diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 13 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_clnt.c | 13 | ||||
| -rw-r--r-- | src/regress/lib/libssl/ssl/ssltest.c | 42 | 
3 files changed, 28 insertions, 40 deletions
| diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 9b52691015..d68aecf541 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.107 2015/02/07 05:46:01 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.108 2015/03/08 16:48:47 miod Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -1268,6 +1268,17 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1268 | p += i; | 1268 | p += i; | 
| 1269 | n -= param_len; | 1269 | n -= param_len; | 
| 1270 | 1270 | ||
| 1271 | /* | ||
| 1272 | * Check the strength of the DH key just constructed. | ||
| 1273 | * Discard keys weaker than 1024 bits. | ||
| 1274 | */ | ||
| 1275 | |||
| 1276 | if (DH_size(dh) < 1024 / 8) { | ||
| 1277 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1278 | SSL_R_BAD_DH_P_LENGTH); | ||
| 1279 | goto err; | ||
| 1280 | } | ||
| 1281 | |||
| 1271 | if (alg_a & SSL_aRSA) | 1282 | if (alg_a & SSL_aRSA) | 
| 1272 | pkey = X509_get_pubkey( | 1283 | pkey = X509_get_pubkey( | 
| 1273 | s->session->sess_cert->peer_pkeys[ | 1284 | s->session->sess_cert->peer_pkeys[ | 
| diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index 9b52691015..d68aecf541 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.107 2015/02/07 05:46:01 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.108 2015/03/08 16:48:47 miod Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -1268,6 +1268,17 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1268 | p += i; | 1268 | p += i; | 
| 1269 | n -= param_len; | 1269 | n -= param_len; | 
| 1270 | 1270 | ||
| 1271 | /* | ||
| 1272 | * Check the strength of the DH key just constructed. | ||
| 1273 | * Discard keys weaker than 1024 bits. | ||
| 1274 | */ | ||
| 1275 | |||
| 1276 | if (DH_size(dh) < 1024 / 8) { | ||
| 1277 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1278 | SSL_R_BAD_DH_P_LENGTH); | ||
| 1279 | goto err; | ||
| 1280 | } | ||
| 1281 | |||
| 1271 | if (alg_a & SSL_aRSA) | 1282 | if (alg_a & SSL_aRSA) | 
| 1272 | pkey = X509_get_pubkey( | 1283 | pkey = X509_get_pubkey( | 
| 1273 | s->session->sess_cert->peer_pkeys[ | 1284 | s->session->sess_cert->peer_pkeys[ | 
| diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c index 91956a1322..5b03e0e0b8 100644 --- a/src/regress/lib/libssl/ssl/ssltest.c +++ b/src/regress/lib/libssl/ssl/ssltest.c | |||
| @@ -194,7 +194,6 @@ struct app_verify_arg { | |||
| 194 | char *proxy_cond; | 194 | char *proxy_cond; | 
| 195 | }; | 195 | }; | 
| 196 | 196 | ||
| 197 | static DH *get_dh512(void); | ||
| 198 | static DH *get_dh1024(void); | 197 | static DH *get_dh1024(void); | 
| 199 | static DH *get_dh1024dsa(void); | 198 | static DH *get_dh1024dsa(void); | 
| 200 | 199 | ||
| @@ -428,7 +427,6 @@ sv_usage(void) | |||
| 428 | fprintf(stderr, " -reuse - use session-id reuse\n"); | 427 | fprintf(stderr, " -reuse - use session-id reuse\n"); | 
| 429 | fprintf(stderr, " -num <val> - number of connections to perform\n"); | 428 | fprintf(stderr, " -num <val> - number of connections to perform\n"); | 
| 430 | fprintf(stderr, " -bytes <val> - number of bytes to swap between client/server\n"); | 429 | fprintf(stderr, " -bytes <val> - number of bytes to swap between client/server\n"); | 
| 431 | fprintf(stderr, " -dhe1024 - use 1024 bit key (safe prime) for DHE\n"); | ||
| 432 | fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); | 430 | fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); | 
| 433 | fprintf(stderr, " -no_dhe - disable DHE\n"); | 431 | fprintf(stderr, " -no_dhe - disable DHE\n"); | 
