diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-03-26 09:52:43 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-03-26 09:53:02 +0100 |
commit | f029209722489cb0767219e6841adcc54fa979da (patch) | |
tree | 5b8b3099aaa37567aab36eb0402035bf62cf8c3d | |
parent | 71b4ae6774fc08b80e30692ccce4e1bc00c9975f (diff) | |
download | gnutls-f029209722489cb0767219e6841adcc54fa979da.tar.gz |
add a check for invalid DH parameters.
-rw-r--r-- | lib/auth/dh_common.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c index 3451e8236e..54a47bd8ba 100644 --- a/lib/auth/dh_common.c +++ b/lib/auth/dh_common.c @@ -301,6 +301,12 @@ _gnutls_dh_common_print_server_kx(gnutls_session_t session, int ret; unsigned q_bits = session->key.dh_params.flags; + if (q_bits < 192) { + gnutls_assert(); + _gnutls_debug_log("too small q_bits value for DH: %u\n", q_bits); + q_bits = 0; /* auto-detect */ + } + /* Y=g^x mod p */ ret = _gnutls_pk_generate_keys(GNUTLS_PK_DH, q_bits, |