diff options
author | Bodo Möller <bodo@openssl.org> | 2006-09-28 13:45:34 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2006-09-28 13:45:34 +0000 |
commit | 5e3225cc44ebdce3a88d04a627e975b3e76a6f9a (patch) | |
tree | 40fc0efbaf2e75215453e71a5b6b8b326d3bee0f /crypto/dh/dh_key.c | |
parent | 61118caa86ecf8acba2c6d17caabeed9022acf9d (diff) |
Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Diffstat (limited to 'crypto/dh/dh_key.c')
-rw-r--r-- | crypto/dh/dh_key.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 79984e13bc..cb5abdcf47 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -179,6 +179,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) int ret= -1; int check_result; + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) + { + DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); + goto err; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); |