Only allow a temporary rsa key exchange when they key is larger than 512.

Reviewed-by: N Matt Caswell <matt@openssl.org> MR #588

Only allow a temporary rsa key exchange when they key is larger than 512.
Reviewed-by: N Matt Caswell <matt@openssl.org> MR #588
1dece951 · Kurt Roeckx · 26c79d56 · 1dece951
显示空白变更内容
内联并排

Showing with 8 addition and 1 deletion

ssl/s3_clnt.c ssl/s3_clnt.c +8 -1

未找到文件。
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -334,7 +334,7 @@ int ssl3_connect(SSL *s)
            if (!
                (s->s3->tmp.
                 new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
-&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+                    && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
                ret = ssl3_get_server_certificate(s);
                if (ret <= 0)
                    goto end;
@@ -1704,6 +1704,13 @@ int ssl3_get_key_exchange(SSL *s)
            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
            goto err;
        }
+
+        if (EVP_PKEY_bits(pkey) <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+            goto f_err;
+        }
+
        s->session->sess_cert->peer_rsa_tmp = rsa;
        rsa = NULL;
    }