Skip to content

Commit ea7abee

Browse files
guidovrankenmattcaswell
guidovranken
authored and
mattcaswell
committed
Reject excessively large primes in DH key generation.
CVE-2018-0732 Signed-off-by: Guido Vranken <guidovranken@gmail.com> (cherry picked from commit 91f7361) Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #6457)
1 parent 9a236d5 commit ea7abee

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

crypto/dh/dh_key.c

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -78,10 +78,15 @@ static int generate_key(DH *dh)
7878
int ok = 0;
7979
int generate_new_key = 0;
8080
unsigned l;
81-
BN_CTX *ctx;
81+
BN_CTX *ctx = NULL;
8282
BN_MONT_CTX *mont = NULL;
8383
BIGNUM *pub_key = NULL, *priv_key = NULL;
8484

85+
if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
86+
DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
87+
return 0;
88+
}
89+
8590
ctx = BN_CTX_new();
8691
if (ctx == NULL)
8792
goto err;

0 commit comments

Comments
 (0)