| 434 | fprintf(stderr, " -no_ecdhe - disable ECDHE\n"); | 432 | fprintf(stderr, " -no_ecdhe - disable ECDHE\n"); | 
| @@ -569,7 +567,7 @@ main(int argc, char *argv[]) | |||
| 569 | int number = 1, reuse = 0; | 567 | int number = 1, reuse = 0; | 
| 570 | long bytes = 256L; | 568 | long bytes = 256L; | 
| 571 | DH *dh; | 569 | DH *dh; | 
| 572 | int dhe1024 = 0, dhe1024dsa = 0; | 570 | int dhe1024dsa = 0; | 
| 573 | EC_KEY *ecdh = NULL; | 571 | EC_KEY *ecdh = NULL; | 
| 574 | int no_dhe = 0; | 572 | int no_dhe = 0; | 
| 575 | int no_ecdhe = 0; | 573 | int no_ecdhe = 0; | 
| @@ -612,9 +610,7 @@ main(int argc, char *argv[]) | |||
| 612 | debug = 1; | 610 | debug = 1; | 
| 613 | else if (strcmp(*argv, "-reuse") == 0) | 611 | else if (strcmp(*argv, "-reuse") == 0) | 
| 614 | reuse = 1; | 612 | reuse = 1; | 
| 615 | else if (strcmp(*argv, "-dhe1024") == 0) { | 613 | else if (strcmp(*argv, "-dhe1024dsa") == 0) { | 
| 616 | dhe1024 = 1; | ||
| 617 | } else if (strcmp(*argv, "-dhe1024dsa") == 0) { | ||
| 618 | dhe1024dsa = 1; | 614 | dhe1024dsa = 1; | 
| 619 | } else if (strcmp(*argv, "-no_dhe") == 0) | 615 | } else if (strcmp(*argv, "-no_dhe") == 0) | 
| 620 | no_dhe = 1; | 616 | no_dhe = 1; | 
| @@ -787,10 +783,8 @@ bad: | |||
| 787 | /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */ | 783 | /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */ | 
| 788 | SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); | 784 | SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); | 
| 789 | dh = get_dh1024dsa(); | 785 | dh = get_dh1024dsa(); | 
| 790 | } else if (dhe1024) | 786 | } else | 
| 791 | dh = get_dh1024(); | 787 | dh = get_dh1024(); | 
| 792 | else | ||
| 793 | dh = get_dh512(); | ||
| 794 | SSL_CTX_set_tmp_dh(s_ctx, dh); | 788 | SSL_CTX_set_tmp_dh(s_ctx, dh); | 
| 795 | DH_free(dh); | 789 | DH_free(dh); | 
| 796 | } | 790 | } | 
| @@ -2089,39 +2083,11 @@ free_tmp_rsa(void) | |||
| 2089 | } | 2083 | } | 
| 2090 | 2084 | ||
| 2091 | /* These DH parameters have been generated as follows: | 2085 | /* These DH parameters have been generated as follows: | 
| 2092 | * $ openssl dhparam -C -noout 512 | ||
| 2093 | * $ openssl dhparam -C -noout 1024 | 2086 | * $ openssl dhparam -C -noout 1024 | 
| 2094 | * $ openssl dhparam -C -noout -dsaparam 1024 | 2087 | * $ openssl dhparam -C -noout -dsaparam 1024 | 
| 2095 | * (The third function has been renamed to avoid name conflicts.) | 2088 | * (The second function has been renamed to avoid name conflicts.) | 
| 2096 | */ | 2089 | */ | 
| 2097 | static DH * | 2090 | static DH * | 
| 2098 | get_dh512() | ||
| 2099 | { | ||
| 2100 | static unsigned char dh512_p[] = { | ||
| 2101 | 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0, 0xC6, | ||
| 2102 | 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04, 0xB0, | ||
| 2103 | 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9, 0x5F, | ||
| 2104 | 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33, 0xB8, | ||
| 2105 | 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21, 0x33, | ||
| 2106 | 0x02, 0xC5, 0xAE, 0x23, | ||
| 2107 | }; | ||
| 2108 | static unsigned char dh512_g[] = { | ||
| 2109 | 0x02, | ||
| 2110 | }; | ||
| 2111 | DH *dh; | ||
| 2112 | |||
| 2113 | if ((dh = DH_new()) == NULL) | ||
| 2114 | return (NULL); | ||
| 2115 | dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); | ||
| 2116 | dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); | ||
| 2117 | if ((dh->p == NULL) || (dh->g == NULL)) { | ||
| 2118 | DH_free(dh); | ||
| 2119 | return (NULL); | ||
| 2120 | } | ||
| 2121 | return (dh); | ||
| 2122 | } | ||
| 2123 | |||
| 2124 | static DH * | ||
| 2125 | get_dh1024() | 2091 | get_dh1024() | 
| 2126 | { | 2092 | { | 
| 2127 | static unsigned char dh1024_p[] = { | 2093 | static unsigned char dh1024_p[] = { | 
