Enforce a minimum DH modulus size of 512 bits

[extended tests] Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9437)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2019-07-22 22:50:19 +0200
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2019-07-24 14:44:08 +0200
commit: 6de1fe90860ddfe768864838637f681537f3f108 (patch)
tree: eb7dc66acc7eef6124922ad47edfdd168bd1eb19 /crypto/dh/dh_key.c
parent: 8b84b075ff065554c0cdd1086950f1a8614d93a4 (diff)
download: openssl-6de1fe90860ddfe768864838637f681537f3f108.zip
openssl-6de1fe90860ddfe768864838637f681537f3f108.tar.gz
openssl-6de1fe90860ddfe768864838637f681537f3f108.tar.bz2
1 files changed, 10 insertions, 0 deletions
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 0d6b04d..8731cc2 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -87,6 +87,11 @@ static int generate_key(DH *dh)
         return 0;
     }
 
+    if (BN_num_bits(dh->p) < DH_MIN_MODULUS_BITS) {
+        DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_SMALL);
+        return 0;
+    }
+
     ctx = BN_CTX_new();
     if (ctx == NULL)
         goto err;
@@ -181,6 +186,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
         goto err;
     }
 
+    if (BN_num_bits(dh->p) < DH_MIN_MODULUS_BITS) {
+        DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_SMALL);
+        return 0;
+    }
+
     ctx = BN_CTX_new();
     if (ctx == NULL)
         goto err;
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2019-07-22 22:50:19 +0200
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2019-07-24 14:44:08 +0200
commit	6de1fe90860ddfe768864838637f681537f3f108 (patch)
tree	eb7dc66acc7eef6124922ad47edfdd168bd1eb19 /crypto/dh/dh_key.c
parent	8b84b075ff065554c0cdd1086950f1a8614d93a4 (diff)
download	openssl-6de1fe90860ddfe768864838637f681537f3f108.zip openssl-6de1fe90860ddfe768864838637f681537f3f108.tar.gz openssl-6de1fe90860ddfe768864838637f681537f3f108.tar.bz2