3 files changed, 28 insertions, 40 deletions

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 9b52691015..d68aecf541 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.107 2015/02/07 05:46:01 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.108 2015/03/08 16:48:47 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1268,6 +1268,17 @@ ssl3_get_key_exchange(SSL *s)
                 p += i;
                 n -= param_len;
 
+                /*
+                 * Check the strength of the DH key just constructed.
+                 * Discard keys weaker than 1024 bits.
+                 */
+
+                if (DH_size(dh) < 1024 / 8) {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+                            SSL_R_BAD_DH_P_LENGTH);
+                        goto err;
+                }
+
                 if (alg_a & SSL_aRSA)
                         pkey = X509_get_pubkey(
                             s->session->sess_cert->peer_pkeys[
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 9b52691015..d68aecf541 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.107 2015/02/07 05:46:01 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.108 2015/03/08 16:48:47 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1268,6 +1268,17 @@ ssl3_get_key_exchange(SSL *s)
                 p += i;
                 n -= param_len;
 
+                /*
+                 * Check the strength of the DH key just constructed.
+                 * Discard keys weaker than 1024 bits.
+                 */
+
+                if (DH_size(dh) < 1024 / 8) {
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+                            SSL_R_BAD_DH_P_LENGTH);
+                        goto err;
+                }
+
                 if (alg_a & SSL_aRSA)
                         pkey = X509_get_pubkey(
                             s->session->sess_cert->peer_pkeys[
diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c
index 91956a1322..5b03e0e0b8 100644
--- a/src/regress/lib/libssl/ssl/ssltest.c
+++ b/src/regress/lib/libssl/ssl/ssltest.c
@@ -194,7 +194,6 @@ struct app_verify_arg {
         char *proxy_cond;
 };
 
-static DH *get_dh512(void);
 static DH *get_dh1024(void);
 static DH *get_dh1024dsa(void);
 
@@ -428,7 +427,6 @@ sv_usage(void)
         fprintf(stderr, " -reuse        - use session-id reuse\n");
         fprintf(stderr, " -num <val>    - number of connections to perform\n");
         fprintf(stderr, " -bytes <val>  - number of bytes to swap between client/server\n");
-        fprintf(stderr, " -dhe1024      - use 1024 bit key (safe prime) for DHE\n");
         fprintf(stderr, " -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");
         fprintf(stderr, " -no_dhe       - disable DHE\n");
         fprintf(stderr, " -no_ecdhe     - disable ECDHE\n");
@@ -569,7 +567,7 @@ main(int argc, char *argv[])
         int number = 1, reuse = 0;
         long bytes = 256L;
         DH *dh;
-        int dhe1024 = 0, dhe1024dsa = 0;
+        int dhe1024dsa = 0;
         EC_KEY *ecdh = NULL;
         int no_dhe = 0;
         int no_ecdhe = 0;
@@ -612,9 +610,7 @@ main(int argc, char *argv[])
                         debug = 1;
                 else if (strcmp(*argv, "-reuse") == 0)
                         reuse = 1;
-                else if (strcmp(*argv, "-dhe1024") == 0) {
-                        dhe1024 = 1;
-                } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
+                else if (strcmp(*argv, "-dhe1024dsa") == 0) {
                         dhe1024dsa = 1;
                 } else if (strcmp(*argv, "-no_dhe") == 0)
                         no_dhe = 1;
@@ -787,10 +783,8 @@ bad:
                         /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
                         SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
                         dh = get_dh1024dsa();
-                } else if (dhe1024)
+                } else
                         dh = get_dh1024();
-                else
-                        dh = get_dh512();
                 SSL_CTX_set_tmp_dh(s_ctx, dh);
                 DH_free(dh);
         }
@@ -2089,39 +2083,11 @@ free_tmp_rsa(void)
 }
 
 /* These DH parameters have been generated as follows:
- *    $ openssl dhparam -C -noout 512
  *    $ openssl dhparam -C -noout 1024
  *    $ openssl dhparam -C -noout -dsaparam 1024
- * (The third function has been renamed to avoid name conflicts.)
+ * (The second function has been renamed to avoid name conflicts.)
  */
 static DH *
-get_dh512()
-{
-        static unsigned char dh512_p[] = {
-                0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0, 0xC6,
-                0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04, 0xB0,
-                0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9, 0x5F,
-                0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33, 0xB8,
-                0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21, 0x33,
-                0x02, 0xC5, 0xAE, 0x23,
-        };
-        static unsigned char dh512_g[] = {
-                0x02,
-        };
-        DH *dh;
-
-        if ((dh = DH_new()) == NULL)
-                return (NULL);
-        dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
-        dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
-        if ((dh->p == NULL) || (dh->g == NULL)) {
-                DH_free(dh);
-                return (NULL);
-        }
-        return (dh);
-}
-
-static DH *
 get_dh1024()
 {
         static unsigned char dh1024_p[] = {