From 996d57f0698cbba55735f602b9de7c8167d8e32d Mon Sep 17 00:00:00 2001 From: manu Date: Mon, 14 Sep 2015 16:32:26 +0000 Subject: Add support for ECDH, from upstream After the recent logjam attack, longer DH parameter size have been advised. Unfortunately, this comes with a high computational cost. ECDH is a good alternative to acheive forward secrecy with lower CPU Loads. This patch is a backport from upstream ECDH umplementation. ECDH is enabled by speciying a curve name through the TLSECName directive. Valid curve names can be obtaines by openssl ecparam -list_curves Advised usage for a forward-secrecy only setup wiht only ECDH: TLSCipherSuite EECDH:!RC4:!SHA:!MD5:!DES:!aNULL:!eNULL TLSECName prime256v1 If backward compatibility with older clients is required: TLSCipherSuite EECDH:HIGH:!RC4:!SHA:!MD5:!DES:!aNULL:!eNULL TLSECName prime256v1 Backward compatible flavor with more forward secrecy, at the expense of using costly DH. dh2048.pem is obtained using openssl dhparam 2048 > /etc/openssl/certs/dh2048.pem TLSCipherSuite EECDH:EDH:HIGH:!RC4:!SHA:!MD5:!DES:!aNULL:!eNULL TLSDHParamFile /etc/openssl/certs/dh2048.pem TLSECName prime256v1 --- databases/openldap/distinfo | 3 +- databases/openldap/patches/patch-its7595 | 284 +++++++++++++++++++++++++++++++ 2 files changed, 286 insertions(+), 1 deletion(-) create mode 100644 databases/openldap/patches/patch-its7595 (limited to 'databases/openldap') diff --git a/databases/openldap/distinfo b/databases/openldap/distinfo index 5509141d7ed..05e9867f55c 100644 --- a/databases/openldap/distinfo +++ b/databases/openldap/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.101 2015/08/24 22:35:50 adam Exp $ +$NetBSD: distinfo,v 1.102 2015/09/14 16:32:26 manu Exp $ SHA1 (openldap-2.4.42.tgz) = ec03e061bfdb2e6a90827855cf77a72cb3f89cf4 RMD160 (openldap-2.4.42.tgz) = e45f38305f9a151b194534c60899d16be02813f8 @@ -18,4 +18,5 @@ SHA1 (patch-contrib_slapd-modules_nops_slapo-nops.5) = f32352f19361b7e9aa5b038ae SHA1 (patch-da) = 75e26bd08c6e66b69192ebfbb36db974d391ec3e SHA1 (patch-dd) = 9c74118ff0b2232bda729c9917082fceef41dd16 SHA1 (patch-its7506) = a50f9428d6d7dd28f71d21e11ae3f8b0f1372f75 +SHA1 (patch-its7595) = 9ea396adb7f2fd572d60190534caa80a01ef79d2 SHA1 (patch-libraries_libldap_os-local.c) = 7cd4f8638456fae12499de0d36d7802e47d3d688 diff --git a/databases/openldap/patches/patch-its7595 b/databases/openldap/patches/patch-its7595 new file mode 100644 index 00000000000..69e7a7eb2f2 --- /dev/null +++ b/databases/openldap/patches/patch-its7595 @@ -0,0 +1,284 @@ +$NetBSD: patch-its7595,v 1.1 2015/09/14 16:32:26 manu Exp $ + +ECDH support from upstream + +From e631ce808ed56119e61321463d06db7999ba5a08 Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Sat, 7 Sep 2013 09:47:19 -0700 +Subject: [PATCH] ITS#7595 Add Elliptic Curve support for OpenSSL + +From 9562ad00bd7f965df721bc22ac905bc759298a27 Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Sat, 7 Sep 2013 10:13:40 -0700 +Subject: [PATCH] ITS#7595 more doc for