Only allow a temporary rsa key exchange when they key is larger than 512. (f3b355fe) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/s3_clnt.c

+8 −1

Original line number	Diff line number	Diff line
		@@ -1596,6 +1596,13 @@ int ssl3_get_key_exchange(SSL *s)
		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
		goto err;
		}

		if (EVP_PKEY_bits(pkey) <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
		al = SSL_AD_UNEXPECTED_MESSAGE;
		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
		goto f_err;
		}

		s->session->sess_cert->peer_rsa_tmp = rsa;
		rsa = NULL;
		}