ircd::openssl: Add interface to tweak ecdh / ciphers / curves.

2024-12-27 07:54:05 +01:00 · 2019-03-10 16:22:12 -07:00 · 2019-03-10 16:22:12 -07:00 · b4fabaf14f
commit b4fabaf14f
parent db30477e51
2 changed files with 61 additions and 0 deletions
--- a/include/ircd/openssl.h
+++ b/include/ircd/openssl.h
@ -128,6 +128,13 @@ namespace ircd::openssl
 	const SSL_CIPHER *current_cipher(const SSL &);
 	string_view shared_ciphers(const mutable_buffer &buf, const SSL &);
 	string_view cipher_list(const SSL &, const int &priority = -1);
+	void set_cipher_list(SSL &, const std::string &list);
+	void set_cipher_list(SSL_CTX &, const std::string &list);
+	void set_ecdh_auto(SSL_CTX &, const bool & = true);
+	void set_ecdh_auto(SSL &, const bool & = true);
+	void set_tmp_ecdh(SSL_CTX &, EC_KEY &);
+	void set_curves(SSL_CTX &, std::string list);
+	void set_curves(SSL &, std::string list);
 }

 /// OpenSSL BIO convenience utils and wraps; also secure file IO closures
--- a/ircd/openssl.cc
+++ b/ircd/openssl.cc
@ -51,6 +51,60 @@ namespace ircd::openssl
 // SSL
 //

+void
+ircd::openssl::set_curves(SSL &ssl,
+                          std::string list)
+{
+	auto data(const_cast<char *>(list.data()));
+	call(::SSL_ctrl, &ssl, SSL_CTRL_SET_CURVES_LIST, 0, data);
+}
+
+void
+ircd::openssl::set_curves(SSL_CTX &ssl,
+                          std::string list)
+{
+	auto data(const_cast<char *>(list.data()));
+	call(::SSL_CTX_ctrl, &ssl, SSL_CTRL_SET_CURVES_LIST, 0, data);
+}
+
+void
+ircd::openssl::set_tmp_ecdh(SSL_CTX &ssl,
+                            EC_KEY &key)
+{
+	auto data(reinterpret_cast<char *>(&key));
+	call(::SSL_CTX_ctrl, &ssl, SSL_CTRL_SET_TMP_ECDH, 0, data);
+}
+
+void
+ircd::openssl::set_ecdh_auto(SSL &ssl,
+                             const bool &on)
+{
+	long _on(on);
+	call(::SSL_ctrl, &ssl, SSL_CTRL_SET_ECDH_AUTO, _on, nullptr);
+}
+
+void
+ircd::openssl::set_ecdh_auto(SSL_CTX &ssl,
+                             const bool &on)
+{
+	long _on(on);
+	call(::SSL_CTX_ctrl, &ssl, SSL_CTRL_SET_ECDH_AUTO, _on, nullptr);
+}
+
+void
+ircd::openssl::set_cipher_list(SSL_CTX &ssl,
+                               const std::string &list)
+{
+	call(::SSL_CTX_set_cipher_list, &ssl, list.c_str());
+}
+
+void
+ircd::openssl::set_cipher_list(SSL &ssl,
+                               const std::string &list)
+{
+	call(::SSL_set_cipher_list, &ssl, list.c_str());
+}
+
 ircd::string_view
 ircd::openssl::cipher_list(const SSL &ssl,
                           const int &priority)