feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3406 from ejohnstown/dh-fix-2

Browse Source 
DH Fix 2
This commit is contained in:
Sean Parkinson
2020-10-21 08:05:42 +10:00
committed by GitHub
parent c863ca54a3 2c5a4ba508
commit ffd55ac1fe
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/internal.c
View File

@ -21260,6 +21260,9 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
if (length > ssl->options.maxDhKeySz) { if (length > ssl->options.maxDhKeySz) {
WOLFSSL_MSG("Server using a DH key generator that is too big"); WOLFSSL_MSG("Server using a DH key generator that is too big");
SendAlert(ssl, alert_fatal, handshake_failure); SendAlert(ssl, alert_fatal, handshake_failure);
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
ERROR_OUT(DH_KEY_SIZE_E, exit_gdpk); ERROR_OUT(DH_KEY_SIZE_E, exit_gdpk);
} }
@ -21306,11 +21309,23 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
if (length < ssl->options.minDhKeySz) { if (length < ssl->options.minDhKeySz) {
WOLFSSL_MSG("Server using a public DH key that is too small"); WOLFSSL_MSG("Server using a public DH key that is too small");
SendAlert(ssl, alert_fatal, handshake_failure); SendAlert(ssl, alert_fatal, handshake_failure);
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_G.buffer = NULL;
ERROR_OUT(DH_KEY_SIZE_E, exit_gdpk); ERROR_OUT(DH_KEY_SIZE_E, exit_gdpk);
} }
if (length > ssl->options.maxDhKeySz) { if (length > ssl->options.maxDhKeySz) {
WOLFSSL_MSG("Server using a public DH key that is too big"); WOLFSSL_MSG("Server using a public DH key that is too big");
SendAlert(ssl, alert_fatal, handshake_failure); SendAlert(ssl, alert_fatal, handshake_failure);
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_P.buffer = NULL;
XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
DYNAMIC_TYPE_PUBLIC_KEY);
ssl->buffers.serverDH_G.buffer = NULL;
ERROR_OUT(DH_KEY_SIZE_E, exit_gdpk); ERROR_OUT(DH_KEY_SIZE_E, exit_gdpk);
} }