[openssl] OpenSSL_1_1_1-stable update

Matt Caswell matt at openssl.org
Fri Oct 16 14:15:13 UTC 2020


The branch OpenSSL_1_1_1-stable has been updated
       via  ed7cdb954e96d463add20f584f5e7ce99560af27 (commit)
       via  7844f3c784bfc93c9b94ae5a4082f9d01e82e0af (commit)
      from  7a23c23e4515d253d23b5c8258300873eca179c8 (commit)


- Log -----------------------------------------------------------------
commit ed7cdb954e96d463add20f584f5e7ce99560af27
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Oct 15 11:40:18 2020 +0100

    Add a CHANGES entry for the SSL_SECOP_TMP_DH change
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/13136)

commit 7844f3c784bfc93c9b94ae5a4082f9d01e82e0af
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Oct 14 15:13:28 2020 +0100

    Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security callback
    
    The security operation SSL_SECOP_TMP_DH is defined to take an EVP_PKEY
    in the "other" parameter:
    
     /* Temporary DH key */
     # define SSL_SECOP_TMP_DH                (7 | SSL_SECOP_OTHER_PKEY)
    
    In most places this is what is passed. All these places occur server side.
    However there is one client side call of this security operation and it
    passes a DH object instead. This is incorrect according to the
    definition of SSL_SECOP_TMP_DH, and is inconsistent with all of the other
    locations.
    
    Our own default security callback, and the debug callback in the apps,
    never look at this value and therefore this issue was never noticed
    previously. In theory a client side application could be relying on this
    behaviour and could be broken by this change. This is probably fairly
    unlikely but can't be ruled out.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/13136)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES                  | 10 +++++++++-
 ssl/statem/statem_clnt.c | 13 +++++++------
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/CHANGES b/CHANGES
index fcb824c02d..401ae7a339 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,7 +9,15 @@
 
  Changes between 1.1.1h and 1.1.1i [xx XXX xxxx]
 
-  *)
+  *) The security callback, which can be customised by application code, supports
+     the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY
+     in the "other" parameter. In most places this is what is passed. All these
+     places occur server side. However there was one client side call of this
+     security operation and it passed a DH object instead. This is incorrect
+     according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all
+     of the other locations. Therefore this client side call has been changed to
+     pass an EVP_PKEY instead.
+     [Matt Caswell]
 
  Changes between 1.1.1g and 1.1.1h [22 Sep 2020]
 
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 64e392cfbf..3bf8aacfc0 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2145,18 +2145,19 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
     }
     bnpub_key = NULL;
 
-    if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
-        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
-                 SSL_R_DH_KEY_TOO_SMALL);
-        goto err;
-    }
-
     if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
                  ERR_R_EVP_LIB);
         goto err;
     }
 
+    if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp),
+                      0, peer_tmp)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
+                 SSL_R_DH_KEY_TOO_SMALL);
+        goto err;
+    }
+
     s->s3->peer_tmp = peer_tmp;
 
     /*


More information about the openssl-commits mailing list