[PATCH] openssl DH prime minimum for wheezy
On Fri, 5 Jun 2015, Thorsten Glaser wrote:
> OpenSSL upstream is said (citation needed) to wish to require a
> 1024 bit minimum in some later version but require 768 bits now.
> I cannot find this in either upstream’s 1.0.2a release or the one
> currently in sid.
> I did find it as commit 10a70da729948bb573d27cef4459077c49f3eb46
> in upstream’s git, except the error path needs to set al too AFAICS.
Hm, al was a different function, the upstream patch is probably
good as-is, sorry for that particular noise.
However, I’ve changed the patch in MirBSD’s libssl to match, then
forward-ported that to wheezy’s; turns out that was easier than a
backport from upstream’s current code.
Same procedure applies: please review and ship ;-)
bye,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
diff -Nru openssl-1.0.1e/debian/changelog openssl-1.0.1e/debian/changelog
--- openssl-1.0.1e/debian/changelog 2015-03-19 19:05:32.000000000 +0100
+++ openssl-1.0.1e/debian/changelog 2015-06-05 14:57:10.000000000 +0200
@@ -1,3 +1,10 @@
+openssl (1.0.1e-2+deb7u16tarent1) tarent; urgency=high
+
+ * Non-maintainer upload.
+ * Add debian/patches/DH-min-1008-bits.patch, from MirBSD
+
+ -- Thorsten Glaser <t.glaser@tarent.de> Fri, 05 Jun 2015 14:57:07 +0200
+
openssl (1.0.1e-2+deb7u16) wheezy-security; urgency=medium
* Revert patch 0003-Free-up-passed-ASN.1-structure-if-reused.patch, it
diff -Nru openssl-1.0.1e/debian/patches/DH-min-1008-bits.patch openssl-1.0.1e/debian/patches/DH-min-1008-bits.patch
--- openssl-1.0.1e/debian/patches/DH-min-1008-bits.patch 1970-01-01 01:00:00.000000000 +0100
+++ openssl-1.0.1e/debian/patches/DH-min-1008-bits.patch 2015-06-05 14:57:02.000000000 +0200
@@ -0,0 +1,20 @@
+# DP: require a minimum of 1008 bits for server temp DH key
+# DP: (less if an EXPORT ciphersuite is used, which should not)
+
+--- a/ssl/s3_clnt.c
++++ b/ssl/s3_clnt.c
+@@ -3309,6 +3309,14 @@ int ssl3_check_cert_and_algorithm(SSL *s
+ goto f_err;
+ }
+ #endif
++
++ /* require 1008 bit DH (512 bit for EXPORT ciphersuites) */
++ if ((alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) &&
++ (dh == NULL || (BN_num_bits(dh->p) <
++ (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) ? 512 : 1008)))) {
++ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
++ goto f_err;
++ }
+ #endif
+
+ if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
diff -Nru openssl-1.0.1e/debian/patches/series openssl-1.0.1e/debian/patches/series
--- openssl-1.0.1e/debian/patches/series 2015-03-19 19:03:11.000000000 +0100
+++ openssl-1.0.1e/debian/patches/series 2015-06-05 14:00:38.000000000 +0200
@@ -98,3 +98,4 @@
0001-Check-public-key-is-not-NULL.patch
0001-evp-prevent-underflow-in-base64-decoding.patch
0008-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
+DH-min-1008-bits.patch
Reply to: