|
|
cfec1a |
diff -up openssl-1.0.2j/crypto/asn1/a_verify.c.deprecate-algos openssl-1.0.2j/crypto/asn1/a_verify.c
|
|
|
cfec1a |
--- openssl-1.0.2j/crypto/asn1/a_verify.c.deprecate-algos 2016-09-26 11:49:07.000000000 +0200
|
|
|
cfec1a |
+++ openssl-1.0.2j/crypto/asn1/a_verify.c 2017-01-09 16:47:11.666994197 +0100
|
|
|
cfec1a |
@@ -56,6 +56,9 @@
|
|
|
cfec1a |
* [including the GNU Public Licence.]
|
|
|
cfec1a |
*/
|
|
|
cfec1a |
|
|
|
cfec1a |
+/* for secure_getenv */
|
|
|
cfec1a |
+#define _GNU_SOURCE
|
|
|
cfec1a |
+
|
|
|
cfec1a |
#include <stdio.h>
|
|
|
cfec1a |
#include <time.h>
|
|
|
cfec1a |
|
|
|
cfec1a |
@@ -133,6 +136,30 @@ int ASN1_verify(i2d_of_void *i2d, X509_A
|
|
|
cfec1a |
|
|
|
cfec1a |
#endif
|
|
|
cfec1a |
|
|
|
cfec1a |
+static int legacy_mds[] = { NID_md5, NID_sha, NID_md4, NID_md2, 0 };
|
|
|
cfec1a |
+extern int private_ossl_allowed_legacy_mds[];
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+static int is_md_legacy_disallowed(int mdnid)
|
|
|
cfec1a |
+{
|
|
|
cfec1a |
+ int i;
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+ if (mdnid == NID_md5 && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") != NULL)
|
|
|
cfec1a |
+ return 0;
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+ for (i = 0; legacy_mds[i] != 0; ++i) {
|
|
|
cfec1a |
+ if (mdnid == legacy_mds[i]) {
|
|
|
cfec1a |
+ int j;
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+ for (j = 0; private_ossl_allowed_legacy_mds[j] != 0; ++j) {
|
|
|
cfec1a |
+ if (mdnid == private_ossl_allowed_legacy_mds[j])
|
|
|
cfec1a |
+ return 0;
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+ return 1;
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+ return 0;
|
|
|
cfec1a |
+}
|
|
|
cfec1a |
+
|
|
|
cfec1a |
int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
|
|
|
cfec1a |
ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
|
|
|
cfec1a |
{
|
|
|
cfec1a |
@@ -174,6 +201,10 @@ int ASN1_item_verify(const ASN1_ITEM *it
|
|
|
cfec1a |
if (ret != 2)
|
|
|
cfec1a |
goto err;
|
|
|
cfec1a |
ret = -1;
|
|
|
cfec1a |
+ } else if (is_md_legacy_disallowed(mdnid)) {
|
|
|
cfec1a |
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
|
|
|
cfec1a |
+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
|
|
|
cfec1a |
+ goto err;
|
|
|
cfec1a |
} else {
|
|
|
cfec1a |
const EVP_MD *type;
|
|
|
cfec1a |
type = EVP_get_digestbynid(mdnid);
|
|
|
cfec1a |
diff -up openssl-1.0.2j/crypto/o_init.c.deprecate-algos openssl-1.0.2j/crypto/o_init.c
|
|
|
cfec1a |
--- openssl-1.0.2j/crypto/o_init.c.deprecate-algos 2017-01-05 17:49:00.000000000 +0100
|
|
|
cfec1a |
+++ openssl-1.0.2j/crypto/o_init.c 2017-01-09 16:52:29.018298611 +0100
|
|
|
cfec1a |
@@ -64,11 +64,21 @@
|
|
|
cfec1a |
# include <unistd.h>
|
|
|
cfec1a |
# include <errno.h>
|
|
|
cfec1a |
# include <stdlib.h>
|
|
|
cfec1a |
+# include <stdio.h>
|
|
|
cfec1a |
+# include <string.h>
|
|
|
cfec1a |
+# include <strings.h>
|
|
|
cfec1a |
+# include <ctype.h>
|
|
|
cfec1a |
# include <openssl/fips.h>
|
|
|
cfec1a |
# include <openssl/rand.h>
|
|
|
cfec1a |
+# include <openssl/dh.h>
|
|
|
cfec1a |
+# include <openssl/objects.h>
|
|
|
cfec1a |
|
|
|
cfec1a |
# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
|
|
|
cfec1a |
|
|
|
cfec1a |
+# define LEGACY_SETTINGS_FILE "/etc/pki/tls/legacy-settings"
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+# define NUM_MAX_LEGACY_MDS 8
|
|
|
cfec1a |
+
|
|
|
cfec1a |
static void init_fips_mode(void)
|
|
|
cfec1a |
{
|
|
|
cfec1a |
char buf[2] = "0";
|
|
|
cfec1a |
@@ -98,6 +108,115 @@ static void init_fips_mode(void)
|
|
|
cfec1a |
}
|
|
|
cfec1a |
#endif
|
|
|
cfec1a |
|
|
|
cfec1a |
+int private_ossl_allowed_legacy_mds[NUM_MAX_LEGACY_MDS + 1]; /* zero terminated */
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+int private_ossl_minimum_dh_bits;
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+static void parse_legacy_mds(char *p)
|
|
|
cfec1a |
+{
|
|
|
cfec1a |
+ int idx = 0;
|
|
|
cfec1a |
+ char *e = p;
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+ while (p[0] != '\0') {
|
|
|
cfec1a |
+ while (e[0] != '\0' && !isspace(e[0]) && e[0] != ',') {
|
|
|
cfec1a |
+ ++e;
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+ if (e[0] != '\0') {
|
|
|
cfec1a |
+ e[0] = '\0';
|
|
|
cfec1a |
+ ++e;
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+ if (strcasecmp(p, "md5") == 0) {
|
|
|
cfec1a |
+ private_ossl_allowed_legacy_mds[idx++] = NID_md5;
|
|
|
cfec1a |
+ } else if (strcasecmp(p, "md4") == 0) {
|
|
|
cfec1a |
+ private_ossl_allowed_legacy_mds[idx++] = NID_md4;
|
|
|
cfec1a |
+ } else if (strcasecmp(p, "sha") == 0) {
|
|
|
cfec1a |
+ private_ossl_allowed_legacy_mds[idx++] = NID_sha;
|
|
|
cfec1a |
+ } else if (strcasecmp(p, "md2") == 0) {
|
|
|
cfec1a |
+ private_ossl_allowed_legacy_mds[idx++] = NID_md2;
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+ if (idx >=
|
|
|
cfec1a |
+ sizeof(private_ossl_allowed_legacy_mds) /
|
|
|
cfec1a |
+ sizeof(private_ossl_allowed_legacy_mds[0])) {
|
|
|
cfec1a |
+ break;
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+ while (e[0] == ',' || isspace(e[0])) {
|
|
|
cfec1a |
+ ++e;
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+ p = e;
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+}
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+static void parse_minimum_dh_bits(char *p)
|
|
|
cfec1a |
+{
|
|
|
cfec1a |
+ private_ossl_minimum_dh_bits = strtol(p, NULL, 10);
|
|
|
cfec1a |
+ if (private_ossl_minimum_dh_bits < 512
|
|
|
cfec1a |
+ || private_ossl_minimum_dh_bits > OPENSSL_DH_MAX_MODULUS_BITS) {
|
|
|
cfec1a |
+ /* use default */
|
|
|
cfec1a |
+ private_ossl_minimum_dh_bits = 0;
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+}
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+static void load_legacy_settings(void)
|
|
|
cfec1a |
+{
|
|
|
cfec1a |
+ FILE *f;
|
|
|
cfec1a |
+ char *line = NULL;
|
|
|
cfec1a |
+ size_t len = 0;
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+ if ((f = fopen(LEGACY_SETTINGS_FILE, "r")) == NULL) {
|
|
|
cfec1a |
+ return;
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+ while (getline(&line, &len, f) > 0) {
|
|
|
cfec1a |
