backport checks for degenerate Diffie-Hellman public exponents from

OpenSSL-0.9.8a, where they were added without a corresponding patch to 0.9.7 or an advisory! ok theo@ markus@
author: djm <djm@openbsd.org> 2006-05-04 14:19:08 +0000
committer: djm <djm@openbsd.org> 2006-05-04 14:19:08 +0000
commit: 3f6aedb71b5870e7ce8766d55883514f5d6a4464 (patch)
tree: 38f12b3157d0717f56007105ebb29650968648dd /lib/libcrypto/dh/dh_key.c
parent: - document -i (diff)
download: wireguard-openbsd-3f6aedb71b5870e7ce8766d55883514f5d6a4464.tar.xz
wireguard-openbsd-3f6aedb71b5870e7ce8766d55883514f5d6a4464.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/libcrypto/dh/dh_key.c b/lib/libcrypto/dh/dh_key.c
index ff125c2296f..648766a6ec4 100644
--- a/lib/libcrypto/dh/dh_key.c
+++ b/lib/libcrypto/dh/dh_key.c
@@ -163,6 +163,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 	BN_MONT_CTX *mont;
 	BIGNUM *tmp;
 	int ret= -1;
+	int check_result;
 
 	ctx = BN_CTX_new();
 	if (ctx == NULL) goto err;
@@ -182,6 +183,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 		}
 
 	mont=(BN_MONT_CTX *)dh->method_mont_p;
+
+	if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
+		{
+		DHerr(DH_F_DH_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
+		goto err;
+		}
 	if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
 		{
 		DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
author	djm <djm@openbsd.org>	2006-05-04 14:19:08 +0000
committer	djm <djm@openbsd.org>	2006-05-04 14:19:08 +0000
commit	3f6aedb71b5870e7ce8766d55883514f5d6a4464 (patch)
tree	38f12b3157d0717f56007105ebb29650968648dd /lib/libcrypto/dh/dh_key.c
parent	- document -i (diff)
download	wireguard-openbsd-3f6aedb71b5870e7ce8766d55883514f5d6a4464.tar.xz wireguard-openbsd-3f6aedb71b5870e7ce8766d55883514f5d6a4464.zip