[openssl] master update

tmraz at fedoraproject.org tmraz at fedoraproject.org
Tue Jun 9 10:16:41 UTC 2020


The branch master has been updated
       via  7646610b6a2c53ae50ed453c88291c23630e7850 (commit)
      from  78215852066d214ded6695a27c997eb0d651c31f (commit)


- Log -----------------------------------------------------------------
commit 7646610b6a2c53ae50ed453c88291c23630e7850
Author: Hubert Kario <hkario at redhat.com>
Date:   Fri Jun 5 20:21:55 2020 +0200

    use safe primes in ssl_get_auto_dh()
    
    DH_get_1024_160() and DH_get_2048_224() return parameters from
    RFC5114. Those parameters include primes with known small subgroups,
    making them unsafe. Change the code to use parameters from
    RFC 2409 and RFC 3526 instead (group 2 and 14 respectively).
    
    This patch also adds automatic selection of 4096 bit params for 4096 bit
    RSA keys
    
    Signed-off-by: Hubert Kario <hkario at redhat.com>
    
    Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12061)

-----------------------------------------------------------------------

Summary of changes:
 ssl/t1_lib.c | 74 +++++++++++++++++++++++++++++++-----------------------------
 1 file changed, 38 insertions(+), 36 deletions(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 68bd5f2611..89450943d1 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2646,46 +2646,48 @@ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
 #ifndef OPENSSL_NO_DH
 DH *ssl_get_auto_dh(SSL *s)
 {
+    DH *dhp;
+    BIGNUM *p, *g;
     int dh_secbits = 80;
-    if (s->cert->dh_tmp_auto == 2)
-        return DH_get_1024_160();
-    if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
-        if (s->s3.tmp.new_cipher->strength_bits == 256)
-            dh_secbits = 128;
-        else
-            dh_secbits = 80;
-    } else {
-        if (s->s3.tmp.cert == NULL)
-            return NULL;
-        dh_secbits = EVP_PKEY_security_bits(s->s3.tmp.cert->privatekey);
+    if (s->cert->dh_tmp_auto != 2) {
+        if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
+            if (s->s3.tmp.new_cipher->strength_bits == 256)
+                dh_secbits = 128;
+            else
+                dh_secbits = 80;
+        } else {
+            if (s->s3.tmp.cert == NULL)
+                return NULL;
+            dh_secbits = EVP_PKEY_security_bits(s->s3.tmp.cert->privatekey);
+        }
     }
 
-    if (dh_secbits >= 128) {
-        DH *dhp = DH_new();
-        BIGNUM *p, *g;
-        if (dhp == NULL)
-            return NULL;
-        g = BN_new();
-        if (g == NULL || !BN_set_word(g, 2)) {
-            DH_free(dhp);
-            BN_free(g);
-            return NULL;
-        }
-        if (dh_secbits >= 192)
-            p = BN_get_rfc3526_prime_8192(NULL);
-        else
-            p = BN_get_rfc3526_prime_3072(NULL);
-        if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
-            DH_free(dhp);
-            BN_free(p);
-            BN_free(g);
-            return NULL;
-        }
-        return dhp;
+    dhp = DH_new();
+    if (dhp == NULL)
+        return NULL;
+    g = BN_new();
+    if (g == NULL || !BN_set_word(g, 2)) {
+        DH_free(dhp);
+        BN_free(g);
+        return NULL;
+    }
+    if (dh_secbits >= 192)
+        p = BN_get_rfc3526_prime_8192(NULL);
+    else if (dh_secbits >= 152)
+        p = BN_get_rfc3526_prime_4096(NULL);
+    else if (dh_secbits >= 128)
+        p = BN_get_rfc3526_prime_3072(NULL);
+    else if (dh_secbits >= 112)
+        p = BN_get_rfc3526_prime_2048(NULL);
+    else
+        p = BN_get_rfc2409_prime_1024(NULL);
+    if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
+        DH_free(dhp);
+        BN_free(p);
+        BN_free(g);
+        return NULL;
     }
-    if (dh_secbits >= 112)
-        return DH_get_2048_224();
-    return DH_get_1024_160();
+    return dhp;
 }
 #endif
 


More information about the openssl-commits mailing list