Add server support for DHE ciphers

Similar patch was provided by Vitezslav Cizek <vcizek@suse.com>

Heavily modified by Rob Crittenden <rcritten@redhat.com>

https://fedorahosted.org/mod_nss/ticket/15

6 files changed, 87 insertions, 2 deletions

diff --git a/configure.ac b/configure.ac
index ceb3f1d..17d1103 100644
--- a/configure.ac
+++ b/configure.ac
@@ -259,6 +259,15 @@ else
    echo "ENABLE_SHA384=0" >> test/variable.py
 fi
 
+CPPFLAGS="$CPPFLAGS $nspr_inc"
+AX_CHECK_DEFINE(nss3/ssl.h, SSL_ENABLE_SERVER_DHE, server_dhe=yes, server_dhe=no)
+if test "$server_dhe" = yes; then
+   extra_cppflags="$extra_cppflags -DENABLE_SERVER_DHE"
+   echo "ENABLE_SERVER_DHE=1" >> test/variable.py
+else
+   echo "ENABLE_SERVER_DHE=0" >> test/variable.py
+fi
+
 # Substitute values 
 AC_SUBST(APXS)
 AC_SUBST(apr_inc)
diff --git a/docs/mod_nss.html b/docs/mod_nss.html
index 37588e8..c84f938 100644
--- a/docs/mod_nss.html
+++ b/docs/mod_nss.html
@@ -522,7 +522,7 @@ If it contains neither then mod_nss first tries to apply OpenSSL ciphers then NS
 <br>
 All ciphers are disabled by default. <br>
 <br>
-Available ciphers are:<br>
+Available RSA ciphers are:<br>
 <br>
 <table style="width: 70%; text-align: left;" cellpadding="2" cellspacing="2" border="1">
   <tbody>
@@ -675,6 +675,43 @@ Available ciphers are:<br>
 
