From 8f4c834e03d9c77686f81fede7b078f868e1c6af Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 4 Dec 2021 13:15:10 +0000
Subject: Check DH public key in ssl_kex_peer_public_dhe().

Call DH_check_pub_key() after decoding the peer public key - this will be
needed for the server DHE key exchange, but also benefits the client.

ok inoguchi@ tb@
---
 src/lib/libssl/ssl_clnt.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'src/lib/libssl/ssl_clnt.c')

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index b349f24cb0..04b3132d35 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.120 2021/11/29 16:00:32 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.121 2021/12/04 13:15:10 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1223,6 +1223,7 @@ ssl3_get_server_certificate(SSL *s)
 static int
 ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
 {
+	int invalid_key;
 	SESS_CERT *sc = NULL;
 	DH *dh = NULL;
 	long alg_a;
@@ -1235,7 +1236,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
 
 	if (!ssl_kex_peer_params_dhe(dh, cbs))
 		goto decode_err;
-	if (!ssl_kex_peer_public_dhe(dh, cbs))
+	if (!ssl_kex_peer_public_dhe(dh, cbs, &invalid_key))
 		goto decode_err;
 
 	/*
@@ -1246,6 +1247,11 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
 		SSLerror(s, SSL_R_BAD_DH_P_LENGTH);
 		goto err;
 	}
+	if (invalid_key) {
+		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
+		SSLerror(s, SSL_R_BAD_DH_PUB_KEY_LENGTH);
+		goto err;
+	}
 
 	if (alg_a & SSL_aRSA)
 		*pkey = X509_get_pubkey(sc->peer_pkeys[SSL_PKEY_RSA].x509);
-- 
cgit v1.2.3-55-g6feb