Disallow MD5 and SHA-1 HMACs depending on the security level

Ciphers using an MD5 HMAC are not allowed on security levels >= 1 and
using a SHA-1 HMAC is disallowed on security levels >= 4. This disables
RC4-MD5 by default.

ok jsing

1 files changed, 11 insertions, 2 deletions

diff --git a/src/lib/libssl/ssl_seclevel.c b/src/lib/libssl/ssl_seclevel.c
index 4ccd957689..957ebc7ca5 100644
--- a/src/lib/libssl/ssl_seclevel.c
+++ b/src/lib/libssl/ssl_seclevel.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ssl_seclevel.c,v 1.22 2022/07/07 17:08:28 tb Exp $ */
+/*      $OpenBSD: ssl_seclevel.c,v 1.23 2022/07/19 18:55:12 tb Exp $ */
 /*
  * Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
  *
@@ -112,10 +112,13 @@ ssl_security_secop_cipher(const SSL_CTX *ctx, const SSL *ssl, int bits,
         if (cipher->algorithm_auth & SSL_aNULL)
                 return 0;
 
+        if (cipher->algorithm_mac & SSL_MD5)
+                return 0;
+
         if (security_level <= 1)
                 return 1;
 
-        if (cipher->algorithm_enc == SSL_RC4)
+        if (cipher->algorithm_enc & SSL_RC4)
                 return 0;
 
         if (security_level <= 2)
@@ -126,6 +129,12 @@ ssl_security_secop_cipher(const SSL_CTX *ctx, const SSL *ssl, int bits,
             cipher->algorithm_ssl != SSL_TLSV1_3)
                 return 0;
 
+        if (security_level <= 3)
+                return 1;
+
+        if (cipher->algorithm_mac & SSL_SHA1)
+                return 0;
+
         return 1;
 }