   </tbody>
 </table>
+<br>The available server-side DHE ciphers are:<br>
+<br>
+<table style="width: 70%; text-align: left;" border="1" cellpadding="2" cellspacing="2">
+<tbody><tr><td style="vertical-align: top; font-weight: bold;">Cipher Name<br>
+      </td><td style="vertical-align: top; font-weight: bold;">NSS Cipher definition<br>
+      </td><td style="vertical-align: top; font-weight: bold;">Protocol<br>
+      </td></tr><tr><td style="vertical-align: top;">dhe_rsa_des_sha<br>
+      </td><td style="vertical-align: top;">TLS_DHE_RSA_WITH_DES_CBC_SHA<br>
+</td><td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2<br>
+      </td></tr><tr><td style="vertical-align: top;">dhe_rsa_3des_sha<br>
+      </td><td style="vertical-align: top;">TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA<br>
+      </td><td style="vertical-align: top;">TLSv1.0/TLSv1.1/TLSv1.2</td></tr><tr><td style="vertical-align: top;">dhe_rsa_aes_128_sha<br>
+      </td><td style="vertical-align: top;">TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA<br>
+      </td><td style="vertical-align: top;">TLSv1.0/TLSv1.1/TLSv1.2</td></tr><tr><td style="vertical-align: top;">dhe_rsa_aes_256_sha<br>
+      </td><td style="vertical-align: top;">TLS_DHE_RSA_WITH_AES_256_CBC_SHA<br>
+      </td><td style="vertical-align: top;">TLSv1.0/TLSv1.1/TLSv1.2</td></tr><tr><td style="vertical-align: top;">dhe_rsa_camellia_128_sha<br>
+</td><td style="vertical-align: top;">TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA<br>
+      </td><td style="vertical-align: top;">TLSv1.0/TLSv1.1/TLSv1.2</td></tr><tr><td style="vertical-align: top;">dhe_rsa_camellia_256_sha<br>
+</td><td style="vertical-align: top;">TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA<br>
+      </td><td style="vertical-align: top;">TLSv1.0/TLSv1.1/TLSv1.2</td></tr><tr><td style="vertical-align: top;">dhe_rsa_aes_128_sha256<br>
+</td><td style="vertical-align: top;">TLS_DHE_RSA_WITH_AES_128_CBC_SHA256<br>
+      </td><td style="vertical-align: top;">TLSv1.2</td></tr><tr>
+    <td valign="top">dhe_rsa_aes_256_sha256<br>
+    </td>
+    <td valign="top">TLS_DHE_RSA_WITH_AES_256_CBC_SHA256<br>
+    </td>
+    <td valign="top">TLSv1.2</td>
+  </tr>
+  <tr>
+    <td valign="top">dhe_rsa_aes_128_gcm_sha_256<br>
+    </td>
+    <td valign="top">TLS_DHE_RSA_WITH_AES_128_GCM_SHA256<br>
+    </td>
+    <td valign="top">TLSv1.2</td>
+  </tr>
+</tbody>
+</table>
 <br>
 Additionally there are a number of ECC ciphers:<br>
 <br>
@@ -979,6 +1016,7 @@ The default is off.<br>
 <span style="font-weight: bold;">Example</span><br>
 <br>
 <big><big>NSSSessionTickets on<br>
+</big></big>
 <br>
 <big><big>NSSUserName<br>
 </big></big><br>
diff --git a/mod_nss.h b/mod_nss.h
index 06710e4..ac56ddb 100644
--- a/mod_nss.h
+++ b/mod_nss.h
@@ -419,6 +419,9 @@ const char *nss_cmd_NSSPassPhraseDialog(cmd_parms *cmd, void *dcfg, const char *
 const char *nss_cmd_NSSPassPhraseHelper(cmd_parms *cmd, void *dcfg, const char *arg);
 const char *nss_cmd_NSSRandomSeed(cmd_parms *, void *, const char *, const char *, const char *);
 const char *nss_cmd_NSSSessionTickets(cmd_parms *cmd, void *dcfg, int flag);
+#ifdef ENABLE_SERVER_DHE
+const char *nss_cmd_NSSServerDHE(cmd_parms *cmd, void *dcfg, int flag);
+#endif
 const char *nss_cmd_NSSUserName(cmd_parms *cmd, void *dcfg, const char *arg);
 const char *nss_cmd_NSSOptions(cmd_parms *, void *, const char *);
 const char *nss_cmd_NSSRequireSSL(cmd_parms *cmd, void *dcfg);
diff --git a/nss_engine_cipher.c b/nss_engine_cipher.c
index b0b51e4..ffa537e 100644
--- a/nss_engine_cipher.c
+++ b/nss_engine_cipher.c
@@ -32,6 +32,9 @@ cipher_properties ciphers_def[] =
     /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA not implemented 0x0008 */
     {"rsa_des_sha", TLS_RSA_WITH_DES_CBC_SHA, "DES-CBC-SHA", SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1, SSLV3, SSL_LOW, 56, 56},
     {"rsa_3des_sha", TLS_RSA_WITH_3DES_EDE_CBC_SHA, "DES-CBC3-SHA", SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_SHA1, SSLV3, SSL_HIGH, 168, 168},
+#ifdef ENABLE_SERVER_DHE
+    {"dhe_rsa_des_sha", TLS_DHE_RSA_WITH_DES_CBC_SHA, "EDH-RSA-DES-CBC-SHA", SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1, SSLV3, SSL_LOW, 56, 56},
+#endif
     {"rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA, "AES128-SHA", SSL_kRSA|SSL_aRSA|SSL_AES128|SSL_SHA1, TLSV1, SSL_HIGH, 128, 128},
     {"rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA, "AES256-SHA", SSL_kRSA|SSL_aRSA|SSL_AES256|SSL_SHA1, TLSV1, SSL_HIGH, 256, 256},
     {"null_sha_256", TLS_RSA_WITH_NULL_SHA256, "NULL-SHA256", SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_SHA256, TLSV1_2, SSL_STRONG_NONE, 0, 0},
@@ -49,6 +52,21 @@ cipher_properties ciphers_def[] =
 #endif
     {"fips_3des_sha", SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, "FIPS-DES-CBC3-SHA", SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_SHA1, SSLV3, SSL_HIGH, 112, 168},
     {"fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA, "FIPS-DES-CBC-SHA", SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1, SSLV3, SSL_LOW, 56, 56},
+#ifdef ENABLE_SERVER_DHE
+    {"dhe_rsa_3des_sha", TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "EDH-RSA-DES-CBC3-SHA", SSL_kEDH|SSL_aRSA|SSL_3DES|SSL_SHA1, TLSV1, SSL_HIGH, 112, 168},
+    {"dhe_rsa_aes_128_sha", TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "DHE-RSA-AES128-SHA", SSL_kEDH|SSL_aRSA|SSL_AES128|SSL_SHA1, TLSV1, SSL_HIGH, 128, 128},
+    {"dhe_rsa_aes_256_sha", TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "DHE-RSA-AES256-SHA", SSL_kEDH|SSL_aRSA|SSL_AES256|SSL_SHA1, TLSV1, SSL_HIGH, 256, 256},
+    {"dhe_rsa_camellia_128_sha", TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "DHE-RSA-CAMELLIA128-SHA", SSL_kEDH|SSL_aRSA|SSL_CAMELLIA128|SSL_SHA1, TLSV1, SSL_HIGH, 128, 128},
+    {"dhe_rsa_camellia_256_sha", TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "DHE-RSA-CAMELLIA256-SHA", SSL_kEDH|SSL_aRSA|SSL_CAMELLIA256|SSL_SHA1, TLSV1, SSL_HIGH, 256, 256},
+    {"dhe_rsa_aes_128_sha256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "DHE-RSA-AES128-SHA256", SSL_kEDH|SSL_aRSA|SSL_AES128|SSL_SHA256, TLSV1_2, SSL_HIGH, 128, 128},
+    {"dhe_rsa_aes_256_sha256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "DHE-RSA-AES256-SHA256", SSL_kEDH|SSL_aRSA|SSL_AES256|SSL_SHA256, TLSV1_2, SSL_HIGH, 256, 256},
+#ifdef ENABLE_GCM
+    {"dhe_rsa_aes_128_gcm_sha_256", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "DHE-RSA-AES128-GCM-SHA256", SSL_kEDH|SSL_aRSA|SSL_AES128GCM|SSL_AEAD, TLSV1_2, SSL_HIGH, 128, 128},
+#endif
+#ifdef ENABLE_SHA384
+    {"dhe_rsa_aes_256_gcm_sha_384", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "DHE-RSA-AES256-GCM-SHA384", SSL_kEDH|SSL_aRSA|SSL_AES256GCM|SSL_AEAD, TLSV1_2, SSL_HIGH, 256, 256},
+#endif
+#endif /* ENABLE_SERVER_DHE */
 #ifdef NSS_ENABLE_ECC
     {"ecdh_ecdsa_null_sha", TLS_ECDH_ECDSA_WITH_NULL_SHA, "ECDH-ECDSA-NULL-SHA", SSL_kECDHe|SSL_aECDH|SSL_eNULL|SSL_SHA1, TLSV1, SSL_STRONG_NONE, 0, 0},
     {"ecdh_ecdsa_rc4_128_sha", TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "ECDH-ECDSA-RC4-SHA", SSL_kECDHe|SSL_aECDH|SSL_RC4|SSL_SHA1, TLSV1, SSL_MEDIUM, 128, 128},
@@ -289,7 +307,7 @@ static int parse_openssl_ciphers(server_rec *s, char *ciphers, PRBool cipher_lis
                 } else if (!strcmp(cipher, "aRSA")) {
                     mask |= SSL_aRSA;
                 } else if (!strcmp(cipher, "EDH")) {
-                    mask |= SSL_EDH;
+                    mask |= SSL_kEDH;
 #if 0
                 } else if (!strcmp(cipher, "ADH")) {
                     mask |= SSL_ADH;
diff --git a/nss_engine_cipher.h b/nss_engine_cipher.h
index 80aac0e..f76099f 100644
--- a/nss_engine_cipher.h
+++ b/nss_engine_cipher.h
@@ -53,6 +53,8 @@ typedef struct
 #define SSL_ECDH	(SSL_kECDHe|SSL_kECDHr|SSL_kEECDH)
 #define SSL_EECDH	(SSL_kEECDH)
 #define SSL_ADH		(SSL_kEDH)
+#define SSL_kDHE	0x00040000L
+#define SSL_DHE		(SSL_kDHE)
 