elliptic curve + +From 721e46fe6695077d63a3df6ea2e397920a72308d Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Sun, 8 Sep 2013 06:32:23 -0700 +Subject: [PATCH] ITS#7595 don't try to use EC if OpenSSL lacks it + +--- doc/guide/admin/tls.sdf.orig ++++ doc/guide/admin/tls.sdf +@@ -200,8 +200,20 @@ + > openssl dhparam [-dsaparam] -out + + This directive is ignored with GnuTLS and Mozilla NSS. + ++H4: TLSECName ++ ++This directive specifies the curve to use for Elliptic Curve ++Diffie-Hellman ephemeral key exchange. This is required in order ++to use ECDHE-based cipher suites in OpenSSL. The names of supported ++curves may be shown using the following command ++ ++> openssl ecparam -list_curves ++ ++This directive is not used for GnuTLS and is ignored with Mozilla NSS. ++For GnuTLS the curves may be specified in the ciphersuite. ++ + H4: TLSVerifyClient { never | allow | try | demand } + + This directive specifies what checks to perform on client certificates + in an incoming TLS session, if any. This option is set to {{EX:never}} +--- doc/man/man5/slapd-config.5.orig ++++ doc/man/man5/slapd-config.5 +@@ -917,8 +917,15 @@ + from the default, otherwise no certificate exchanges or verification will + be done. When using GnuTLS or Mozilla NSS these parameters are always generated randomly + so this directive is ignored. + .TP ++.B olcTLSECName: ++Specify the name of a curve to use for Elliptic curve Diffie-Hellman ++ephemeral key exchange. This is required to enable ECDHE algorithms in ++OpenSSL. This option is not used with GnuTLS; the curves may be ++chosen in the GnuTLS ciphersuite specification. This option is also ++ignored for Mozilla NSS. ++.TP + .B olcTLSProtocolMin: [.] + Specifies minimum SSL/TLS protocol version that will be negotiated. + If the server doesn't support at least that version, + the SSL handshake will fail. +--- doc/man/man5/slapd.conf.5.orig ++++ doc/man/man5/slapd.conf.5 +@@ -1148,8 +1148,15 @@ + from the default, otherwise no certificate exchanges or verification will + be done. When using GnuTLS these parameters are always generated randomly so + this directive is ignored. This directive is ignored when using Mozilla NSS. + .TP ++.B TLSECName ++Specify the name of a curve to use for Elliptic curve Diffie-Hellman ++ephemeral key exchange. This is required to enable ECDHE algorithms in ++OpenSSL. This option is not used with GnuTLS; the curves may be ++chosen in the GnuTLS ciphersuite specification. This option is also ++ignored for Mozilla NSS. ++.TP + .B TLSProtocolMin [.] + Specifies minimum SSL/TLS protocol version that will be negotiated. + If the server doesn't support at least that version, + the SSL handshake will fail. +--- include/ldap.h.orig ++++ include/ldap.h +@@ -157,8 +157,9 @@ + #define LDAP_OPT_X_TLS_DHFILE 0x600e + #define LDAP_OPT_X_TLS_NEWCTX 0x600f + #define LDAP_OPT_X_TLS_CRLFILE 0x6010 /* GNUtls only */ + #define LDAP_OPT_X_TLS_PACKAGE 0x6011 ++#define LDAP_OPT_X_TLS_ECNAME 0x6012 + + #define