mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-28 00:04:19 +01:00
Merge pull request #4325 from gilles-peskine-arm/dhm_min_bitlen-bits-2.16
Backport 2.16: Enforce dhm_min_bitlen exactly
This commit is contained in:
commit
23e5f715f1
4
ChangeLog.d/dhm_min_bitlen.txt
Normal file
4
ChangeLog.d/dhm_min_bitlen.txt
Normal file
@ -0,0 +1,4 @@
|
||||
Bugfix
|
||||
* In a TLS client, enforce the Diffie-Hellman minimum parameter size
|
||||
set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
|
||||
minimum size was rounded down to the nearest multiple of 8.
|
@ -2209,6 +2209,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
|
||||
unsigned char *end )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
size_t dhm_actual_bitlen;
|
||||
|
||||
/*
|
||||
* Ephemeral DH parameters:
|
||||
@ -2226,10 +2227,11 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
|
||||
dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P );
|
||||
if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d",
|
||||
ssl->handshake->dhm_ctx.len * 8,
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %u < %u",
|
||||
(unsigned) dhm_actual_bitlen,
|
||||
ssl->conf->dhm_min_bitlen ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
|
@ -1052,6 +1052,16 @@ cert_md5.crt: cert_md5.csr
|
||||
$(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=MD5 version=3 output_file=$@
|
||||
all_final += cert_md5.crt
|
||||
|
||||
################################################################
|
||||
#### Diffie-Hellman parameters
|
||||
################################################################
|
||||
|
||||
dh.998.pem:
|
||||
$(OPENSSL) dhparam -out $@ -text 998
|
||||
|
||||
dh.999.pem:
|
||||
$(OPENSSL) dhparam -out $@ -text 999
|
||||
|
||||
################################################################
|
||||
#### Meta targets
|
||||
################################################################
|
||||
|
17
tests/data_files/dh.998.pem
Normal file
17
tests/data_files/dh.998.pem
Normal file
@ -0,0 +1,17 @@
|
||||
DH Parameters: (998 bit)
|
||||
prime:
|
||||
39:5f:30:c0:7b:06:b7:6a:49:c6:c0:81:1f:39:77:
|
||||
b3:35:e2:8d:66:fc:6a:6e:94:f3:df:97:f2:89:31:
|
||||
6c:75:39:08:16:d1:a4:b8:0c:68:c5:63:21:61:eb:
|
||||
48:2d:77:99:08:1d:67:38:37:0a:cd:cf:39:b6:3c:
|
||||
9d:8a:e5:85:3c:71:e3:4b:3e:1e:b9:80:e3:cc:7a:
|
||||
fd:84:05:b0:df:36:15:29:4e:3e:23:3b:c3:ae:6b:
|
||||
c7:11:b9:64:43:40:75:c7:4a:ef:a7:2d:00:e2:62:
|
||||
8f:93:78:96:8f:2c:25:8d:7d:1f:eb:5c:3c:bf:51:
|
||||
de:f8:08:25:db
|
||||
generator: 2 (0x2)
|
||||
-----BEGIN DH PARAMETERS-----
|
||||
MIGCAn05XzDAewa3aknGwIEfOXezNeKNZvxqbpTz35fyiTFsdTkIFtGkuAxoxWMh
|
||||
YetILXeZCB1nODcKzc85tjydiuWFPHHjSz4euYDjzHr9hAWw3zYVKU4+IzvDrmvH
|
||||
EblkQ0B1x0rvpy0A4mKPk3iWjywljX0f61w8v1He+Agl2wIBAg==
|
||||
-----END DH PARAMETERS-----
|
17
tests/data_files/dh.999.pem
Normal file
17
tests/data_files/dh.999.pem
Normal file
@ -0,0 +1,17 @@
|
||||
DH Parameters: (999 bit)
|
||||
prime:
|
||||
4f:b8:d2:d8:3c:b3:02:c9:64:f5:99:fe:61:cc:b3:
|
||||
69:1c:ba:bb:a2:33:db:38:2f:85:87:b7:12:fb:69:
|
||||
6e:a5:32:3e:ff:24:df:c4:61:07:0c:e1:88:72:fa:
|
||||
14:d4:22:65:18:66:09:7e:43:35:c4:5a:62:f7:0a:
|
||||
69:be:45:71:6e:ac:c5:56:d8:22:9e:c4:9c:23:2b:
|
||||
bd:6d:3b:b6:02:4f:5d:12:a7:ac:90:b8:9e:be:93:
|
||||
82:bc:09:7c:cd:e1:09:21:1e:3d:69:2a:76:41:00:
|
||||
68:6d:b7:e8:e8:df:d6:1b:82:93:d9:21:4a:ea:71:
|
||||
f2:e6:c4:94:03
|
||||
generator: 2 (0x2)
|
||||
-----BEGIN DH PARAMETERS-----
|
||||
MIGCAn1PuNLYPLMCyWT1mf5hzLNpHLq7ojPbOC+Fh7cS+2lupTI+/yTfxGEHDOGI
|
||||
cvoU1CJlGGYJfkM1xFpi9wppvkVxbqzFVtginsScIyu9bTu2Ak9dEqeskLievpOC
|
||||
vAl8zeEJIR49aSp2QQBobbfo6N/WG4KT2SFK6nHy5sSUAwIBAg==
|
||||
-----END DH PARAMETERS-----
|
@ -3960,6 +3960,20 @@ run_test "DHM size: server 1024, client default, OK" \
|
||||
0 \
|
||||
-C "DHM prime too short:"
|
||||
|
||||
run_test "DHM size: server 999, client 999, OK" \
|
||||
"$P_SRV dhm_file=data_files/dh.999.pem" \
|
||||
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
|
||||
debug_level=1 dhmlen=999" \
|
||||
0 \
|
||||
-C "DHM prime too short:"
|
||||
|
||||
run_test "DHM size: server 1000, client 1000, OK" \
|
||||
"$P_SRV dhm_file=data_files/dh.1000.pem" \
|
||||
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
|
||||
debug_level=1 dhmlen=1000" \
|
||||
0 \
|
||||
-C "DHM prime too short:"
|
||||
|
||||
run_test "DHM size: server 1000, client default, rejected" \
|
||||
"$P_SRV dhm_file=data_files/dh.1000.pem" \
|
||||
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
|
||||
@ -3967,6 +3981,27 @@ run_test "DHM size: server 1000, client default, rejected" \
|
||||
1 \
|
||||
-c "DHM prime too short:"
|
||||
|
||||
run_test "DHM size: server 1000, client 1001, rejected" \
|
||||
"$P_SRV dhm_file=data_files/dh.1000.pem" \
|
||||
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
|
||||
debug_level=1 dhmlen=1001" \
|
||||
1 \
|
||||
-c "DHM prime too short:"
|
||||
|
||||
run_test "DHM size: server 999, client 1000, rejected" \
|
||||
"$P_SRV dhm_file=data_files/dh.999.pem" \
|
||||
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
|
||||
debug_level=1 dhmlen=1000" \
|
||||
1 \
|
||||
-c "DHM prime too short:"
|
||||
|
||||
run_test "DHM size: server 998, client 999, rejected" \
|
||||
"$P_SRV dhm_file=data_files/dh.998.pem" \
|
||||
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
|
||||
debug_level=1 dhmlen=999" \
|
||||
1 \
|
||||
-c "DHM prime too short:"
|
||||
|
||||
run_test "DHM size: server default, client 2049, rejected" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
|
||||
|
Loading…
Reference in New Issue
Block a user