diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-22 22:50:19 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-24 14:44:08 +0200 |
commit | 6de1fe90860ddfe768864838637f681537f3f108 (patch) | |
tree | eb7dc66acc7eef6124922ad47edfdd168bd1eb19 /crypto | |
parent | 8b84b075ff065554c0cdd1086950f1a8614d93a4 (diff) |
Enforce a minimum DH modulus size of 512 bits
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9437)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/dh/dh_err.c | 1 | ||||
-rw-r--r-- | crypto/dh/dh_gen.c | 10 | ||||
-rw-r--r-- | crypto/dh/dh_key.c | 10 | ||||
-rw-r--r-- | crypto/dh/dh_locl.h | 2 | ||||
-rw-r--r-- | crypto/err/openssl.txt | 1 |
5 files changed, 24 insertions, 0 deletions
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index cbde260145..69f1452441 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -41,6 +41,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = { {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEYS_NOT_SET), "keys not set"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_SMALL), "modulus too small"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR), "not suitable generator"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"}, diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 6e98b59d85..76d6ad018e 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -61,6 +61,16 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, int g, ok = -1; BN_CTX *ctx = NULL; + if (prime_len > OPENSSL_DH_MAX_MODULUS_BITS) { + DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_MODULUS_TOO_LARGE); + return 0; + } + + if (prime_len < DH_MIN_MODULUS_BITS) { + DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_MODULUS_TOO_SMALL); + return 0; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 0d6b04de20..8731cc2c73 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -87,6 +87,11 @@ static int generate_key(DH *dh) return 0; } + if (BN_num_bits(dh->p) < DH_MIN_MODULUS_BITS) { + DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_SMALL); + return 0; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -181,6 +186,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; } + if (BN_num_bits(dh->p) < DH_MIN_MODULUS_BITS) { + DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_SMALL); + return 0; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; diff --git a/crypto/dh/dh_locl.h b/crypto/dh/dh_locl.h index f0247b8d7d..a9041e9462 100644 --- a/crypto/dh/dh_locl.h +++ b/crypto/dh/dh_locl.h @@ -10,6 +10,8 @@ #include <openssl/dh.h> #include "internal/refcount.h" +#define DH_MIN_MODULUS_BITS 512 + struct dh_st { /* * This first argument is used to pick up errors when a DH is passed diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index d88e98993e..ede1c57a7b 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2276,6 +2276,7 @@ DH_R_KDF_PARAMETER_ERROR:112:kdf parameter error DH_R_KEYS_NOT_SET:108:keys not set DH_R_MISSING_PUBKEY:125:missing pubkey DH_R_MODULUS_TOO_LARGE:103:modulus too large +DH_R_MODULUS_TOO_SMALL:126:modulus too small DH_R_NOT_SUITABLE_GENERATOR:120:not suitable generator DH_R_NO_PARAMETERS_SET:107:no parameters set DH_R_NO_PRIVATE_VALUE:100:no private value |