[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Wed Dec 30 13:35:30 UTC 2015 

The branch master has been updated
       via  72245f340c41c7d04b7a2b7a99aec9897e22d9cb (commit)
      from  923ffa97d1278a155d2ec7783c997fb7e2c5e28b (commit)


- Log -----------------------------------------------------------------
commit 72245f340c41c7d04b7a2b7a99aec9897e22d9cb
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Wed Dec 30 13:34:53 2015 +0000

    Check for missing DSA parameters.
    
    If DSA parameters are absent return -1 (for unknown) in DSA_security_bits.
    
    If parameters are absent when a certificate is set in an SSL/SSL_CTX
    structure this will reject the certificate by default. This will cause DSA
    certificates which omit parameters to be rejected but that is never (?)
    done in practice.
    
    Thanks to Brian 'geeknik' Carpenter for reporting this issue.
    
    Reviewed-by: Emilia Käsper <emilia at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/dsa/dsa_lib.c |  4 +++-
 ssl/t1_lib.c         | 11 ++++++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 4b02d77..722602c 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -246,7 +246,9 @@ void *DSA_get_ex_data(DSA *d, int idx)
 
 int DSA_security_bits(const DSA *d)
 {
-    return BN_security_bits(BN_num_bits(d->p), BN_num_bits(d->q));
+    if (d->p && d->q)
+        return BN_security_bits(BN_num_bits(d->p), BN_num_bits(d->q));
+    return -1;
 }
 
 #ifndef OPENSSL_NO_DH
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 73ad604..421a5a6 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -4253,13 +4253,18 @@ DH *ssl_get_auto_dh(SSL *s)
 
 static int ssl_security_cert_key(SSL *s, SSL_CTX *ctx, X509 *x, int op)
 {
-    int secbits;
+    int secbits = -1;
     EVP_PKEY *pkey = X509_get_pubkey(x);
     if (pkey) {
+        /*
+         * If no parameters this will return -1 and fail using the default
+         * security callback for any non-zero security level. This will
+         * reject keys which omit parameters but this only affects DSA and
+         * omission of parameters is never (?) done in practice.
+         */
         secbits = EVP_PKEY_security_bits(pkey);
         EVP_PKEY_free(pkey);
-    } else
-        secbits = -1;
+    }
     if (s)
         return ssl_security(s, op, secbits, 0, x);
     else

More information about the openssl-commits mailing list