diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2007-08-13 13:28:31 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2007-08-13 13:28:31 +0000 |
commit | 0a6e92a88ff02bebd04feec58903cbadcacaec15 (patch) | |
tree | b0ec67c2c68abf0a3f54ce7141310d3aeeacd6d2 | |
parent | 36eaa706210caa413ade3f802cde3f7e74a1b681 (diff) |
Include modulus sanity checks.
-rw-r--r-- | fips-1.0/dh/fips_dh_key.c | 6 | ||||
-rw-r--r-- | fips-1.0/dsa/fips_dsa_ossl.c | 12 |
2 files changed, 18 insertions, 0 deletions
diff --git a/fips-1.0/dh/fips_dh_key.c b/fips-1.0/dh/fips_dh_key.c index 7f5854f476..b30a85f2e4 100644 --- a/fips-1.0/dh/fips_dh_key.c +++ b/fips-1.0/dh/fips_dh_key.c @@ -188,6 +188,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) if (ctx == NULL) goto err; BN_CTX_start(ctx); tmp = BN_CTX_get(ctx); + + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) + { + DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); + goto err; + } if (dh->priv_key == NULL) { diff --git a/fips-1.0/dsa/fips_dsa_ossl.c b/fips-1.0/dsa/fips_dsa_ossl.c index fb3893afc3..a29be0f7fc 100644 --- a/fips-1.0/dsa/fips_dsa_ossl.c +++ b/fips-1.0/dsa/fips_dsa_ossl.c @@ -297,6 +297,18 @@ static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len, DS return -1; } + if (BN_num_bits(dsa->q) != 160) + { + DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE); + return -1; + } + + if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) + { + DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); + return -1; + } + BN_init(&u1); BN_init(&u2); BN_init(&t1); |