From e28303b40ac4b4ecdd2d2342c236000ee3c55c02 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 21 Oct 2020 21:47:32 -0700
Subject: [PATCH] In DoServerKeyExchange(), when reading the DH key from the
 server, the client was checking it too strictly. The pubkey value should be
 checked as strictly as the generator, for too large. The public key value is
 checked mathematically elsewhere.

---
 src/internal.c | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 23d3c2521..335aeb718 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -21330,17 +21330,6 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
         ERROR_OUT(BUFFER_ERROR, exit_gdpk);
     }
 
-    if (length < ssl->options.minDhKeySz) {
-        WOLFSSL_MSG("Server using a public DH key that is too small");
-        SendAlert(ssl, alert_fatal, handshake_failure);
-        XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
-                DYNAMIC_TYPE_PUBLIC_KEY);
-        ssl->buffers.serverDH_P.buffer = NULL;
-        XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
-                DYNAMIC_TYPE_PUBLIC_KEY);
-        ssl->buffers.serverDH_G.buffer = NULL;
-        ERROR_OUT(DH_KEY_SIZE_E, exit_gdpk);
-    }
     if (length > ssl->options.maxDhKeySz) {
         WOLFSSL_MSG("Server using a public DH key that is too big");
         SendAlert(ssl, alert_fatal, handshake_failure);