List Info

Thread: OpenSSL: OpenSSL-fips-0_9_8-stable: openssl/fips-1.0/dh/ fips_dh...
OpenSSL: OpenSSL-fips-0_9_8-stable: openssl/fips-1.0/dh/ fips_dh...
country flaguser name
Germany		 2007-08-13 08:28:32 
  OpenSSL CVS Repository
  http://cvs.openssl.org/
 
____________________________________________________________
________________

  Server: cvs.openssl.org                  Name:   Dr.
Stephen Henson
  Root:   /v/openssl/cvs                   Email:  steveopenssl.org
  Module: openssl                          Date:  
13-Aug-2007 15:28:32
  Branch: OpenSSL-fips-0_9_8-stable        Handle:
2007081314283100

  Modified files:           (Branch:
OpenSSL-fips-0_9_8-stable)
    openssl/fips-1.0/dh     fips_dh_key.c
    openssl/fips-1.0/dsa    fips_dsa_ossl.c

  Log:
    Include modulus sanity checks.

  Summary:
    Revision    Changes     Path
    1.1.4.5     +6  -0     
openssl/fips-1.0/dh/fips_dh_key.c
    1.1.4.6     +12 -0     
openssl/fips-1.0/dsa/fips_dsa_ossl.c
 
____________________________________________________________
________________

  patch -p0 <<' .'
  Index: openssl/fips-1.0/dh/fips_dh_key.c
 
============================================================
================
  $ cvs diff -u -r1.1.4.4 -r1.1.4.5 fips_dh_key.c
  --- openssl/fips-1.0/dh/fips_dh_key.c	2 Jul 2007 11:22:49
-0000	1.1.4.4
  +++ openssl/fips-1.0/dh/fips_dh_key.c	13 Aug 2007 13:28:31
-0000	1.1.4.5
   -188,6 +188,12 
   	if (ctx == NULL) goto err;
   	BN_CTX_start(ctx);
   	tmp = BN_CTX_get(ctx);
  +
  +	if (BN_num_bits(dh->p) >
OPENSSL_DH_MAX_MODULUS_BITS)
  +		{
  +		DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
  +		goto err;
  +		}
   	
   	if (dh->priv_key == NULL)
   		{
   .
  patch -p0 <<' .'
  Index: openssl/fips-1.0/dsa/fips_dsa_ossl.c
 
============================================================
================
  $ cvs diff -u -r1.1.4.5 -r1.1.4.6 fips_dsa_ossl.c
  --- openssl/fips-1.0/dsa/fips_dsa_ossl.c	2 Jul 2007
11:22:50 -0000	1.1.4.5
  +++ openssl/fips-1.0/dsa/fips_dsa_ossl.c	13 Aug 2007
13:28:31 -0000	1.1.4.6
   -297,6 +297,18 
   	    return -1;
   	    }
   
  +	if (BN_num_bits(dsa->q) != 160)
  +		{
  +		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
  +		return -1;
  +		}
  +
  +	if (BN_num_bits(dsa->p) >
OPENSSL_DSA_MAX_MODULUS_BITS)
  +		{
  +		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
  +		return -1;
  +		}
  +
   	BN_init(&u1);
   	BN_init(&u2);
   	BN_init(&t1);
   .
____________________________________________________________
__________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                    
openssl-cvsopenssl.org
Automated List Manager                          
majordomoopenssl.org
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )