aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/openssl/crypto/dh/dh_key.c
diff options
context:
space:
mode:
authorColin Percival <cperciva@FreeBSD.org>2006-09-28 13:06:23 +0000
committerColin Percival <cperciva@FreeBSD.org>2006-09-28 13:06:23 +0000
commit30a6ffb3330a4ce39d12906a7dda5c4d9ed91dc3 (patch)
treedd781c2038cbc6db2809f44aae4144784fa53814 /crypto/openssl/crypto/dh/dh_key.c
parentb55396780782c474e291f8557a14c033f4c6941d (diff)
downloadsrc-30a6ffb3330a4ce39d12906a7dda5c4d9ed91dc3.tar.gz
src-30a6ffb3330a4ce39d12906a7dda5c4d9ed91dc3.zip
Correct multiple vulnerabilities in crypto(3).
Limit the size of public keys used in order to protect applications from a denial of service via insane key sizes. Security: FreeBSD-SA-06:23.openssl Approved by: so (cperciva)
Notes
Notes: svn path=/releng/4.11/; revision=162724
Diffstat (limited to 'crypto/openssl/crypto/dh/dh_key.c')
-rw-r--r--crypto/openssl/crypto/dh/dh_key.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/openssl/crypto/dh/dh_key.c
index 77f2f50b5166..649aa5cffde4 100644
--- a/crypto/openssl/crypto/dh/dh_key.c
+++ b/crypto/openssl/crypto/dh/dh_key.c
@@ -162,6 +162,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
BIGNUM *tmp;
int ret= -1;
+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
+ {
+ DHerr(DH_F_DH_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
+ goto err;
+ }
+
ctx = BN_CTX_new();
if (ctx == NULL) goto err;
BN_CTX_start(ctx);