diff options
| author | Miod Vallat <miod@cvs.openbsd.org> | 2015-03-08 16:48:48 +0000 |
|---|---|---|
| committer | Miod Vallat <miod@cvs.openbsd.org> | 2015-03-08 16:48:48 +0000 |
| commit | a8fb100b7032b320f94853530099d4f5593c5bc2 (patch) | |
| tree | a038a53331a288e43c32bd7b7bb621de8f8b133b /lib/libssl | |
| parent | 417c45e66e15a580904bd2fd910a46434b8b6de3 (diff) | |
Reject DH keys sent by a server if they are considered too small; inspired
by a similar BoringSSL change, but raising the limit to 1024 bits.
ok jsing@ markus@ guenther@ deraadt@
Diffstat (limited to 'lib/libssl')
| -rw-r--r-- | lib/libssl/src/ssl/s3_clnt.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index 9b52691015e..d68aecf541e 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.107 2015/02/07 05:46:01 jsing Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.108 2015/03/08 16:48:47 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1268,6 +1268,17 @@ ssl3_get_key_exchange(SSL *s) p += i; n -= param_len; + /* + * Check the strength of the DH key just constructed. + * Discard keys weaker than 1024 bits. + */ + + if (DH_size(dh) < 1024 / 8) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_BAD_DH_P_LENGTH); + goto err; + } + if (alg_a & SSL_aRSA) pkey = X509_get_pubkey( s->session->sess_cert->peer_pkeys[ |