From 7747938abe289fe6b8f9dd672e16cfcfcbdf8c95 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 4 Dec 2021 13:50:35 +0000
Subject: Move the minimum DHE key size check into ssl_kex_peer_params_dhe()

ok inoguchi@ tb@
---
 src/lib/libssl/ssl_clnt.c | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

(limited to 'src/lib/libssl/ssl_clnt.c')

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 04b3132d35..a3c78096f7 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.121 2021/12/04 13:15:10 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.122 2021/12/04 13:50:35 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1223,7 +1223,7 @@ ssl3_get_server_certificate(SSL *s)
 static int
 ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
 {
-	int invalid_key;
+	int invalid_params, invalid_key;
 	SESS_CERT *sc = NULL;
 	DH *dh = NULL;
 	long alg_a;
@@ -1234,16 +1234,13 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
 	if ((dh = DH_new()) == NULL)
 		goto err;
 
-	if (!ssl_kex_peer_params_dhe(dh, cbs))
+	if (!ssl_kex_peer_params_dhe(dh, cbs, &invalid_params))
 		goto decode_err;
 	if (!ssl_kex_peer_public_dhe(dh, cbs, &invalid_key))
 		goto decode_err;
 
-	/*
-	 * Check the strength of the DH key just constructed.
-	 * Reject keys weaker than 1024 bits.
-	 */
-	if (DH_size(dh) < 1024 / 8) {
+	if (invalid_params) {
+		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
 		SSLerror(s, SSL_R_BAD_DH_P_LENGTH);
 		goto err;
 	}
-- 
cgit v1.2.3-55-g6feb