From 0d95ae4252681d1380a8be96a3d26e32de7acabb Mon Sep 17 00:00:00 2001
From: Hans Leidekker <hans@codeweavers.com>
Date: Thu, 7 Dec 2023 12:33:28 +0100
Subject: [PATCH] bcrypt: Reject DH keys smaller than 512 bits.

---
 dlls/bcrypt/bcrypt_main.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 0f2d94a418f..3f47b36d178 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -1210,6 +1210,8 @@ static NTSTATUS key_asymmetric_create( enum alg_id alg_id, ULONG bitlen, struct
         return STATUS_NOT_IMPLEMENTED;
     }
 
+    if (alg_id == ALG_ID_DH && bitlen < 512) return STATUS_INVALID_PARAMETER;
+
     if (!(key = calloc( 1, sizeof(*key) ))) return STATUS_NO_MEMORY;
     key->hdr.magic  = MAGIC_KEY;
     key->alg_id     = alg_id;