66 lines
2.3 KiB
Diff
66 lines
2.3 KiB
Diff
From 7844f3c784bfc93c9b94ae5a4082f9d01e82e0af Mon Sep 17 00:00:00 2001
|
|
From: Matt Caswell <matt@openssl.org>
|
|
Date: Wed, 14 Oct 2020 15:13:28 +0100
|
|
Subject: [PATCH 083/147] Pass an EVP_PKEY for SSL_SECOP_TMP_DH in the security
|
|
callback
|
|
|
|
The security operation SSL_SECOP_TMP_DH is defined to take an EVP_PKEY
|
|
in the "other" parameter:
|
|
|
|
/* Temporary DH key */
|
|
# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY)
|
|
|
|
In most places this is what is passed. All these places occur server side.
|
|
However there is one client side call of this security operation and it
|
|
passes a DH object instead. This is incorrect according to the
|
|
definition of SSL_SECOP_TMP_DH, and is inconsistent with all of the other
|
|
locations.
|
|
|
|
Our own default security callback, and the debug callback in the apps,
|
|
never look at this value and therefore this issue was never noticed
|
|
previously. In theory a client side application could be relying on this
|
|
behaviour and could be broken by this change. This is probably fairly
|
|
unlikely but can't be ruled out.
|
|
|
|
Reviewed-by: Paul Dale <paul.dale@oracle.com>
|
|
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
|
|
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
|
|
(Merged from https://github.com/openssl/openssl/pull/13136)
|
|
---
|
|
ssl/statem/statem_clnt.c | 13 +++++++------
|
|
1 file changed, 7 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
|
|
index 64e392c..3bf8aac 100644
|
|
--- a/ssl/statem/statem_clnt.c
|
|
+++ b/ssl/statem/statem_clnt.c
|
|
@@ -2145,18 +2145,19 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
|
|
}
|
|
bnpub_key = NULL;
|
|
|
|
- if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
|
|
- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
|
|
- SSL_R_DH_KEY_TOO_SMALL);
|
|
- goto err;
|
|
- }
|
|
-
|
|
if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
|
|
ERR_R_EVP_LIB);
|
|
goto err;
|
|
}
|
|
|
|
+ if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp),
|
|
+ 0, peer_tmp)) {
|
|
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
|
|
+ SSL_R_DH_KEY_TOO_SMALL);
|
|
+ goto err;
|
|
+ }
|
|
+
|
|
s->s3->peer_tmp = peer_tmp;
|
|
|
|
/*
|
|
--
|
|
1.8.3.1
|
|
|