aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/openssl/crypto/dh
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/crypto/dh')
-rw-r--r--crypto/openssl/crypto/dh/dh.h5
-rw-r--r--crypto/openssl/crypto/dh/dh_err.c1
-rw-r--r--crypto/openssl/crypto/dh/dh_key.c6
3 files changed, 12 insertions, 0 deletions
diff --git a/crypto/openssl/crypto/dh/dh.h b/crypto/openssl/crypto/dh/dh.h
index 05851f84294c..31453e9b2103 100644
--- a/crypto/openssl/crypto/dh/dh.h
+++ b/crypto/openssl/crypto/dh/dh.h
@@ -70,6 +70,10 @@
#include <openssl/crypto.h>
#include <openssl/ossl_typ.h>
+#ifndef OPENSSL_DH_MAX_MODULUS_BITS
+# define OPENSSL_DH_MAX_MODULUS_BITS 10000
+#endif
+
#define DH_FLAG_CACHE_MONT_P 0x01
#ifdef __cplusplus
@@ -200,6 +204,7 @@ void ERR_load_DH_strings(void);
/* Reason codes. */
#define DH_R_BAD_GENERATOR 101
#define DH_R_NO_PRIVATE_VALUE 100
+#define DH_R_MODULUS_TOO_LARGE 103
#ifdef __cplusplus
}
diff --git a/crypto/openssl/crypto/dh/dh_err.c b/crypto/openssl/crypto/dh/dh_err.c
index d837950aecb3..4e029603c802 100644
--- a/crypto/openssl/crypto/dh/dh_err.c
+++ b/crypto/openssl/crypto/dh/dh_err.c
@@ -78,6 +78,7 @@ static ERR_STRING_DATA DH_str_functs[]=
static ERR_STRING_DATA DH_str_reasons[]=
{
{DH_R_BAD_GENERATOR ,"bad generator"},
+{DH_R_MODULUS_TOO_LARGE ,"modulus too large"},
{DH_R_NO_PRIVATE_VALUE ,"no private value"},
{0,NULL}
};
diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/openssl/crypto/dh/dh_key.c
index 77f2f50b5166..649aa5cffde4 100644
--- a/crypto/openssl/crypto/dh/dh_key.c
+++ b/crypto/openssl/crypto/dh/dh_key.c
@@ -162,6 +162,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
BIGNUM *tmp;
int ret= -1;
+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
+ {
+ DHerr(DH_F_DH_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
+ goto err;
+ }
+
ctx = BN_CTX_new();
if (ctx == NULL) goto err;
BN_CTX_start(ctx);