diff options
| author | Attila Molnar <attilamolnar@hush.com> | 2014-10-15 18:27:20 +0200 |
|---|---|---|
| committer | Attila Molnar <attilamolnar@hush.com> | 2014-10-20 21:00:26 +0200 |
| commit | f9a3f7e080ce62eefeb03f7926777e687c169f3b (patch) | |
| tree | 724c22c0957b6e9df8168247457a581a7f917870 | |
| parent | 5fe0592bbc049c2e7801ddb59182fa7219427d45 (diff) | |
m_ssl_openssl Add compile time option to enable ECDH
| -rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 01bf11678..737dab914 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -141,6 +141,38 @@ class ModuleSSLOpenSSL : public Module ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "OpenSSL %s context options: %ld", ctxname.c_str(), final); } +#ifdef INSPIRCD_OPENSSL_ENABLE_ECDH + void SetupECDH(ConfigTag* tag) + { + std::string curvename = tag->getString("ecdhcurve", "prime256v1"); + if (curvename.empty()) + return; + + int nid = OBJ_sn2nid(curvename.c_str()); + if (nid == 0) + { + ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Unknown curve: \"%s\"", curvename.c_str()); + return; + } + + EC_KEY* eckey = EC_KEY_new_by_curve_name(nid); + if (!eckey) + { + ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Unable to create EC key object"); + return; + } + + ERR_clear_error(); + if (SSL_CTX_set_tmp_ecdh(ctx, eckey) < 0) + { + ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Couldn't set ECDH parameters"); + ERR_print_errors_cb(error_callback, this); + } + + EC_KEY_free(eckey); + } +#endif + public: ModuleSSLOpenSSL() : iohook(this, "ssl/openssl", SERVICE_IOHOOK) @@ -334,6 +366,10 @@ class ModuleSSLOpenSSL : public Module #ifndef _WIN32 fclose(dhpfile); #endif + +#ifdef INSPIRCD_OPENSSL_ENABLE_ECDH + SetupECDH(conf); +#endif } void On005Numeric(std::string &output) |