Introduce limits to prevent malicious keys being able to

cause a denial of service. (CVE-2006-2940) [Steve Henson, Bodo Moeller]
author: Bodo Möller <bodo@openssl.org> 2006-09-28 13:45:34 +0000
committer: Bodo Möller <bodo@openssl.org> 2006-09-28 13:45:34 +0000
commit: 5e3225cc44ebdce3a88d04a627e975b3e76a6f9a (patch)
tree: 40fc0efbaf2e75215453e71a5b6b8b326d3bee0f /crypto/rsa/rsa.h
parent: 61118caa86ecf8acba2c6d17caabeed9022acf9d (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index 31f3792a4c..7f9e10891e 100644
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -160,6 +160,17 @@ struct rsa_st
 	BN_BLINDING *mt_blinding;
 	};
 
+#ifndef OPENSSL_RSA_MAX_MODULUS_BITS
+# define OPENSSL_RSA_MAX_MODULUS_BITS	16384
+#endif
+
+#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
+# define OPENSSL_RSA_SMALL_MODULUS_BITS	3072
+#endif
+#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
+# define OPENSSL_RSA_MAX_PUBEXP_BITS	64 /* exponent limit enforced for "large" modulus only */
+#endif
+
 #define RSA_3	0x3L
 #define RSA_F4	0x10001L
 
@@ -452,6 +463,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_IQMP_NOT_INVERSE_OF_Q			 126
 #define RSA_R_KEY_SIZE_TOO_SMALL			 120
 #define RSA_R_LAST_OCTET_INVALID			 134
+#define RSA_R_MODULUS_TOO_LARGE				 105
 #define RSA_R_NO_PUBLIC_EXPONENT			 140
 #define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
 #define RSA_R_N_DOES_NOT_EQUAL_P_Q			 127
author	Bodo Möller <bodo@openssl.org>	2006-09-28 13:45:34 +0000
committer	Bodo Möller <bodo@openssl.org>	2006-09-28 13:45:34 +0000
commit	5e3225cc44ebdce3a88d04a627e975b3e76a6f9a (patch)
tree	40fc0efbaf2e75215453e71a5b6b8b326d3bee0f /crypto/rsa/rsa.h
parent	61118caa86ecf8acba2c6d17caabeed9022acf9d (diff)