LDAP_OPT_X_TLS_NEVER 0 + #define LDAP_OPT_X_TLS_HARD 1 + #define LDAP_OPT_X_TLS_DEMAND 2 +--- libraries/libldap/ldap-int.h.orig ++++ libraries/libldap/ldap-int.h +@@ -164,8 +164,9 @@ + char *lt_cacertdir; + char *lt_ciphersuite; + char *lt_crlfile; + char *lt_randfile; /* OpenSSL only */ ++ char *lt_ecname; /* OpenSSL only */ + int lt_protocol_min; + }; + #endif + +@@ -249,8 +250,9 @@ + struct ldaptls ldo_tls_info; + #define ldo_tls_certfile ldo_tls_info.lt_certfile + #define ldo_tls_keyfile ldo_tls_info.lt_keyfile + #define ldo_tls_dhfile ldo_tls_info.lt_dhfile ++#define ldo_tls_ecname ldo_tls_info.lt_ecname + #define ldo_tls_cacertfile ldo_tls_info.lt_cacertfile + #define ldo_tls_cacertdir ldo_tls_info.lt_cacertdir + #define ldo_tls_ciphersuite ldo_tls_info.lt_ciphersuite + #define ldo_tls_protocol_min ldo_tls_info.lt_protocol_min +--- libraries/libldap/tls2.c.orig ++++ libraries/libldap/tls2.c +@@ -117,8 +117,12 @@ + if ( lo->ldo_tls_dhfile ) { + LDAP_FREE( lo->ldo_tls_dhfile ); + lo->ldo_tls_dhfile = NULL; + } ++ if ( lo->ldo_tls_ecname ) { ++ LDAP_FREE( lo->ldo_tls_ecname ); ++ lo->ldo_tls_ecname = NULL; ++ } + if ( lo->ldo_tls_cacertfile ) { + LDAP_FREE( lo->ldo_tls_cacertfile ); + lo->ldo_tls_cacertfile = NULL; + } +@@ -231,8 +235,12 @@ + if ( lts.lt_dhfile ) { + lts.lt_dhfile = LDAP_STRDUP( lts.lt_dhfile ); + __atoe( lts.lt_dhfile ); + } ++ if ( lts.lt_ecname ) { ++ lts.lt_ecname = LDAP_STRDUP( lts.lt_ecname ); ++ __atoe( lts.lt_ecname ); ++ } + #endif + lo->ldo_tls_ctx = ti->ti_ctx_new( lo ); + if ( lo->ldo_tls_ctx == NULL ) { + Debug( LDAP_DEBUG_ANY, +@@ -256,8 +264,9 @@ + LDAP_FREE( lts.lt_keyfile ); + LDAP_FREE( lts.lt_crlfile ); + LDAP_FREE( lts.lt_cacertdir ); + LDAP_FREE( lts.lt_dhfile ); ++ LDAP_FREE( lts.lt_ecname ); + #endif + return rc; + } + +@@ -633,8 +642,12 @@ + case LDAP_OPT_X_TLS_DHFILE: + *(char **)arg = lo->ldo_tls_dhfile ? + LDAP_STRDUP( lo->ldo_tls_dhfile ) : NULL; + break; ++ case LDAP_OPT_X_TLS_ECNAME: ++ *(char **)arg = lo->ldo_tls_ecname ? ++ LDAP_STRDUP( lo->ldo_tls_ecname ) : NULL; ++ break; + case LDAP_OPT_X_TLS_CRLFILE: /* GnuTLS only */ + *(char **)arg = lo->ldo_tls_crlfile ? + LDAP_STRDUP( lo->ldo_tls_crlfile ) : NULL; + break; +@@ -752,8 +765,12 @@ + case LDAP_OPT_X_TLS_DHFILE: + if ( lo->ldo_tls_dhfile ) LDAP_FREE( lo->ldo_tls_dhfile ); + lo->ldo_tls_dhfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL; + return 0; ++ case LDAP_OPT_X_TLS_ECNAME: ++ if ( lo->ldo_tls_ecname ) LDAP_FREE( lo->ldo_tls_ecname ); ++ lo->ldo_tls_ecname = arg ? LDAP_STRDUP( (char *) arg ) : NULL; ++ return 0; + case LDAP_OPT_X_TLS_CRLFILE: /* GnuTLS only */ + if ( lo->ldo_tls_crlfile ) LDAP_FREE( lo->ldo_tls_crlfile ); + lo->ldo_tls_crlfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL; + return 0; +--- libraries/libldap/tls_o.c.orig ++++ libraries/libldap/tls_o.c +@@ -295,12 +295,11 @@ + tlso_report_error(); + return -1; + } + +- if ( lo->ldo_tls_dhfile ) { +- DH *dh = NULL; ++ if ( is_server && lo->ldo_tls_dhfile ) { ++ DH *dh; + BIO *bio; +- SSL_CTX_set_options( ctx, SSL_OP_SINGLE_DH_USE ); + + if (( bio=BIO_new_file( lt->lt_dhfile,"r" )) == NULL ) { + Debug( LDAP_DEBUG_ANY, + "TLS: could not use DH parameters file `%s'.