diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-22 22:50:19 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-24 14:44:08 +0200 |
commit | 6de1fe90860ddfe768864838637f681537f3f108 (patch) | |
tree | eb7dc66acc7eef6124922ad47edfdd168bd1eb19 /crypto/dh | |
parent | 8b84b075ff065554c0cdd1086950f1a8614d93a4 (diff) | |
download | openssl-6de1fe90860ddfe768864838637f681537f3f108.zip openssl-6de1fe90860ddfe768864838637f681537f3f108.tar.gz openssl-6de1fe90860ddfe768864838637f681537f3f108.tar.bz2 |
Enforce a minimum DH modulus size of 512 bits
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9437)
Diffstat (limited to 'crypto/dh')
-rw-r--r-- | crypto/dh/dh_err.c | 1 | ||||
-rw-r--r-- | crypto/dh/dh_gen.c | 10 | ||||
-rw-r--r-- | crypto/dh/dh_key.c | 10 | ||||
-rw-r--r-- | crypto/dh/dh_locl.h | 2 |
4 files changed, 23 insertions, 0 deletions
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index cbde260..69f1452 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -41,6 +41,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = { {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEYS_NOT_SET), "keys not set"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_SMALL), "modulus too small"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR), "not suitable generator"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"}, diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 6e98b59..76d6ad0 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -61,6 +61,16 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, int g, ok = -1; BN_CTX *ctx = NULL; + if (prime_len > OPENSSL_DH_MAX_MODULUS_BITS) { + DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_MODULUS_TOO_LARGE); + return 0; + } + + if (prime_len < DH_MIN_MODULUS_BITS) { + DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_MODULUS_TOO_SMALL); + return 0; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 0d6b04d..8731cc2 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -87,6 +87,11 @@ static int generate_key(DH *dh) return 0; } + if (BN_num_bits(dh->p) < DH_MIN_MODULUS_BITS) { + DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_SMALL); + return 0; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -181,6 +186,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; } + if (BN_num_bits(dh->p) < DH_MIN_MODULUS_BITS) { + DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_SMALL); + return 0; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; diff --git a/crypto/dh/dh_locl.h b/crypto/dh/dh_locl.h index f0247b8..a9041e9 100644 --- a/crypto/dh/dh_locl.h +++ b/crypto/dh/dh_locl.h @@ -10,6 +10,8 @@ #include <openssl/dh.h> #include "internal/refcount.h" +#define DH_MIN_MODULUS_BITS 512 + struct dh_st { /* * This first argument is used to pick up errors when a DH is passed |