Skip to content

Commit

Permalink
MFC: Reject excessively large primes in DH key generation. Problem re…
Browse files Browse the repository at this point in the history 
…ported

by Guido Vranken to OpenSSL (openssl/openssl#6457)
and based on his diff.  suggestions from tb@, ok tb@ jsing@

Original commit by sthen@
  • Loading branch information
jsing committed Jun 13, 2018
1 parent cfcadc0 commit e41ca2f
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions src/lib/libcrypto/dh/dh_key.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,11 @@ generate_key(DH *dh)
BN_MONT_CTX *mont = NULL;
BIGNUM *pub_key = NULL, *priv_key = NULL;

if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
DHerror(DH_R_MODULUS_TOO_LARGE);
return 0;
}

ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
Expand Down

0 comments on commit e41ca2f

Please sign in to comment.