diff options
-rw-r--r-- | lib/gnutls_dh.c | 42 |
1 files changed, 29 insertions, 13 deletions
diff --git a/lib/gnutls_dh.c b/lib/gnutls_dh.c index dd308ad440..bce4157e8f 100644 --- a/lib/gnutls_dh.c +++ b/lib/gnutls_dh.c @@ -4,19 +4,20 @@ * This file is part of GNUTLS. * someday was part of gsti * - * GNUTLS is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. + * The GNUTLS library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. * - * GNUTLS is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include <gnutls_int.h> @@ -39,6 +40,7 @@ _gnutls_mpi_release(g); */ +#define MAX_BITS 12000 /* returns the public value (X), and the secret (ret_x). */ @@ -50,6 +52,11 @@ GNUTLS_MPI gnutls_calc_dh_secret(GNUTLS_MPI * ret_x, GNUTLS_MPI g, GNUTLS_MPI pr * prime/2 */ + if (x_size > MAX_BITS || x_size <= 0) { + gnutls_assert(); + return NULL; + } + x = _gnutls_mpi_new(x_size); if (x == NULL) { gnutls_assert(); @@ -59,9 +66,10 @@ GNUTLS_MPI gnutls_calc_dh_secret(GNUTLS_MPI * ret_x, GNUTLS_MPI g, GNUTLS_MPI pr return NULL; } - /* x_size-7 is there to overcome a bug in libgcrypt + /* (x_size/8)*8 is there to overcome a bug in libgcrypt + * which does not really check the bits given but the bytes. */ - _gnutls_mpi_randomize(x, x_size-7, GCRY_STRONG_RANDOM); + _gnutls_mpi_randomize(x, (x_size/8)*8, GCRY_STRONG_RANDOM); e = _gnutls_mpi_alloc_like(prime); if (e == NULL) { @@ -72,6 +80,7 @@ GNUTLS_MPI gnutls_calc_dh_secret(GNUTLS_MPI * ret_x, GNUTLS_MPI g, GNUTLS_MPI pr _gnutls_mpi_release( &x); return NULL; } + _gnutls_mpi_powm(e, g, x, prime); if (ret_x) @@ -85,6 +94,13 @@ GNUTLS_MPI gnutls_calc_dh_secret(GNUTLS_MPI * ret_x, GNUTLS_MPI g, GNUTLS_MPI pr GNUTLS_MPI gnutls_calc_dh_key(GNUTLS_MPI f, GNUTLS_MPI x, GNUTLS_MPI prime) { GNUTLS_MPI k; + int bits; + + bits = _gnutls_mpi_get_nbits(prime); + if (bits <= 0 || bits > MAX_BITS) { + gnutls_assert(); + return NULL; + } k = _gnutls_mpi_alloc_like(prime); if (k == NULL) |