Reject excessively large primes in DH key generation.

author Guido Vranken <guidovranken@gmail.com>

Mon, 11 Jun 2018 17:38:54 +0000 (19:38 +0200)

committer Matt Caswell <matt@openssl.org>

Tue, 12 Jun 2018 09:27:24 +0000 (10:27 +0100)
author Guido Vranken <guidovranken@gmail.com>
Mon, 11 Jun 2018 17:38:54 +0000 (19:38 +0200)
committer Matt Caswell <matt@openssl.org>
Tue, 12 Jun 2018 09:27:24 +0000 (10:27 +0100)
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c

index fce9ff47f3670fe6be17fab0b8c3f5309516c636..58003d708781f3ec679daeccda1b4a15378f7aeb 100644 (file)
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -78,10 +78,15 @@ static int generate_key(DH *dh)
      int ok = 0;
      int generate_new_key = 0;
      unsigned l;
-    BN_CTX *ctx;
+    BN_CTX *ctx = NULL;
      BN_MONT_CTX *mont = NULL;
      BIGNUM *pub_key = NULL, *priv_key = NULL;
  
+    if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+        DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
+        return 0;
+    }
+
      ctx = BN_CTX_new();
      if (ctx == NULL)
          goto err;
author	Guido Vranken <guidovranken@gmail.com>
	Mon, 11 Jun 2018 17:38:54 +0000 (19:38 +0200)
committer	Matt Caswell <matt@openssl.org>
	Tue, 12 Jun 2018 09:27:24 +0000 (10:27 +0100)