+ char *p = line, *e, *val;
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+ /* skip initial whitespace */
|
|
|
cfec1a |
+ while (isspace(p[0])) {
|
|
|
cfec1a |
+ ++p;
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+ e = p;
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+ while (e[0] != '\0' && !isspace(e[0])) {
|
|
|
cfec1a |
+ ++e;
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+ /* terminate name, skip whitespace between name and value */
|
|
|
cfec1a |
+ if (e[0] != '\0') {
|
|
|
cfec1a |
+ e[0] = '\0';
|
|
|
cfec1a |
+ ++e;
|
|
|
cfec1a |
+ while (isspace(e[0])) {
|
|
|
cfec1a |
+ ++e;
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+ val = e;
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+ e = e + strlen(val);
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+ /* trim terminating whitespace */
|
|
|
cfec1a |
+ while (e > val) {
|
|
|
cfec1a |
+ --e;
|
|
|
cfec1a |
+ if (isspace(e[0])) {
|
|
|
cfec1a |
+ e[0] = '\0';
|
|
|
cfec1a |
+ } else {
|
|
|
cfec1a |
+ break;
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+
|
|
|
cfec1a |
+ if (strcasecmp(p, "LegacySigningMDs") == 0) {
|
|
|
cfec1a |
+ parse_legacy_mds(val);
|
|
|
cfec1a |
+ } else if (strcasecmp(line, "MinimumDHBits") == 0) {
|
|
|
cfec1a |
+ parse_minimum_dh_bits(val);
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+ /* simply skip other unrecognized lines */
|
|
|
cfec1a |
+ }
|
|
|
cfec1a |
+ (void)fclose(f);
|
|
|
cfec1a |
+}
|
|
|
cfec1a |
+
|
|
|
cfec1a |
/*
|
|
|
cfec1a |
* Perform any essential OpenSSL initialization operations. Currently only
|
|
|
cfec1a |
* sets FIPS callbacks
|
|
|
cfec1a |
@@ -109,6 +228,7 @@ void __attribute__ ((constructor)) OPENS
|
|
|
cfec1a |
if (done)
|
|
|
cfec1a |
return;
|
|
|
cfec1a |
done = 1;
|
|
|
cfec1a |
+ load_legacy_settings();
|
|
|
cfec1a |
#ifdef OPENSSL_FIPS
|
|
|
cfec1a |
if (!FIPS_module_installed()) {
|
|
|
cfec1a |
return;
|
|
|
cfec1a |
diff -up openssl-1.0.2j/ssl/s3_clnt.c.deprecate-algos openssl-1.0.2j/ssl/s3_clnt.c
|
|
|
cfec1a |
--- openssl-1.0.2j/ssl/s3_clnt.c.deprecate-algos 2016-09-26 11:49:07.000000000 +0200
|
|
|
cfec1a |
+++ openssl-1.0.2j/ssl/s3_clnt.c 2017-01-09 17:01:19.428506961 +0100
|
|
|
cfec1a |
@@ -3478,6 +3478,8 @@ int ssl3_send_client_certificate(SSL *s)
|
|
|
cfec1a |
|
|
|
cfec1a |
#define has_bits(i,m) (((i)&(m)) == (m))
|
|
|
cfec1a |
|
|
|
cfec1a |
+extern int private_ossl_minimum_dh_bits;
|
|
|
cfec1a |
+
|
|
|
cfec1a |
int ssl3_check_cert_and_algorithm(SSL *s)
|
|
|
cfec1a |
{
|
|
|
cfec1a |
int i, idx;
|
|
|
cfec1a |
@@ -3608,8 +3610,7 @@ int ssl3_check_cert_and_algorithm(SSL *s
|
|
|
cfec1a |
DH_free(dh_srvr);
|
|
|
cfec1a |
}
|
|
|
cfec1a |
|
|
|
cfec1a |
- if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 1024)
|
|
|
cfec1a |
- || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512)) {
|
|
|
cfec1a |
+ if (dh_size < (private_ossl_minimum_dh_bits ? private_ossl_minimum_dh_bits : 1024)) {
|
|
|
cfec1a |
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_DH_KEY_TOO_SMALL);
|
|
|
cfec1a |
goto f_err;
|
|
|
cfec1a |
}
|