mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 05:55:40 +01:00
Enforce dhm_min_bitlen exactly, not just the byte size
In a TLS client, enforce the Diffie-Hellman minimum parameter size set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the minimum size was rounded down to the nearest multiple of 8. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
3e7b61c42b
commit
6527cd382b
4
ChangeLog.d/dhm_min_bitlen.txt
Normal file
4
ChangeLog.d/dhm_min_bitlen.txt
Normal file
@ -0,0 +1,4 @@
|
||||
Bugfix
|
||||
* In a TLS client, enforce the Diffie-Hellman minimum parameter size
|
||||
set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
|
||||
minimum size was rounded down to the nearest multiple of 8.
|
@ -2209,6 +2209,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
|
||||
unsigned char *end )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
size_t dhm_actual_bitlen;
|
||||
|
||||
/*
|
||||
* Ephemeral DH parameters:
|
||||
@ -2226,10 +2227,11 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
|
||||
dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P );
|
||||
if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d",
|
||||
ssl->handshake->dhm_ctx.len * 8,
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %u < %u",
|
||||
(unsigned) dhm_actual_bitlen,
|
||||
ssl->conf->dhm_min_bitlen ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user