Only allow a temporary rsa key exchange when they key is larger than 512.
authorKurt Roeckx <kurt@roeckx.be>
Sat, 18 Apr 2015 17:15:48 +0000 (19:15 +0200)
committerKurt Roeckx <kurt@roeckx.be>
Wed, 10 Jun 2015 22:06:06 +0000 (00:06 +0200)
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #838

ssl/s3_clnt.c

index 4f5d7560a01ad9c0e8ec9b064d8ab04e32fe9344..2346ce50c070153f1db8a77df4737c59c8ac8379 100644 (file)
@@ -341,7 +341,7 @@ int ssl3_connect(SSL *s)
             if (!
                 (s->s3->tmp.
                  new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
-&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+                    && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
                 ret = ssl3_get_server_certificate(s);
                 if (ret <= 0)
                     goto end;
@@ -1671,6 +1671,13 @@ int ssl3_get_key_exchange(SSL *s)
             SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
             goto err;
         }
+
+        if (EVP_PKEY_bits(pkey) <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+            goto f_err;
+        }
+
         s->session->sess_cert->peer_rsa_tmp = rsa;
         rsa = NULL;
     }