summaryrefslogtreecommitdiffstats
path: root/ssl/statem/statem_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssl/statem/statem_clnt.c')
-rw-r--r--ssl/statem/statem_clnt.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index ba2fe0802d..99459a8c6a 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2147,18 +2147,19 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
}
bnpub_key = NULL;
- if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) {
- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
- SSL_R_DH_KEY_TOO_SMALL);
- goto err;
- }
-
if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
ERR_R_EVP_LIB);
goto err;
}
+ if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp),
+ 0, dh)) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
+ SSL_R_DH_KEY_TOO_SMALL);
+ goto err;
+ }
+
s->s3.peer_tmp = peer_tmp;
/*
@@ -2213,7 +2214,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
return 0;
}
- if ((s->s3.peer_tmp = ssl_generate_param_group(curve_id)) == NULL) {
+ if ((s->s3.peer_tmp = ssl_generate_param_group(s, curve_id)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
return 0;
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-09 19:06:11 +0000