Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
openssl.10986
openssl-CVE-2018-0732.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2018-0732.patch of Package openssl.10986
From 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe Mon Sep 17 00:00:00 2001 From: Guido Vranken <guidovranken@gmail.com> Date: Mon, 11 Jun 2018 19:38:54 +0200 Subject: [PATCH] Reject excessively large primes in DH key generation. CVE-2018-0732 Signed-off-by: Guido Vranken <guidovranken@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6457) --- crypto/dh/dh_key.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) Index: openssl-1.0.1i/crypto/dh/dh_key.c =================================================================== --- openssl-1.0.1i.orig/crypto/dh/dh_key.c +++ openssl-1.0.1i/crypto/dh/dh_key.c @@ -122,7 +122,7 @@ static int generate_key(DH *dh) int ok=0; int generate_new_key=0; unsigned l; - BN_CTX *ctx; + BN_CTX *ctx = NULL; BN_MONT_CTX *mont=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL; @@ -134,6 +134,11 @@ static int generate_key(DH *dh) } #endif + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { + DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); + return 0; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor