diff --git a/CHANGELOG.md b/CHANGELOG.md index 93e0add0..1f0c25af 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ All notable changes to the ZSS package will be documented in this file. ## `2.18.0` - Change log level for setting default value of 'httpRequestHeapMaxBlocks' to DEBUG instead of INFO.(#719) +- Enhancement: Curve customization support from array 'zowe.network.server.tls.curves' in zowe.yaml, only curves mentioned in https://www.ibm.com/docs/en/zos/3.1.0?topic=programming-cipher-suite-definitions#csdcwh__tttcsd are supported currently (#721). ## `2.17.0` - Code to configure the SLH block size of the http server through 'httpRequestHeapMaxBlocks' in the yaml.(#701) diff --git a/c/zss.c b/c/zss.c index cb81a381..ca53a1e0 100644 --- a/c/zss.c +++ b/c/zss.c @@ -1171,6 +1171,7 @@ static char* generateCookieNameV2(ConfigManager *configmgr, int port) { #define ENV_AGENT_HTTPS_KEY(key) AGENT_HTTPS_PREFIX key TLS_IANA_CIPHER_MAP(ianaCipherMap) +TLS_IANA_CURVE_MAP(ianaCurveMap) static bool readAgentHttpsSettingsV2(ShortLivedHeap *slh, ConfigManager *configmgr, @@ -1226,6 +1227,42 @@ static bool readAgentHttpsSettingsV2(ShortLivedHeap *slh, } + Json *tlsConfig = NULL; + int tlsGetStatus = cfgGetAnyC(configmgr,ZSS_CFGNAME,&tlsConfig, 4,"zowe","network","server","tls"); + if (tlsGetStatus) { + zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_INFO, "TLS is NOT configured for this ZSS\n"); + } else { + JsonObject *tlsConfigObject = jsonAsObject(tlsConfig); + Json *curveJson = jsonObjectGetPropertyValue(tlsConfigObject, "curves"); + char *curves = NULL; + if(jsonIsArray(curveJson)) { + JsonArray *curveArray = jsonObjectGetArray(tlsConfigObject, "curves"); + int count = jsonArrayGetCount(curveArray); + int curveCharLength = 4; + curves = (char *)safeMalloc((sizeof(char) * curveCharLength * count)+1, "curve list"); + for (int i = 0; i < count; i++) { + char *ianaName = jsonArrayGetString(curveArray, i); + zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_DEBUG, "curve request=%s\n", ianaName); + CurveMap *curve = (CurveMap *)ianaCurveMap; + bool found = false; + while (curve->groupId != NULL) { + if (!strcmp(ianaName, curve->name)) { + strcat(curves, curve->groupId); + zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_DEBUG, "Curve match=%s\n", curve->groupId); + found = true; + break; + } + ++curve; + } + if (!found) { + zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_WARNING, ZSS_LOG_CURVE_INVALID_MSG, ianaName); + } + } + zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_DEBUG, "Curve array is %s\n", curves); + settings->curves = curves; + } + } + ECVT *ecvt = getECVT(); /* 2.3 (1020300) no tls 1.3 diff --git a/deps/zowe-common-c b/deps/zowe-common-c index 7c0d765a..8737e756 160000 --- a/deps/zowe-common-c +++ b/deps/zowe-common-c @@ -1 +1 @@ -Subproject commit 7c0d765ae25e12421839b15cb89736f2c04afbf9 +Subproject commit 8737e75639e38c5ea80b6eff1be8b0112a6f71eb diff --git a/h/zssLogging.h b/h/zssLogging.h index 0f954b56..3dc5b55a 100644 --- a/h/zssLogging.h +++ b/h/zssLogging.h @@ -303,6 +303,12 @@ bool isLogLevelValid(int level); #define ZSS_LOG_CIPHER_INVALID_MSG_TEXT "Requested cipher '%s' not available.\n" #define ZSS_LOG_CIPHER_INVALID_MSG ZSS_LOG_CIPHER_INVALID_MSG_ID" "ZSS_LOG_CIPHER_INVALID_MSG_TEXT +#ifndef ZSS_LOG_CURVE_INVALID_MSG_ID +#define ZSS_LOG_CURVE_INVALID_MSG_ID ZSS_LOG_MSG_PRFX"1067W" +#endif +#define ZSS_LOG_CURVE_INVALID_MSG_TEXT "Requested curve '%s' not supported.\n" +#define ZSS_LOG_CURVE_INVALID_MSG ZSS_LOG_CURVE_INVALID_MSG_ID" "ZSS_LOG_CURVE_INVALID_MSG_TEXT + /* registerProduct */