[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Sat Jun 19 05:50:40 UTC 2021
The branch master has been updated
via d0e5230dcecc6013d351545ceb275aa2ba5baa80 (commit)
via d7b5c648d682b499b71320a03747602a6ba4dec3 (commit)
from b9d022d78faee0648c3ace7f15ccec08f14feddb (commit)
- Log -----------------------------------------------------------------
commit d0e5230dcecc6013d351545ceb275aa2ba5baa80
Author: Pauli <pauli at openssl.org>
Date: Fri Jun 18 13:17:42 2021 +1000
test: add test for auto DH security level meets the minimum
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15818)
commit d7b5c648d682b499b71320a03747602a6ba4dec3
Author: Pauli <pauli at openssl.org>
Date: Fri Jun 18 12:54:24 2021 +1000
ssl: do not choose auto DH groups that are weaker than the security level
Fixes #15808
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15818)
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_cert.c | 33 ++++++++++++++++++++++++---------
ssl/ssl_local.h | 1 +
ssl/t1_lib.c | 7 ++++++-
test/recipes/80-test_ssl_old.t | 9 ++++++---
4 files changed, 37 insertions(+), 13 deletions(-)
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index f78cb99c18..4f3c2f8ee7 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -960,18 +960,36 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
return 1;
}
+int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp)
+{
+ int level;
+ static const int minbits_table[5 + 1] = { 0, 80, 112, 128, 192, 256 };
+
+ if (ctx != NULL)
+ level = SSL_CTX_get_security_level(ctx);
+ else
+ level = SSL_get_security_level(s);
+
+ if (level > 5)
+ level = 5;
+ else if (level < 0)
+ level = 0;
+
+ if (levelp != NULL)
+ *levelp = level;
+
+ return minbits_table[level];
+}
+
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
int op, int bits, int nid, void *other,
void *ex)
{
int level, minbits;
- static const int minbits_table[5] = { 80, 112, 128, 192, 256 };
- if (ctx)
- level = SSL_CTX_get_security_level(ctx);
- else
- level = SSL_get_security_level(s);
- if (level <= 0) {
+ minbits = ssl_get_security_level_bits(s, ctx, &level);
+
+ if (level == 0) {
/*
* No EDH keys weaker than 1024-bits even at level 0, otherwise,
* anything goes.
@@ -980,9 +998,6 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
return 0;
return 1;
}
- if (level > 5)
- level = 5;
- minbits = minbits_table[level - 1];
switch (op) {
case SSL_SECOP_CIPHER_SUPPORTED:
case SSL_SECOP_CIPHER_SHARED:
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index def53739a1..dd82314602 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -2436,6 +2436,7 @@ __owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain,
__owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other);
__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
void *other);
+int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp);
__owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx);
__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk,
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 3bc424acef..2ee97c2ae6 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2884,7 +2884,7 @@ EVP_PKEY *ssl_get_auto_dh(SSL *s)
{
EVP_PKEY *dhp = NULL;
BIGNUM *p;
- int dh_secbits = 80;
+ int dh_secbits = 80, sec_level_bits;
EVP_PKEY_CTX *pctx = NULL;
OSSL_PARAM_BLD *tmpl = NULL;
OSSL_PARAM *params = NULL;
@@ -2902,6 +2902,11 @@ EVP_PKEY *ssl_get_auto_dh(SSL *s)
}
}
+ /* Do not pick a prime that is too weak for the current security level */
+ sec_level_bits = ssl_get_security_level_bits(s, NULL, NULL);
+ if (dh_secbits < sec_level_bits)
+ dh_secbits = sec_level_bits;
+
if (dh_secbits >= 192)
p = BN_get_rfc3526_prime_8192(NULL);
else if (dh_secbits >= 152)
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 59f364d7f7..b71bc01655 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -520,10 +520,10 @@ sub testssl {
subtest 'RSA/(EC)DHE/PSK tests' => sub {
######################################################################
- plan tests => 5;
+ plan tests => 6;
SKIP: {
- skip "TLSv1.0 is not supported by this OpenSSL build", 5
+ skip "TLSv1.0 is not supported by this OpenSSL build", 6
if $no_tls1 || $provider eq "fips";
SKIP: {
@@ -549,7 +549,7 @@ sub testssl {
}
SKIP: {
- skip "skipping PSK tests", 2
+ skip "skipping PSK tests", 3
if ($no_psk);
ok(run(test([@ssltest, "-tls1", "-cipher", "PSK", "-psk", "abc123"])),
@@ -557,6 +557,9 @@ sub testssl {
ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])),
'test tls1 with PSK via BIO pair');
+
+ ok(run(test(['ssl_old_test', '-psk', '0102030405', '-cipher', '@SECLEVEL=2:DHE-PSK-AES128-CCM'])),
+ 'test auto DH meets security strength');
}
}
More information about the openssl-commits
mailing list