Reject DH keys sent by a server if they are considered too small; inspired

by a similar BoringSSL change, but raising the limit to 1024 bits. ok jsing@ markus@ guenther@ deraadt@
author: miod <> 2015-03-08 16:48:47 +0000
committer: miod <> 2015-03-08 16:48:47 +0000
commit: 7a8f138352aa4eb7b65ac4b1a5fe7630fbee1427 (patch)
tree: 6db03e296593fd98dcef3d6d72d36fc31c03b6d4 /src/lib
parent: 1e55b7f6250a8ae90d8b1aed376d8e93e3d7fc97 (diff)
download: openbsd-7a8f138352aa4eb7b65ac4b1a5fe7630fbee1427.tar.gz
openbsd-7a8f138352aa4eb7b65ac4b1a5fe7630fbee1427.tar.bz2
openbsd-7a8f138352aa4eb7b65ac4b1a5fe7630fbee1427.zip
2 files changed, 24 insertions, 2 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 9b52691015..d68aecf541 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.107 2015/02/07 05:46:01 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.108 2015/03/08 16:48:47 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1268,6 +1268,17 @@ ssl3_get_key_exchange(SSL *s)
                p += i;
                n -= param_len;
+                /*
+                 * Check the strength of the DH key just constructed.
+                 * Discard keys weaker than 1024 bits.
+                 */
+                if (DH_size(dh) < 1024 / 8) {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+                            SSL_R_BAD_DH_P_LENGTH);
+                        goto err;
+                }
                if (alg_a & SSL_aRSA)
                        pkey = X509_get_pubkey(
                            s->session->sess_cert->peer_pkeys[
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 9b52691015..d68aecf541 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.107 2015/02/07 05:46:01 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.108 2015/03/08 16:48:47 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1268,6 +1268,17 @@ ssl3_get_key_exchange(SSL *s)
                p += i;
                n -= param_len;
+                /*
+                 * Check the strength of the DH key just constructed.
+                 * Discard keys weaker than 1024 bits.
+                 */
+                if (DH_size(dh) < 1024 / 8) {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+                            SSL_R_BAD_DH_P_LENGTH);
+                        goto err;
+                }
                if (alg_a & SSL_aRSA)
                        pkey = X509_get_pubkey(
                            s->session->sess_cert->peer_pkeys[
author	miod <>	2015-03-08 16:48:47 +0000
committer	miod <>	2015-03-08 16:48:47 +0000
commit	7a8f138352aa4eb7b65ac4b1a5fe7630fbee1427 (patch)
tree	6db03e296593fd98dcef3d6d72d36fc31c03b6d4 /src/lib
parent	1e55b7f6250a8ae90d8b1aed376d8e93e3d7fc97 (diff)
download	openbsd-7a8f138352aa4eb7b65ac4b1a5fe7630fbee1427.tar.gz openbsd-7a8f138352aa4eb7b65ac4b1a5fe7630fbee1427.tar.bz2 openbsd-7a8f138352aa4eb7b65ac4b1a5fe7630fbee1427.zip

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 9b52691015..d68aecf541 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_clnt.c,v 1.107 2015/02/07 05:46:01 jsing Exp $ */	1	/* $OpenBSD: s3_clnt.c,v 1.108 2015/03/08 16:48:47 miod Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1268,6 +1268,17 @@ ssl3_get_key_exchange(SSL *s)
1268	p += i;	1268	p += i;
1269	n -= param_len;	1269	n -= param_len;
1270		1270
		1271	/*
		1272	* Check the strength of the DH key just constructed.
		1273	* Discard keys weaker than 1024 bits.
		1274	*/
		1275
		1276	if (DH_size(dh) < 1024 / 8) {
		1277	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
		1278	SSL_R_BAD_DH_P_LENGTH);
		1279	goto err;
		1280	}
		1281
1271	if (alg_a & SSL_aRSA)	1282	if (alg_a & SSL_aRSA)
1272	pkey = X509_get_pubkey(	1283	pkey = X509_get_pubkey(
1273	s->session->sess_cert->peer_pkeys[	1284	s->session->sess_cert->peer_pkeys[


diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index 9b52691015..d68aecf541 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_clnt.c,v 1.107 2015/02/07 05:46:01 jsing Exp $ */	1	/* $OpenBSD: s3_clnt.c,v 1.108 2015/03/08 16:48:47 miod Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1268,6 +1268,17 @@ ssl3_get_key_exchange(SSL *s)
1268	p += i;	1268	p += i;
1269	n -= param_len;	1269	n -= param_len;
1270		1270
		1271	/*
		1272	* Check the strength of the DH key just constructed.
		1273	* Discard keys weaker than 1024 bits.
		1274	*/
		1275
		1276	if (DH_size(dh) < 1024 / 8) {
		1277	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
		1278	SSL_R_BAD_DH_P_LENGTH);
		1279	goto err;
		1280	}
		1281
1271	if (alg_a & SSL_aRSA)	1282	if (alg_a & SSL_aRSA)
1272	pkey = X509_get_pubkey(	1283	pkey = X509_get_pubkey(
1273	s->session->sess_cert->peer_pkeys[	1284	s->session->sess_cert->peer_pkeys[