diff options
author | Pauli <pauli@openssl.org> | 2021-06-18 12:54:24 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-06-19 15:49:46 +1000 |
commit | d7b5c648d682b499b71320a03747602a6ba4dec3 (patch) | |
tree | e862a77bf88186198192164adc3ed5bf1f61c5ae /ssl/t1_lib.c | |
parent | b9d022d78faee0648c3ace7f15ccec08f14feddb (diff) |
ssl: do not choose auto DH groups that are weaker than the security level
Fixes #15808
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15818)
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 3bc424acef..2ee97c2ae6 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2884,7 +2884,7 @@ EVP_PKEY *ssl_get_auto_dh(SSL *s) { EVP_PKEY *dhp = NULL; BIGNUM *p; - int dh_secbits = 80; + int dh_secbits = 80, sec_level_bits; EVP_PKEY_CTX *pctx = NULL; OSSL_PARAM_BLD *tmpl = NULL; OSSL_PARAM *params = NULL; @@ -2902,6 +2902,11 @@ EVP_PKEY *ssl_get_auto_dh(SSL *s) } } + /* Do not pick a prime that is too weak for the current security level */ + sec_level_bits = ssl_get_security_level_bits(s, NULL, NULL); + if (dh_secbits < sec_level_bits) + dh_secbits = sec_level_bits; + if (dh_secbits >= 192) p = BN_get_rfc3526_prime_8192(NULL); else if (dh_secbits >= 152) |