defined(EXIM_HAVE_OPENSSL_TLSEXT) && !defined(DISABLE_OCSP)
@@ -644,42 +657,74 @@ Returns: TRUE if OK (nothing to set up, or setup worked)
*/
static BOOL
-init_ecdh(SSL_CTX *sctx, host_item *host)
+init_ecdh(SSL_CTX * sctx, host_item * host)
{
+EC_KEY * ecdh;
+uschar * exp_curve;
+int nid;
+BOOL rv;
+
+#ifdef OPENSSL_NO_ECDH
+return TRUE;
+#else
+
if (host) /* No ECDH setup for clients, only for servers */
return TRUE;
-#ifndef SSL_CTX_set_tmp_ecdh
-/* No elliptic curve API in OpenSSL, skip it */
+# ifndef EXIM_HAVE_ECDH
DEBUG(D_tls)
debug_printf("No OpenSSL API to define ECDH parameters, skipping\n");
return TRUE;
-#else
-# ifndef NID_X9_62_prime256v1
-/* For now, stick to NIST P-256 to get "something" running.
-If that's not available, bail */
-DEBUG(D_tls)
- debug_printf("NIST P-256 EC curve not available, skipping ECDH setup\n");
-return TRUE;
# else
+
+if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve))
+ return FALSE;
+if (!exp_curve || !*exp_curve)
+ return TRUE;
+
+# ifdef EXIM_HAVE_OPENSSL_ECDH_AUTO
+/* check if new enough library to support auto ECDH temp key parameter selection */
+if (Ustrcmp(exp_curve, "auto") == 0)
{
- EC_KEY * ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- BOOL rv;
+ DEBUG(D_tls) debug_printf(
+ "ECDH temp key parameter settings: OpenSSL 1.2+ autoselection\n");
+ SSL_CTX_set_ecdh_auto(sctx, 1);
+ return TRUE;
+ }
+# endif
- /* The "tmp" in the name here refers to setting a tempoary key
- not to the stability of the interface. */
+DEBUG(D_tls) debug_printf("ECDH: curve '%s'\n", exp_curve);
+if ( (nid = OBJ_sn2nid (CCS exp_curve)) == NID_undef
+# ifdef EXIM_HAVE_OPENSSL_EC_NIST2NID
+ && (nid = EC_curve_nist2nid(CCS exp_curve)) == NID_undef
+# endif
+ )
+ {
+ tls_error(string_sprintf("Unknown curve name tls_eccurve '%s'",
+ exp_curve),
+ host, NULL);
+ return FALSE;
+ }
- if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) != 0))
- {
- DEBUG(D_tls) debug_printf("ECDH: enable NIST P-256 curve\n");
- }
- else
- tls_error(US"Error enabling NIST P-256 curve", host, NULL);
- EC_KEY_free(ecdh);
- return rv;
+if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
+ {
+ tls_error("Unable to create ec curve", host, NULL);
+ return FALSE;
}
-# endif
-#endif
+
+/* The "tmp" in the name here refers to setting a temporary key
+not to the stability of the interface. */
+
+if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
+ tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), host, NULL);
+else
+ DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
+
+EC_KEY_free(ecdh);
+return !rv;
+
+# endif /*EXIM_HAVE_ECDH*/
+#endif /*OPENSSL_NO_ECDH*/
}
@@ -1321,6 +1366,7 @@ else
DEBUG(D_tls) debug_printf("no SSL CTX options to set\n");
/* Initialize with DH parameters if supplied */
+/* Initialize ECDH temp key parameter selection */
if ( !init_dh(*ctxp, dhparam, host)
|| !init_ecdh(*ctxp, host)