hostapd: Add openssl_ecdh_curves configuration parameter

This makes it possible to use ECDSA certificates with EAP-TLS/TTLS/etc.
It should be noted that when using Suite B, different mechanism is used
to specify the allowed ECDH curves and this new parameter must not be
used in such cases.

Signed-off-by: Hristo Venev <hristo@venev.name>

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 306afcee45ca35ce584fc784de9f34e845d5cdfb..b0d92ba38f6e689a6f739c26a0adfb1ceeebcbd2 100644 (file)
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2505,6 +2505,9 @@ static int hostapd_config_fill(struct hostapd_config *conf,
        } else if (os_strcmp(buf, "openssl_ciphers") == 0) {
                os_free(bss->openssl_ciphers);
                bss->openssl_ciphers = os_strdup(pos);
+       } else if (os_strcmp(buf, "openssl_ecdh_curves") == 0) {
+               os_free(bss->openssl_ecdh_curves);
+               bss->openssl_ecdh_curves = os_strdup(pos);
        } else if (os_strcmp(buf, "fragment_size") == 0) {
                bss->fragment_size = atoi(pos);
 #ifdef EAP_SERVER_FAST

diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 5635a522b07fc383a3b1cec7acb04c04e905041a..0cfba4562558139b2d8834c3bc6c2d0fd2954d31 100644 (file)
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -543,6 +543,7 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf)
        os_free(conf->ocsp_stapling_response_multi);
        os_free(conf->dh_file);
        os_free(conf->openssl_ciphers);
+       os_free(conf->openssl_ecdh_curves);
        os_free(conf->pac_opaque_encr_key);
        os_free(conf->eap_fast_a_id);
        os_free(conf->eap_fast_a_id_info);

diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index 5371d0e0d7d394b6d0e1f1cafb2822684bd739b3..fbcfe8dee027b494c37e961eca24e00957295441 100644 (file)
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -395,6 +395,7 @@ struct hostapd_bss_config {
        char *ocsp_stapling_response_multi;
        char *dh_file;
        char *openssl_ciphers;
+       char *openssl_ecdh_curves;
        u8 *pac_opaque_encr_key;
        u8 *eap_fast_a_id;
        size_t eap_fast_a_id_len;

diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c
index 3702eb17ecf4b998f62e3cfd7c2e8ac817051da6..b887608e7d20f57986a2399efc6d6c8867316162 100644 (file)
--- a/src/ap/authsrv.c
+++ b/src/ap/authsrv.c
@@ -218,6 +218,7 @@ int authsrv_init(struct hostapd_data *hapd)
                params.private_key_passwd = hapd->conf->private_key_passwd;
                params.dh_file = hapd->conf->dh_file;
                params.openssl_ciphers = hapd->conf->openssl_ciphers;
+               params.openssl_ecdh_curves = hapd->conf->openssl_ecdh_curves;
                params.ocsp_stapling_response =
                        hapd->conf->ocsp_stapling_response;
                params.ocsp_stapling_response_multi =