From 973703db67a8e73d70e63afa8f2cde19da09144d Mon Sep 17 00:00:00 2001
From: miod <>
Date: Sun, 8 Mar 2015 16:48:47 +0000
Subject: Reject DH keys sent by a server if they are considered too small;
 inspired by a similar BoringSSL change, but raising the limit to 1024 bits.
 ok jsing@ markus@ guenther@ deraadt@

---
 src/lib/libssl/s3_clnt.c         | 13 ++++++++++++-
 src/lib/libssl/src/ssl/s3_clnt.c | 13 ++++++++++++-
 2 files changed, 24 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 9b52691015..d68aecf541 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.107 2015/02/07 05:46:01 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.108 2015/03/08 16:48:47 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1268,6 +1268,17 @@ ssl3_get_key_exchange(SSL *s)
 		p += i;
 		n -= param_len;
 
+		/*
+		 * Check the strength of the DH key just constructed.
+		 * Discard keys weaker than 1024 bits.
+		 */
+
+		if (DH_size(dh) < 1024 / 8) {
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+			    SSL_R_BAD_DH_P_LENGTH);
+			goto err;
+		}
+
 		if (alg_a & SSL_aRSA)
 			pkey = X509_get_pubkey(
 			    s->session->sess_cert->peer_pkeys[
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 9b52691015..d68aecf541 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.107 2015/02/07 05:46:01 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.108 2015/03/08 16:48:47 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1268,6 +1268,17 @@ ssl3_get_key_exchange(SSL *s)
 		p += i;
 		n -= param_len;
 
+		/*
+		 * Check the strength of the DH key just constructed.
+		 * Discard keys weaker than 1024 bits.
+		 */
+
+		if (DH_size(dh) < 1024 / 8) {
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+			    SSL_R_BAD_DH_P_LENGTH);
+			goto err;
+		}
+
 		if (alg_a & SSL_aRSA)
 			pkey = X509_get_pubkey(
 			    s->session->sess_cert->peer_pkeys[
-- 
cgit v1.2.3-55-g6feb