[openssl] OpenSSL_1_1_1-stable update
Dr. Paul Dale
pauli at openssl.org
Thu Jul 8 11:55:41 UTC 2021
The branch OpenSSL_1_1_1-stable has been updated
via d1a8201e88f0a5d46731010bb442f0f207c74fe9 (commit)
via 987f66d1d7b1ef3576101a56b78f52d3f0e77c07 (commit)
from ce50fd96dc542fe22a42265019e556272fd060ba (commit)
- Log -----------------------------------------------------------------
commit d1a8201e88f0a5d46731010bb442f0f207c74fe9
Author: Pauli <pauli at openssl.org>
Date: Sat Jun 19 16:17:38 2021 +1000
test: add test for auto DH security level meets the minimum
Manual merge from https://github.com/openssl/openssl/pull/15818
Commit id d0e5230dcecc6013d351545ceb275aa2ba5baa80
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15832)
commit 987f66d1d7b1ef3576101a56b78f52d3f0e77c07
Author: Pauli <pauli at openssl.org>
Date: Sat Jun 19 16:16:36 2021 +1000
ssl: do not choose auto DH groups that are weaker than the security level
manual merge from https://github.com/openssl/openssl/pull/15818
id d7b5c648d682b499b71320a03747602a6ba4dec3
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15832)
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_cert.c | 33 ++++++++++++++++++++++++---------
ssl/ssl_local.h | 1 +
ssl/t1_lib.c | 9 ++++++++-
test/recipes/80-test_ssl_old.t | 12 ++++++++++--
4 files changed, 43 insertions(+), 12 deletions(-)
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 5d3e83f328..c102473864 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -876,18 +876,36 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
return 1;
}
+int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp)
+{
+ int level;
+ static const int minbits_table[5 + 1] = { 0, 80, 112, 128, 192, 256 };
+
+ if (ctx != NULL)
+ level = SSL_CTX_get_security_level(ctx);
+ else
+ level = SSL_get_security_level(s);
+
+ if (level > 5)
+ level = 5;
+ else if (level < 0)
+ level = 0;
+
+ if (levelp != NULL)
+ *levelp = level;
+
+ return minbits_table[level];
+}
+
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
int op, int bits, int nid, void *other,
void *ex)
{
int level, minbits;
- static const int minbits_table[5] = { 80, 112, 128, 192, 256 };
- if (ctx)
- level = SSL_CTX_get_security_level(ctx);
- else
- level = SSL_get_security_level(s);
- if (level <= 0) {
+ minbits = ssl_get_security_level_bits(s, ctx, &level);
+
+ if (level == 0) {
/*
* No EDH keys weaker than 1024-bits even at level 0, otherwise,
* anything goes.
@@ -896,9 +914,6 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
return 0;
return 1;
}
- if (level > 5)
- level = 5;
- minbits = minbits_table[level - 1];
switch (op) {
case SSL_SECOP_CIPHER_SUPPORTED:
case SSL_SECOP_CIPHER_SHARED:
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index a357d4d950..f92472117a 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -2305,6 +2305,7 @@ __owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain,
__owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other);
__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
void *other);
+int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp);
__owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx);
__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk,
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 48d46f8a48..93228ec183 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2441,7 +2441,8 @@ DH *ssl_get_auto_dh(SSL *s)
{
DH *dhp = NULL;
BIGNUM *p = NULL, *g = NULL;
- int dh_secbits = 80;
+ int dh_secbits = 80, sec_level_bits;
+
if (s->cert->dh_tmp_auto != 2) {
if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
if (s->s3->tmp.new_cipher->strength_bits == 256)
@@ -2464,6 +2465,12 @@ DH *ssl_get_auto_dh(SSL *s)
BN_free(g);
return NULL;
}
+
+ /* Do not pick a prime that is too weak for the current security level */
+ sec_level_bits = ssl_get_security_level_bits(s, NULL, NULL);
+ if (dh_secbits < sec_level_bits)
+ dh_secbits = sec_level_bits;
+
if (dh_secbits >= 192)
p = BN_get_rfc3526_prime_8192(NULL);
else if (dh_secbits >= 152)
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 377bf090ba..35cf0a7af8 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -476,10 +476,10 @@ sub testssl {
subtest 'RSA/(EC)DHE/PSK tests' => sub {
######################################################################
- plan tests => 5;
+ plan tests => 6;
SKIP: {
- skip "TLSv1.0 is not supported by this OpenSSL build", 5
+ skip "TLSv1.0 is not supported by this OpenSSL build", 6
if $no_tls1;
SKIP: {
@@ -514,6 +514,14 @@ sub testssl {
ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])),
'test tls1 with PSK via BIO pair');
}
+
+ SKIP: {
+ skip "skipping auto PSK tests", 1
+ if ($no_dh || $no_psk || $no_ec);
+
+ ok(run(test(['ssltest_old', '-psk', '0102030405', '-cipher', '@SECLEVEL=2:DHE-PSK-AES128-CCM'])),
+ 'test auto DH meets security strength');
+ }
}
};
More information about the openssl-commits
mailing list