summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/gnutls_dh.c42
1 files changed, 29 insertions, 13 deletions
diff --git a/lib/gnutls_dh.c b/lib/gnutls_dh.c
index dd308ad440..bce4157e8f 100644
--- a/lib/gnutls_dh.c
+++ b/lib/gnutls_dh.c
@@ -4,19 +4,20 @@
* This file is part of GNUTLS.
* someday was part of gsti
*
- * GNUTLS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
*
- * GNUTLS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include <gnutls_int.h>
@@ -39,6 +40,7 @@
_gnutls_mpi_release(g);
*/
+#define MAX_BITS 12000
/* returns the public value (X), and the secret (ret_x).
*/
@@ -50,6 +52,11 @@ GNUTLS_MPI gnutls_calc_dh_secret(GNUTLS_MPI * ret_x, GNUTLS_MPI g, GNUTLS_MPI pr
* prime/2
*/
+ if (x_size > MAX_BITS || x_size <= 0) {
+ gnutls_assert();
+ return NULL;
+ }
+
x = _gnutls_mpi_new(x_size);
if (x == NULL) {
gnutls_assert();
@@ -59,9 +66,10 @@ GNUTLS_MPI gnutls_calc_dh_secret(GNUTLS_MPI * ret_x, GNUTLS_MPI g, GNUTLS_MPI pr
return NULL;
}
- /* x_size-7 is there to overcome a bug in libgcrypt
+ /* (x_size/8)*8 is there to overcome a bug in libgcrypt
+ * which does not really check the bits given but the bytes.
*/
- _gnutls_mpi_randomize(x, x_size-7, GCRY_STRONG_RANDOM);
+ _gnutls_mpi_randomize(x, (x_size/8)*8, GCRY_STRONG_RANDOM);
e = _gnutls_mpi_alloc_like(prime);
if (e == NULL) {
@@ -72,6 +80,7 @@ GNUTLS_MPI gnutls_calc_dh_secret(GNUTLS_MPI * ret_x, GNUTLS_MPI g, GNUTLS_MPI pr
_gnutls_mpi_release( &x);
return NULL;
}
+
_gnutls_mpi_powm(e, g, x, prime);
if (ret_x)
@@ -85,6 +94,13 @@ GNUTLS_MPI gnutls_calc_dh_secret(GNUTLS_MPI * ret_x, GNUTLS_MPI g, GNUTLS_MPI pr
GNUTLS_MPI gnutls_calc_dh_key(GNUTLS_MPI f, GNUTLS_MPI x, GNUTLS_MPI prime)
{
GNUTLS_MPI k;
+ int bits;
+
+ bits = _gnutls_mpi_get_nbits(prime);
+ if (bits <= 0 || bits > MAX_BITS) {
+ gnutls_assert();
+ return NULL;
+ }
k = _gnutls_mpi_alloc_like(prime);
if (k == NULL)