add a check for invalid DH parameters.

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-03-26 09:52:43 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-03-26 09:53:02 +0100
commit: f029209722489cb0767219e6841adcc54fa979da (patch)
tree: 5b8b3099aaa37567aab36eb0402035bf62cf8c3d
parent: 71b4ae6774fc08b80e30692ccce4e1bc00c9975f (diff)
download: gnutls-f029209722489cb0767219e6841adcc54fa979da.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c
index 3451e8236e..54a47bd8ba 100644
--- a/lib/auth/dh_common.c
+++ b/lib/auth/dh_common.c
@@ -301,6 +301,12 @@ _gnutls_dh_common_print_server_kx(gnutls_session_t session,
 	int ret;
 	unsigned q_bits = session->key.dh_params.flags;
 
+	if (q_bits < 192) {
+		gnutls_assert();
+		_gnutls_debug_log("too small q_bits value for DH: %u\n", q_bits);
+		q_bits = 0; /* auto-detect */
+	}
+
 	/* Y=g^x mod p */
 	ret =
 	    _gnutls_pk_generate_keys(GNUTLS_PK_DH, q_bits,
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-03-26 09:52:43 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-03-26 09:53:02 +0100
commit	f029209722489cb0767219e6841adcc54fa979da (patch)
tree	5b8b3099aaa37567aab36eb0402035bf62cf8c3d
parent	71b4ae6774fc08b80e30692ccce4e1bc00c9975f (diff)
download	gnutls-f029209722489cb0767219e6841adcc54fa979da.tar.gz