 /* cipher strength */
 #define SSL_STRONG_NONE   0x00000001L
diff --git a/nss_engine_init.c b/nss_engine_init.c
index 4460f53..44b5b88 100644
--- a/nss_engine_init.c
+++ b/nss_engine_init.c
@@ -829,6 +829,17 @@ static void nss_init_ctx_protocol(server_rec *s,
         nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
         nss_die();
     }
+#ifdef ENABLE_SERVER_DHE
+    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+        "Enabling DHE key exchange");
+    if (SSL_OptionSet(mctx->model, SSL_ENABLE_SERVER_DHE,
+        PR_TRUE) != SECSuccess) {
+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+                "Unable to enable DHE key exchange");
+        nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+        nss_die();
+    }
+#endif
 }
 
 static void nss_init_ctx_session_cache(server_rec *s,
@@ -1043,6 +1054,10 @@ static void nss_init_ctx_cipher_suite(server_rec *s,
 
     /* Finally actually enable the selected ciphers */
     for (i=0; i<ciphernum;i++) {
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+            "%sable cipher: %s",
+            cipher_state[i] == 1 ? "En" : "Dis",
+            ciphers_def[i].name);
         SSL_CipherPrefSet(mctx->model, ciphers_def[i].num, cipher_state[i] == 1 ? PR_TRUE : PR_FALSE);
     }
 }