diff options
author | Bodo Möller <bodo@openssl.org> | 2006-09-28 13:45:34 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2006-09-28 13:45:34 +0000 |
commit | 5e3225cc44ebdce3a88d04a627e975b3e76a6f9a (patch) | |
tree | 40fc0efbaf2e75215453e71a5b6b8b326d3bee0f /crypto/dsa | |
parent | 61118caa86ecf8acba2c6d17caabeed9022acf9d (diff) | |
download | openssl-5e3225cc44ebdce3a88d04a627e975b3e76a6f9a.tar.gz |
Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Diffstat (limited to 'crypto/dsa')
-rw-r--r-- | crypto/dsa/dsa.h | 10 | ||||
-rw-r--r-- | crypto/dsa/dsa_err.c | 2 | ||||
-rw-r--r-- | crypto/dsa/dsa_ossl.c | 12 |
3 files changed, 22 insertions, 2 deletions
diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 8023bb40b0..ff68bc01a4 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -84,6 +84,10 @@ #endif #endif +#ifndef OPENSSL_DSA_MAX_MODULUS_BITS +# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +#endif + #define DSA_FLAG_CACHE_MONT_P 0x01 #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA * implementation now uses constant time @@ -284,12 +288,14 @@ void ERR_load_DSA_strings(void); #define DSA_F_SIG_CB 114 /* Reason codes. */ -#define DSA_R_BN_DECODE_ERROR 102 -#define DSA_R_BN_ERROR 103 +#define DSA_R_BAD_Q_VALUE 102 +#define DSA_R_BN_DECODE_ERROR 108 +#define DSA_R_BN_ERROR 109 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 #define DSA_R_DECODE_ERROR 104 #define DSA_R_INVALID_DIGEST_TYPE 106 #define DSA_R_MISSING_PARAMETERS 101 +#define DSA_R_MODULUS_TOO_LARGE 103 #define DSA_R_NO_PARAMETERS_SET 107 #define DSA_R_PARAMETER_ENCODING_ERROR 105 diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index 0421d4de60..92ccb62e44 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -97,12 +97,14 @@ static ERR_STRING_DATA DSA_str_functs[]= static ERR_STRING_DATA DSA_str_reasons[]= { +{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"}, {ERR_REASON(DSA_R_BN_DECODE_ERROR) ,"bn decode error"}, {ERR_REASON(DSA_R_BN_ERROR) ,"bn error"}, {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, {ERR_REASON(DSA_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(DSA_R_INVALID_DIGEST_TYPE) ,"invalid digest type"}, {ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, +{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DSA_R_NO_PARAMETERS_SET) ,"no parameters set"}, {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"}, {0,NULL} diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 7a66bcebb5..2fab8dc65a 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -303,6 +303,18 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, return -1; } + if (BN_num_bits(dsa->q) != 160) + { + DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE); + return -1; + } + + if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) + { + DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); + return -1; + } + BN_init(&u1); BN_init(&u2); BN_init(&t1); |