From 7747938abe289fe6b8f9dd672e16cfcfcbdf8c95 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 4 Dec 2021 13:50:35 +0000
Subject: Move the minimum DHE key size check into ssl_kex_peer_params_dhe()

ok inoguchi@ tb@
---
 src/lib/libssl/ssl_kex.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'src/lib/libssl/ssl_kex.c')

diff --git a/src/lib/libssl/ssl_kex.c b/src/lib/libssl/ssl_kex.c
index 68d83cedbe..639981bec9 100644
--- a/src/lib/libssl/ssl_kex.c
+++ b/src/lib/libssl/ssl_kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_kex.c,v 1.6 2021/12/04 13:15:10 jsing Exp $ */
+/* $OpenBSD: ssl_kex.c,v 1.7 2021/12/04 13:50:35 jsing Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -25,6 +25,8 @@
 
 #include "bytestring.h"
 
+#define DHE_MINIMUM_BITS	1024
+
 int
 ssl_kex_generate_dhe(DH *dh, DH *dh_params)
 {
@@ -110,12 +112,14 @@ ssl_kex_public_dhe(DH *dh, CBB *cbb)
 }
 
 int
-ssl_kex_peer_params_dhe(DH *dh, CBS *cbs)
+ssl_kex_peer_params_dhe(DH *dh, CBS *cbs, int *invalid_params)
 {
-	CBS dh_p, dh_g;
 	BIGNUM *p = NULL, *g = NULL;
+	CBS dh_p, dh_g;
 	int ret = 0;
 
+	*invalid_params = 0;
+
 	if (!CBS_get_u16_length_prefixed(cbs, &dh_p))
 		goto err;
 	if (!CBS_get_u16_length_prefixed(cbs, &dh_g))
@@ -128,10 +132,14 @@ ssl_kex_peer_params_dhe(DH *dh, CBS *cbs)
 
 	if (!DH_set0_pqg(dh, p, NULL, g))
 		goto err;
-
 	p = NULL;
 	g = NULL;
 
+	/* XXX - consider calling DH_check(). */
+
+	if (DH_bits(dh) < DHE_MINIMUM_BITS)
+		*invalid_params = 1;
+
 	ret = 1;
 
  err:
-- 
cgit v1.2.3-55-g6feb