\n", +@@ -317,8 +316,40 @@ + return -1; + } + BIO_free( bio ); + SSL_CTX_set_tmp_dh( ctx, dh ); ++ SSL_CTX_set_options( ctx, SSL_OP_SINGLE_DH_USE ); ++ DH_free( dh ); ++ } ++ ++ if ( is_server && lo->ldo_tls_ecname ) { ++#ifdef OPENSSL_NO_EC ++ Debug( LDAP_DEBUG_ANY, ++ "TLS: Elliptic Curves not supported.\n", 0,0,0 ); ++ return -1; ++#else ++ EC_KEY *ecdh; ++ ++ int nid = OBJ_sn2nid( lt->lt_ecname ); ++ if ( nid == NID_undef ) { ++ Debug( LDAP_DEBUG_ANY, ++ "TLS: could not use EC name `%s'.\n", ++ lo->ldo_tls_ecname,0,0); ++ tlso_report_error(); ++ return -1; ++ } ++ ecdh = EC_KEY_new_by_curve_name( nid ); ++ if ( ecdh == NULL ) { ++ Debug( LDAP_DEBUG_ANY, ++ "TLS: could not generate key for EC name `%s'.\n", ++ lo->ldo_tls_ecname,0,0); ++ tlso_report_error(); ++ return -1; ++ } ++ SSL_CTX_set_tmp_ecdh( ctx, ecdh ); ++ SSL_CTX_set_options( ctx, SSL_OP_SINGLE_ECDH_USE ); ++ EC_KEY_free( ecdh ); ++#endif + } + + if ( tlso_opt_trace ) { + SSL_CTX_set_info_callback( ctx, tlso_info_cb ); +--- servers/slapd/bconfig.c.orig ++++ servers/slapd/bconfig.c +@@ -193,8 +193,9 @@ + CFG_SYNTAX, + CFG_ACL_ADD, + CFG_SYNC_SUBENTRY, + CFG_LTHREADS, ++ CFG_TLS_ECNAME, + + CFG_LAST + }; + +@@ -737,8 +738,16 @@ + ARG_IGNORED, NULL, + #endif + "( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' " + "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, ++ { "TLSECName", NULL, 2, 2, 0, ++#ifdef HAVE_TLS ++ CFG_TLS_ECNAME|ARG_STRING|ARG_MAGIC, &config_tls_option, ++#else ++ ARG_IGNORED, NULL, ++#endif ++ "( OLcfgGlAt:96 NAME 'olcTLSECName' " ++ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL }, + { "TLSProtocolMin", NULL, 2, 2, 0, + #ifdef HAVE_TLS + CFG_TLS_PROTOCOL_MIN|ARG_STRING|ARG_MAGIC, &config_tls_config, + #else +@@ -818,9 +827,9 @@ + "olcTCPBuffer $ " + "olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ " + "olcTLSCACertificatePath $ olcTLSCertificateFile $ " + "olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ " +- "olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ " ++ "olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSECName $ " + "olcTLSCRLFile $ olcTLSProtocolMin $ olcToolThreads $ olcWriteTimeout $ " + "olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ " + "olcDitContentRules $ olcLdapSyntaxes ) )", Cft_Global }, + { "( OLcfgGlOc:2 " +@@ -3823,8 +3832,9 @@ + case CFG_TLS_CERT_KEY: flag = LDAP_OPT_X_TLS_KEYFILE; break; + case CFG_TLS_CA_PATH: flag = LDAP_OPT_X_TLS_CACERTDIR; break; + case CFG_TLS_CA_FILE: flag = LDAP_OPT_X_TLS_CACERTFILE; break; + case CFG_TLS_DH_FILE: flag = LDAP_OPT_X_TLS_DHFILE; break; ++ case CFG_TLS_ECNAME: flag = LDAP_OPT_X_TLS_ECNAME; break; + #ifdef HAVE_GNUTLS + case CFG_TLS_CRL_FILE: flag = LDAP_OPT_X_TLS_CRLFILE; break; + #endif + default: Debug(LDAP_DEBUG_ANY, "%s: " -- cgit v1.2.3