-/* $OpenBSD: s3_lib.c,v 1.228 2022/03/17 17:24:37 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.229 2022/06/29 08:30:04 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
return 0;
}
+ if (!ssl_security_dh(s, dh)) {
+ SSLerror(s, SSL_R_DH_KEY_TOO_SMALL);
+ return 0;
+ }
+
if ((dhe_params = DHparams_dup(dh)) == NULL) {
SSLerror(s, ERR_R_DH_LIB);
return 0;
return 0;
}
+ if (!ssl_ctx_security_dh(ctx, dh)) {
+ SSLerrorx(SSL_R_DH_KEY_TOO_SMALL);
+ return 0;
+ }
+
if ((dhe_params = DHparams_dup(dh)) == NULL) {
SSLerrorx(ERR_R_DH_LIB);
return 0;
-/* $OpenBSD: ssl_locl.h,v 1.399 2022/06/29 08:27:51 tb Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.400 2022/06/29 08:30:04 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
void *other);
int ssl_security(const SSL *ssl, int op, int bits, int nid, void * other);
+int ssl_ctx_security_dh(const SSL_CTX *ctx, DH *dh);
int ssl_security_dh(const SSL *ssl, DH *dh);
int ssl_get_new_session(SSL *s, int session);
-/* $OpenBSD: ssl_seclevel.c,v 1.6 2022/06/29 08:27:51 tb Exp $ */
+/* $OpenBSD: ssl_seclevel.c,v 1.7 2022/06/29 08:30:04 tb Exp $ */
/*
* Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
*
ssl->cert->security_ex_data);
}
+int
+ssl_ctx_security_dh(const SSL_CTX *ctx, DH *dh)
+{
+#if defined(LIBRESSL_HAS_SECURITY_LEVEL)
+ return ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0,
+ dh);
+#else
+ return 1;
+#endif
+}
int
ssl_security_dh(const SSL *ssl, DH *dh)
{
projects / openbsd / commitdiff