Commit ea7abeea authored by Guido Vranken's avatar Guido Vranken Committed by Matt Caswell
Browse files

Reject excessively large primes in DH key generation. 



CVE-2018-0732

Signed-off-by: default avatarGuido Vranken <guidovranken@gmail.com>

(cherry picked from commit 91f7361f)

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6457)
parent 9a236d5a

crypto/dh/dh_key.c

+6 −1
Original line number Diff line number Diff line
@@ -78,10 +78,15 @@ static int generate_key(DH *dh) 
    int ok = 0;

    int generate_new_key = 0;

    unsigned l;

    BN_CTX *ctx;

    BN_CTX *ctx = NULL;

    BN_MONT_CTX *mont = NULL;

    BIGNUM *pub_key = NULL, *priv_key = NULL;



    if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {

        DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);

        return 0;

    }



    ctx = BN_CTX_new();

    if (ctx == NULL)

        goto err;