Add support for ECDHE (Elliptic curve Diffie-Hellman) to enable

TLS/SSL Perfect Forward Secrecy (PFS).

ok djm@

5 files changed, 44 insertions, 9 deletions

diff --git a/usr.sbin/relayd/config.c b/usr.sbin/relayd/config.c
index ab87e2ff3eb..cce03753d4f 100644
--- a/usr.sbin/relayd/config.c
+++ b/usr.sbin/relayd/config.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: config.c,v 1.9 2013/05/30 20:17:12 reyk Exp $	*/
+/*	$OpenBSD: config.c,v 1.10 2013/09/09 17:57:44 reyk Exp $	*/
 
 /*
  * Copyright (c) 2011 Reyk Floeter <reyk@openbsd.org>
@@ -112,6 +112,7 @@ config_init(struct relayd *env)
 		(void)strlcpy(env->sc_proto_default.sslciphers,
 		    SSLCIPHERS_DEFAULT,
 		    sizeof(env->sc_proto_default.sslciphers));
+		env->sc_proto_default.sslecdhcurve = SSLECDHCURVE_DEFAULT;
 		env->sc_proto_default.type = RELAY_PROTO_TCP;
 		(void)strlcpy(env->sc_proto_default.name, "default",
 		    sizeof(env->sc_proto_default.name));
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y
index 3d401dd2414..6d59e9da94b 100644
--- a/usr.sbin/relayd/parse.y
+++ b/usr.sbin/relayd/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.171 2013/05/30 20:17:12 reyk Exp $	*/
+/*	$OpenBSD: parse.y,v 1.172 2013/09/09 17:57:44 reyk Exp $	*/
 
 /*
  * Copyright (c) 2007-2011 Reyk Floeter <reyk@openbsd.org>
@@ -159,7 +159,7 @@ typedef struct {
 %token	RETURN ROUNDROBIN ROUTE SACK SCRIPT SEND SESSION SOCKET SPLICE
 %token	SSL STICKYADDR STYLE TABLE TAG TCP TIMEOUT TO ROUTER RTLABEL
 %token	TRANSPARENT TRAP UPDATES URL VIRTUAL WITH TTL RTABLE MATCH
-%token	RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE PASSWORD
+%token	RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE PASSWORD ECDH CURVE
 %token	<v.string>	STRING
 %token  <v.number>	NUMBER
 %type	<v.string>	hostname interface table
@@ -844,6 +844,7 @@ proto		: relay_proto PROTO STRING	{
 			p->tcpbacklog = RELAY_BACKLOG;
 			(void)strlcpy(p->sslciphers, SSLCIPHERS_DEFAULT,
 			    sizeof(p->sslciphers));
+			p->sslecdhcurve = SSLECDHCURVE_DEFAULT;
 			if (last_proto_id == INT_MAX) {
 				yyerror("too many protocols defined");
 				free(p);
@@ -970,6 +971,16 @@ sslflags	: SESSION CACHE sslcache	{ proto->cache = $3; }
 			}
 			free($2);
 		}
+		| ECDH CURVE STRING		{
+			if (strcmp("none", $3) == 0)
+				proto->sslecdhcurve = 0;
+			else if ((proto->sslecdhcurve = OBJ_sn2nid($3)) == 0) {
+				yyerror("ECDH curve not supported");
+				free($3);
+				YYERROR;
+			}
+			free($3);
+		}
 		| CA FILENAME STRING		{
 			if (strlcpy(proto->sslca, $3,
 			    sizeof(proto->sslca)) >=
@@ -1833,10 +1844,12 @@ lookup(char *s)
 		{ "ciphers",		CIPHERS },
 		{ "code",		CODE },
 		{ "cookie",		COOKIE },
+		{ "curve",		CURVE },
 		{ "demote",		DEMOTE },
 		{ "destination",	DESTINATION },
 		{ "digest",		DIGEST },
 		{ "disable",		DISABLE },
+		{ "ecdh",		ECDH },
 		{ "error",		ERROR },
 		{ "expect",		EXPECT },
 		{ "external",		EXTERNAL },
diff --git a/usr.sbin/relayd/relay.c b/usr.sbin/relayd/relay.c
index ca30f51daac..8c73ded7bcd 100644
--- a/usr.sbin/relayd/relay.c
+++ b/usr.sbin/relayd/relay.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: relay.c,v 1.166 2013/05/30 20:17:12 reyk Exp $	*/
+/*	$OpenBSD: relay.c,v 1.167 2013/09/09 17:57:44 reyk Exp $	*/
 
