Implement the default security level callback

And here is where the fun starts. The tentacles will grow everywhere.

ok beck jsing sthen

3 files changed, 202 insertions, 2 deletions

diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile
index 5a0a7bbc02..e6930b0b9f 100644
--- a/src/lib/libssl/Makefile
+++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.74 2022/01/14 09:09:30 tb Exp $
+# $OpenBSD: Makefile,v 1.75 2022/06/28 20:40:24 tb Exp $
 
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -58,6 +58,7 @@ SRCS= \
         ssl_packet.c \
         ssl_pkt.c \
         ssl_rsa.c \
+        ssl_seclevel.c \
         ssl_sess.c \
         ssl_sigalgs.c \
         ssl_srvr.c \
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 5b976bddc7..ab547ea5bc 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.395 2022/06/28 20:31:43 tb Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.396 2022/06/28 20:40:24 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1282,6 +1282,11 @@ int ssl_cert_set1_chain(SSL_CERT *c, STACK_OF(X509) *chain);
 int ssl_cert_add0_chain_cert(SSL_CERT *c, X509 *cert);
 int ssl_cert_add1_chain_cert(SSL_CERT *c, X509 *cert);
 
+int ssl_security_default_cb(const SSL *ssl, const SSL_CTX *ctx, int op,
+    int bits, int nid, void *other, void *ex_data);
+int ssl_security_dummy_cb(const SSL *ssl, const SSL_CTX *ctx, int op,
+    int bits, int nid, void *other, void *ex_data);
+
 int ssl_get_new_session(SSL *s, int session);
 int ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block,
     int *alert);
diff --git a/src/lib/libssl/ssl_seclevel.c b/src/lib/libssl/ssl_seclevel.c
new file mode 100644
index 0000000000..3da78c65b7
--- /dev/null
+++ b/src/lib/libssl/ssl_seclevel.c
@@ -0,0 +1,194 @@
+/*      $OpenBSD: ssl_seclevel.c,v 1.1 2022/06/28 20:40:24 tb Exp $ */
+/*
+ * Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stddef.h>
+
+#include <openssl/ossl_typ.h>
+#include <openssl/ssl.h>
+#include <openssl/tls1.h>
+
+#include "ssl_locl.h"
+
+static int
+ssl_security_normalize_level(const SSL_CTX *ctx, const SSL *ssl, int *out_level)
+{
+        int security_level;
+
+        if (ctx != NULL)
+                security_level = SSL_CTX_get_security_level(ctx);
+        else
+                security_level = SSL_get_security_level(ssl);
+
+        if (security_level < 0)
+                security_level = 0;
+        if (security_level > 5)
+                security_level = 5;
+
+        *out_level = security_level;
+
+        return 1;
+}
+
+static int
+ssl_security_level_to_minimum_bits(int security_level, int *out_minimum_bits)
+{
+        if (security_level < 0)
+                return 0;
+
+        if (security_level == 0)
+                *out_minimum_bits = 0;
+        else if (security_level == 1)
+                *out_minimum_bits = 80;
+        else if (security_level == 2)
+                *out_minimum_bits = 112;
+        else if (security_level == 3)
+                *out_minimum_bits = 128;
+        else if (security_level == 4)
+                *out_minimum_bits = 192;
+        else if (security_level >= 5)
+                *out_minimum_bits = 256;
+
+        return 1;
+}
+
+static int
+ssl_security_level_and_minimum_bits(const SSL_CTX *ctx, const SSL *ssl,
+    int *out_level, int *out_minimum_bits)
+{
+        int security_level = 0, minimum_bits = 0;
+
+        if (!ssl_security_normalize_level(ctx, ssl, &security_level))
+                return 0;
+        if (!ssl_security_level_to_minimum_bits(security_level, &minimum_bits))
+                return 0;
+
+        if (out_level != NULL)
+                *out_level = security_level;
+        if (out_minimum_bits != NULL)
+                *out_minimum_bits = minimum_bits;
+
+        return 1;
+}
+
+static int
+ssl_security_secop_cipher(const SSL_CTX *ctx, const SSL *ssl, int bits,
+    void *arg)
+{
+        const SSL_CIPHER *cipher = arg;
+        int security_level, minimum_bits;
+
+        if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level,
+            &minimum_bits))
+                return 0;
+
+        if (security_level <= 0)
+                return 1;
+
+        if (bits < minimum_bits)
+                return 0;
+
+        /* No unauthenticated ciphersuites */
+        if (cipher->algorithm_auth & SSL_aNULL)
+                return 0;
+
+        if (security_level <= 1)
+                return 1;
+
+        if (cipher->algorithm_enc == SSL_RC4)
+                return 0;
+
+        if (security_level <= 2)
+                return 1;
+
+        /* XXX TLSv1.3 */
+        if ((cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) != 0)
+                return 0;
+
+        return 1;
+}
+
+static int
+ssl_security_secop_version(const SSL_CTX *ctx, const SSL *ssl, int version)
+{
+        int min_version = TLS1_2_VERSION;
+        int security_level;
+
+        if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level, NULL))
+                return 0;
+
+        if (security_level < 4)
+                min_version = TLS1_1_VERSION;
+        if (security_level < 3)
+                min_version = TLS1_VERSION;
+
+        return ssl_tls_version(version) >= min_version;
+}
+
+static int
+ssl_security_secop_compression(const SSL_CTX *ctx, const SSL *ssl)
+{
+        return 0;
+}
+
+static int
+ssl_security_secop_tickets(const SSL_CTX *ctx, const SSL *ssl)
+{
+        int security_level;
+
+        if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level, NULL))
+                return 0;
+
+        return security_level < 3;
+}
+
+static int
+ssl_security_secop_default(const SSL_CTX *ctx, const SSL *ssl, int bits)
+{
+        int minimum_bits;
+
+        if (!ssl_security_level_and_minimum_bits(ctx, ssl, NULL, &minimum_bits))
+                return 0;
+
+        return bits >= minimum_bits;
+}
+
+int
+ssl_security_default_cb(const SSL *ssl, const SSL_CTX *ctx, int op, int bits,
+    int version, void *cipher, void *ex_data)
+{
+        switch (op) {
+        case SSL_SECOP_CIPHER_SUPPORTED:
+        case SSL_SECOP_CIPHER_SHARED:
+        case SSL_SECOP_CIPHER_CHECK:
+                return ssl_security_secop_cipher(ctx, ssl, bits, cipher);
+        case SSL_SECOP_VERSION:
+                return ssl_security_secop_version(ctx, ssl, version);
+        case SSL_SECOP_COMPRESSION:
+                return ssl_security_secop_compression(ctx, ssl);
+        case SSL_SECOP_TICKET:
+                return ssl_security_secop_tickets(ctx, ssl);
+        default:
+                return ssl_security_secop_default(ctx, ssl, bits);
+        }
+}
+
+int
+ssl_security_dummy_cb(const SSL *ssl, const SSL_CTX *ctx, int op, int bits,
+    int version, void *cipher, void *ex_data)
+{
+        return 1;
+}