Only allow a temporary rsa key exchange when they key is larger than 512.

Reviewed-by: Matt Caswell <matt@openssl.org> MR #588
author: Kurt Roeckx <kurt@roeckx.be> 2015-04-18 19:15:48 +0200
committer: Kurt Roeckx <kurt@roeckx.be> 2015-06-09 00:46:59 +0200
commit: 1dece95168a32fb11cc671a7571807e04b47ed11 (patch)
tree: 22c37ea9e299500ae82dc6efe8ae0ff17b59a7c2 /ssl
parent: 26c79d5641dcc85c666e0594c11663c00ec6c195 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 2f7b093c3d..935a621e6d 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -334,7 +334,7 @@ int ssl3_connect(SSL *s)
             if (!
                 (s->s3->tmp.
                  new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
-&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+                    && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
                 ret = ssl3_get_server_certificate(s);
                 if (ret <= 0)
                     goto end;
@@ -1704,6 +1704,13 @@ int ssl3_get_key_exchange(SSL *s)
             SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
             goto err;
         }
+
+        if (EVP_PKEY_bits(pkey) <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+            goto f_err;
+        }
+
         s->session->sess_cert->peer_rsa_tmp = rsa;
         rsa = NULL;
     }
author	Kurt Roeckx <kurt@roeckx.be>	2015-04-18 19:15:48 +0200
committer	Kurt Roeckx <kurt@roeckx.be>	2015-06-09 00:46:59 +0200
commit	1dece95168a32fb11cc671a7571807e04b47ed11 (patch)
tree	22c37ea9e299500ae82dc6efe8ae0ff17b59a7c2 /ssl
parent	26c79d5641dcc85c666e0594c11663c00ec6c195 (diff)