Introduce limits to prevent malicious keys being able to

cause a denial of service. (CVE-2006-2940) [Steve Henson, Bodo Moeller]
author: Bodo Möller <bodo@openssl.org> 2006-09-28 13:45:34 +0000
committer: Bodo Möller <bodo@openssl.org> 2006-09-28 13:45:34 +0000
commit: 5e3225cc44ebdce3a88d04a627e975b3e76a6f9a (patch)
tree: 40fc0efbaf2e75215453e71a5b6b8b326d3bee0f /crypto/dh/dh.h
parent: 61118caa86ecf8acba2c6d17caabeed9022acf9d (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index ecd61f36c1..86499b4c7e 100644
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -73,6 +73,10 @@
 #include <openssl/bn.h>
 #endif
 	
+#ifndef OPENSSL_DH_MAX_MODULUS_BITS
+# define OPENSSL_DH_MAX_MODULUS_BITS	10000
+#endif
+
 #define DH_FLAG_CACHE_MONT_P     0x01
 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
                                        * implementation now uses constant time
@@ -239,11 +243,12 @@ void ERR_load_DH_strings(void);
 
 /* Reason codes. */
 #define DH_R_BAD_GENERATOR				 101
-#define DH_R_BN_DECODE_ERROR				 103
+#define DH_R_BN_DECODE_ERROR				 109
 #define DH_R_BN_ERROR					 106
 #define DH_R_DECODE_ERROR				 104
 #define DH_R_INVALID_PUBKEY				 102
 #define DH_R_KEYS_NOT_SET				 108
+#define DH_R_MODULUS_TOO_LARGE				 103
 #define DH_R_NO_PARAMETERS_SET				 107
 #define DH_R_NO_PRIVATE_VALUE				 100
 #define DH_R_PARAMETER_ENCODING_ERROR			 105
author	Bodo Möller <bodo@openssl.org>	2006-09-28 13:45:34 +0000
committer	Bodo Möller <bodo@openssl.org>	2006-09-28 13:45:34 +0000
commit	5e3225cc44ebdce3a88d04a627e975b3e76a6f9a (patch)
tree	40fc0efbaf2e75215453e71a5b6b8b326d3bee0f /crypto/dh/dh.h
parent	61118caa86ecf8acba2c6d17caabeed9022acf9d (diff)