From 8f4c834e03d9c77686f81fede7b078f868e1c6af Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 4 Dec 2021 13:15:10 +0000
Subject: Check DH public key in ssl_kex_peer_public_dhe().

Call DH_check_pub_key() after decoding the peer public key - this will be
needed for the server DHE key exchange, but also benefits the client.

ok inoguchi@ tb@
---
 src/lib/libssl/ssl_kex.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'src/lib/libssl/ssl_kex.c')

diff --git a/src/lib/libssl/ssl_kex.c b/src/lib/libssl/ssl_kex.c
index 9af440d827..68d83cedbe 100644
--- a/src/lib/libssl/ssl_kex.c
+++ b/src/lib/libssl/ssl_kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_kex.c,v 1.5 2021/11/30 18:17:03 tb Exp $ */
+/* $OpenBSD: ssl_kex.c,v 1.6 2021/12/04 13:15:10 jsing Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  *
@@ -142,23 +142,31 @@ ssl_kex_peer_params_dhe(DH *dh, CBS *cbs)
 }
 
 int
-ssl_kex_peer_public_dhe(DH *dh, CBS *cbs)
+ssl_kex_peer_public_dhe(DH *dh, CBS *cbs, int *invalid_key)
 {
-	CBS dh_y;
 	BIGNUM *pub_key = NULL;
+	int check_flags;
+	CBS dh_y;
 	int ret = 0;
 
+	*invalid_key = 0;
+
 	if (!CBS_get_u16_length_prefixed(cbs, &dh_y))
 		goto err;
+
 	if ((pub_key = BN_bin2bn(CBS_data(&dh_y), CBS_len(&dh_y),
 	    NULL)) == NULL)
 		goto err;
 
 	if (!DH_set0_key(dh, pub_key, NULL))
 		goto err;
-
 	pub_key = NULL;
 
+	if (!DH_check_pub_key(dh, dh->pub_key, &check_flags))
+		goto err;
+	if (check_flags != 0)
+		*invalid_key = 1;
+
 	ret = 1;
 
  err:
-- 
cgit v1.2.3-55-g6feb