 /*
  * Copyright (c) 2006 - 2013 Reyk Floeter <reyk@openbsd.org>
@@ -1841,8 +1841,9 @@ relay_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
 SSL_CTX *
 relay_ssl_ctx_create(struct relay *rlay)
 {
-	struct protocol *proto = rlay->rl_proto;
-	SSL_CTX *ctx;
+	struct protocol	*proto = rlay->rl_proto;
+	SSL_CTX		*ctx;
+	EC_KEY		*ecdhkey;
 
 	ctx = SSL_CTX_new(SSLv23_method());
 	if (ctx == NULL)
@@ -1872,6 +1873,16 @@ relay_ssl_ctx_create(struct relay *rlay)
 	if ((proto->sslflags & SSLFLAG_TLSV1) == 0)
 		SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1);
 
+	if (proto->sslecdhcurve > 0) {
+		/* Enable ECDHE support for TLS perfect forward secrecy */
+		if ((ecdhkey =
+		    EC_KEY_new_by_curve_name(proto->sslecdhcurve)) == NULL)
+			goto err;
+		SSL_CTX_set_tmp_ecdh(ctx, ecdhkey);
+		SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
+		EC_KEY_free(ecdhkey);
+	}
+
 	if (!SSL_CTX_set_cipher_list(ctx, proto->sslciphers))
 		goto err;
 
diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5
index fa1d55ce65c..eafdccfe18f 100644
--- a/usr.sbin/relayd/relayd.conf.5
+++ b/usr.sbin/relayd/relayd.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: relayd.conf.5,v 1.138 2013/09/07 11:33:29 reyk Exp $
+.\"	$OpenBSD: relayd.conf.5,v 1.139 2013/09/09 17:57:44 reyk Exp $
 .\"
 .\" Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org>
 .\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 7 2013 $
+.Dd $Mdocdate: September 9 2013 $
 .Dt RELAYD.CONF 5
 .Os
 .Sh NAME
@@ -1134,6 +1134,14 @@ will be used (strong crypto cipher suites without anonymous DH).
 See the CIPHERS section of
 .Xr openssl 1
 for information about SSL cipher suites and preference lists.
+.It Ic ecdh curve Ar name
+Set a named curve to use when generating EC keys for ECDHE-based
+cipher suites with Perfect Forward Security (PFS), or
+.Ar none
+to disable ECDHE support.
+If not specified, the default curve
+.Ar prime256v1
+will be used.
 .It Ic session cache Ar value
 Set the maximum size of the SSL session cache.
 If the
diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h
index 1187029a3bf..202ef56d331 100644
--- a/usr.sbin/relayd/relayd.h
+++ b/usr.sbin/relayd/relayd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: relayd.h,v 1.170 2013/09/07 10:46:31 fgsch Exp $	*/
+/*	$OpenBSD: relayd.h,v 1.171 2013/09/09 17:57:45 reyk Exp $	*/
 
 /*
  * Copyright (c) 2006 - 2012 Reyk Floeter <reyk@openbsd.org>
@@ -569,6 +569,7 @@ enum prototype {
 	"\10\01sslv2\02sslv3\03tlsv1\04version"
 
 #define SSLCIPHERS_DEFAULT	"HIGH:!aNULL"
+#define SSLECDHCURVE_DEFAULT	NID_X9_62_prime256v1
 
 struct protocol {
 	objid_t			 id;
@@ -580,6 +581,7 @@ struct protocol {
 	u_int8_t		 tcpipminttl;
 	u_int8_t		 sslflags;
 	char			 sslciphers[768];
+	int			 sslecdhcurve;
 	char			 sslca[MAXPATHLEN];
 	char			 sslcacert[MAXPATHLEN];
 	char			 sslcakey[MAXPATHLEN];