Move the minimum DHE key size check into ssl_kex_peer_params_dhe()

ok inoguchi@ tb@

1 files changed, 12 insertions, 4 deletions

diff --git a/src/lib/libssl/ssl_kex.c b/src/lib/libssl/ssl_kex.c
index 68d83cedbe..639981bec9 100644
--- a/src/lib/libssl/ssl_kex.c
+++ b/src/lib/libssl/ssl_kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_kex.c,v 1.6 2021/12/04 13:15:10 jsing Exp $ */
+/* $OpenBSD: ssl_kex.c,v 1.7 2021/12/04 13:50:35 jsing Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -25,6 +25,8 @@
 
 #include "bytestring.h"
 
+#define DHE_MINIMUM_BITS        1024
+
 int
 ssl_kex_generate_dhe(DH *dh, DH *dh_params)
 {
@@ -110,12 +112,14 @@ ssl_kex_public_dhe(DH *dh, CBB *cbb)
 }
 
 int
-ssl_kex_peer_params_dhe(DH *dh, CBS *cbs)
+ssl_kex_peer_params_dhe(DH *dh, CBS *cbs, int *invalid_params)
 {
-        CBS dh_p, dh_g;
         BIGNUM *p = NULL, *g = NULL;
+        CBS dh_p, dh_g;
         int ret = 0;
 
+        *invalid_params = 0;
+
         if (!CBS_get_u16_length_prefixed(cbs, &dh_p))
                 goto err;
         if (!CBS_get_u16_length_prefixed(cbs, &dh_g))
@@ -128,10 +132,14 @@ ssl_kex_peer_params_dhe(DH *dh, CBS *cbs)
 
         if (!DH_set0_pqg(dh, p, NULL, g))
                 goto err;
-
         p = NULL;
         g = NULL;
 
+        /* XXX - consider calling DH_check(). */
+
+        if (DH_bits(dh) < DHE_MINIMUM_BITS)
+                *invalid_params = 1;
+
         ret = 1;
 
  err: