From 5e3225cc44ebdce3a88d04a627e975b3e76a6f9a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Thu, 28 Sep 2006 13:45:34 +0000
Subject: Introduce limits to prevent malicious keys being able to cause a
 denial of service.  (CVE-2006-2940) [Steve Henson, Bodo Moeller]

---
 crypto/dh/dh.h     | 7 ++++++-
 crypto/dh/dh_err.c | 1 +
 crypto/dh/dh_key.c | 6 ++++++
 3 files changed, 13 insertions(+), 1 deletion(-)

(limited to 'crypto/dh')

diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index ecd61f36c1..86499b4c7e 100644
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -73,6 +73,10 @@
 #include <openssl/bn.h>
 #endif
 	
+#ifndef OPENSSL_DH_MAX_MODULUS_BITS
+# define OPENSSL_DH_MAX_MODULUS_BITS	10000
+#endif
+
 #define DH_FLAG_CACHE_MONT_P     0x01
 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
                                        * implementation now uses constant time
@@ -239,11 +243,12 @@ void ERR_load_DH_strings(void);
 
 /* Reason codes. */
 #define DH_R_BAD_GENERATOR				 101
-#define DH_R_BN_DECODE_ERROR				 103
+#define DH_R_BN_DECODE_ERROR				 109
 #define DH_R_BN_ERROR					 106
 #define DH_R_DECODE_ERROR				 104
 #define DH_R_INVALID_PUBKEY				 102
 #define DH_R_KEYS_NOT_SET				 108
+#define DH_R_MODULUS_TOO_LARGE				 103
 #define DH_R_NO_PARAMETERS_SET				 107
 #define DH_R_NO_PRIVATE_VALUE				 100
 #define DH_R_PARAMETER_ENCODING_ERROR			 105
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
index 86d8cdd529..ea5aeedd93 100644
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@@ -95,6 +95,7 @@ static ERR_STRING_DATA DH_str_reasons[]=
 {ERR_REASON(DH_R_DECODE_ERROR)           ,"decode error"},
 {ERR_REASON(DH_R_INVALID_PUBKEY)         ,"invalid public key"},
 {ERR_REASON(DH_R_KEYS_NOT_SET)           ,"keys not set"},
+{ERR_REASON(DH_R_MODULUS_TOO_LARGE)      ,"modulus too large"},
 {ERR_REASON(DH_R_NO_PARAMETERS_SET)      ,"no parameters set"},
 {ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},
 {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 79984e13bc..cb5abdcf47 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -179,6 +179,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 	int ret= -1;
         int check_result;
 
+	if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
+		{
+		DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
+		goto err;
+		}
+
 	ctx = BN_CTX_new();
 	if (ctx == NULL) goto err;
 	BN_CTX_start(ctx);
-- 
cgit v1.2.3