From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 21 Oct 2015 19:36:55 +0000 (-0400)
Subject: Allow selective disabling of single dh use
X-Git-Tag: release_3_0_11~231
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7fa5fd731e8b18b0a8d750ca39a1b9addf3dc4ef;p=thirdparty%2Ffreeradius-server.git

Allow selective disabling of single dh use

Which should be on by default, but can be disabled for high-load
situations where the DH parameters are sufficiently secure
---

diff --git a/src/include/tls-h b/src/include/tls-h
index 18cf9825d5f..e870a4afe74 100644
--- a/src/include/tls-h
+++ b/src/include/tls-h
@@ -349,6 +349,7 @@ struct fr_tls_server_conf_t {
 	bool		file_type;
 	bool		include_length;
 	bool		auto_chain;
+	bool		disable_single_dh_use;
 	bool		disable_tlsv1;
 	bool		disable_tlsv1_1;
 	bool		disable_tlsv1_2;
diff --git a/src/main/tls.c b/src/main/tls.c
index 8f540af3865..95d141bf54a 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -1036,6 +1036,7 @@ static CONF_PARSER tls_server_config[] = {
 	{ "fragment_size", FR_CONF_OFFSET(PW_TYPE_INTEGER, fr_tls_server_conf_t, fragment_size), "1024" },
 	{ "include_length", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, include_length), "yes" },
 	{ "auto_chain", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, auto_chain), "yes" },
+	{ "disable_single_dh_use", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, disable_single_dh_use), NULL },
 	{ "check_crl", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, check_crl), "no" },
 #ifdef X509_V_FLAG_CRL_CHECK_ALL
 	{ "check_all_crl", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, check_all_crl), "no" },
@@ -2185,7 +2186,7 @@ static X509_STORE *init_revocation_store(fr_tls_server_conf_t *conf)
 
 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
 #ifndef OPENSSL_NO_ECDH
-static int set_ecdh_curve(SSL_CTX *ctx, char const *ecdh_curve)
+static int set_ecdh_curve(SSL_CTX *ctx, char const *ecdh_curve, bool disable_single_dh_use)
 {
 	int      nid;
 	EC_KEY  *ecdh;
@@ -2206,7 +2207,9 @@ static int set_ecdh_curve(SSL_CTX *ctx, char const *ecdh_curve)
 
 	SSL_CTX_set_tmp_ecdh(ctx, ecdh);
 
-	SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
+	if (!disable_single_dh_use) {
+		SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
+	}
 
 	EC_KEY_free(ecdh);
 
@@ -2587,16 +2590,16 @@ post_ca:
 	ctx_options |= SSL_OP_NO_TICKET;
 #endif
 
-	/*
-	 *	SSL_OP_SINGLE_DH_USE must be used in order to prevent
-	 *	small subgroup attacks and forward secrecy. Always
-	 *	using
-	 *
-	 *	SSL_OP_SINGLE_DH_USE has an impact on the computer
-	 *	time needed during negotiation, but it is not very
-	 *	large.
-	 */
-	ctx_options |= SSL_OP_SINGLE_DH_USE;
+	if (!conf->disable_single_dh_use) {
+		/*
+		 *	SSL_OP_SINGLE_DH_USE must be used in order to prevent
+		 *	small subgroup attacks and forward secrecy. Always
+		 *	using SSL_OP_SINGLE_DH_USE has an impact on the
+		 *	computer time needed during negotiation, but it is not
+		 *	very large.
+		 */
+		ctx_options |= SSL_OP_SINGLE_DH_USE;
+	}
 
 	/*
 	 *	SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS to work around issues
@@ -2627,7 +2630,7 @@ post_ca:
 	 */
 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
 #ifndef OPENSSL_NO_ECDH
-	if (set_ecdh_curve(ctx, conf->ecdh_curve) < 0) {
+	if (set_ecdh_curve(ctx, conf->ecdh_curve, conf->disable_single_dh_use) < 0) {
 		return NULL;
 	}
 #endif