Search
j0ke.net Open Build Service
>
Projects
>
home:netmax
:
monitoring
>
openssl1
> openssl-CVE-2018-0732.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File openssl-CVE-2018-0732.patch of Package openssl1
From 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe Mon Sep 17 00:00:00 2001 From: Guido Vranken <guidovranken@gmail.com> Date: Mon, 11 Jun 2018 19:38:54 +0200 Subject: [PATCH] Reject excessively large primes in DH key generation. CVE-2018-0732 Signed-off-by: Guido Vranken <guidovranken@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6457) --- crypto/dh/dh_key.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) Index: openssl-1.0.1g/crypto/dh/dh_key.c =================================================================== --- openssl-1.0.1g.orig/crypto/dh/dh_key.c 2014-03-17 17:14:20.000000000 +0100 +++ openssl-1.0.1g/crypto/dh/dh_key.c 2018-08-09 17:40:25.874917123 +0200 @@ -119,10 +119,15 @@ static int generate_key(DH *dh) int ok=0; int generate_new_key=0; unsigned l; - BN_CTX *ctx; + BN_CTX *ctx = NULL; BN_MONT_CTX *mont=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL; + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { + DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); + return 0; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err;