author: Jung-uk Kim <jkim@FreeBSD.org> 2017-01-26 19:10:29 +0000
committer: Jung-uk Kim <jkim@FreeBSD.org> 2017-01-26 19:10:29 +0000
commit: 6cf8931a2f9fa26b2d9bdba6f1915f655e6bf25f (patch)
tree: 38524daaff4806b24b9b140615ce1c3850784d8e /crypto/openssl/ssl/s3_clnt.c
parent: ee80cc1b1cd77939b98079da917464bf2dfaefb4 (diff)
parent: 5315173646e65b5025be33013edc33eb9658e683 (diff)
1 files changed, 33 insertions, 11 deletions
diff --git a/crypto/openssl/ssl/s3_clnt.c b/crypto/openssl/ssl/s3_clnt.c
index 218534734dd7e..32f2f1aeed2b1 100644
--- a/crypto/openssl/ssl/s3_clnt.c
+++ b/crypto/openssl/ssl/s3_clnt.c
@@ -1710,12 +1710,6 @@ int ssl3_get_key_exchange(SSL *s)
         }
         p += i;
 
-        if (BN_is_zero(dh->p)) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE);
-            goto f_err;
-        }
-
-
         if (2 > n - param_len) {
             SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
             goto f_err;
@@ -1736,11 +1730,6 @@ int ssl3_get_key_exchange(SSL *s)
         }
         p += i;
 
-        if (BN_is_zero(dh->g)) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
-            goto f_err;
-        }
-
         if (2 > n - param_len) {
             SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
             goto f_err;
@@ -1767,6 +1756,39 @@ int ssl3_get_key_exchange(SSL *s)
             goto f_err;
         }
 
+        /*-
+         * Check that p and g are suitable enough
+         *
+         * p is odd
+         * 1 < g < p - 1
+         */
+        {
+            BIGNUM *tmp = NULL;
+
+            if (!BN_is_odd(dh->p)) {
+                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE);
+                goto f_err;
+            }
+            if (BN_is_negative(dh->g) || BN_is_zero(dh->g)
+                || BN_is_one(dh->g)) {
+                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
+                goto f_err;
+            }
+            if ((tmp = BN_new()) == NULL
+                || BN_copy(tmp, dh->p) == NULL
+                || !BN_sub_word(tmp, 1)) {
+                BN_free(tmp);
+                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+                goto err;
+            }
+            if (BN_cmp(dh->g, tmp) >= 0) {
+                BN_free(tmp);
+                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
+                goto f_err;
+            }
+            BN_free(tmp);
+        }
+
 # ifndef OPENSSL_NO_RSA
         if (alg_a & SSL_aRSA)
             pkey =
author	Jung-uk Kim <jkim@FreeBSD.org>	2017-01-26 19:10:29 +0000
committer	Jung-uk Kim <jkim@FreeBSD.org>	2017-01-26 19:10:29 +0000
commit	6cf8931a2f9fa26b2d9bdba6f1915f655e6bf25f (patch)
tree	38524daaff4806b24b9b140615ce1c3850784d8e /crypto/openssl/ssl/s3_clnt.c
parent	ee80cc1b1cd77939b98079da917464bf2dfaefb4 (diff)
parent	5315173646e65b5025be33013edc33eb9658e683 (diff)