Re: libcrypto "Client DoS due to large DH parameter"

Tue, 12 Jun 2018 08:16:53 -0700 

On 2018/06/12 16:47, Theo Buehler wrote:
> On Tue, Jun 12, 2018 at 03:24:39PM +0100, Stuart Henderson wrote:
> > from https://github.com/openssl/openssl/commit/3984ef0b7 (advisory forwarded
> > below).  is it ok to just use this directly?
> > 
> > Index: dh_key.c
> > ===================================================================
> > RCS file: /cvs/src/lib/libcrypto/dh/dh_key.c,v
> > retrieving revision 1.27
> > diff -u -p -r1.27 dh_key.c
> > --- dh_key.c        29 Jan 2017 17:49:22 -0000      1.27
> > +++ dh_key.c        12 Jun 2018 14:08:13 -0000
> > @@ -104,10 +104,15 @@ generate_key(DH *dh)
> >     int ok = 0;
> >     int generate_new_key = 0;
> >     unsigned l;
> > -   BN_CTX *ctx;
> > +   BN_CTX *ctx = NULL;
> 
> I don't object to doing this initialization, but I don't really see the
> point of it -- unless you plan to do 'goto err' instead of 'return 0'
> (but this would add a pointless generic ERR_R_BN_LIB error).

oh, that must be a holdover from Guido's first diff which did use goto err.

> >     BN_MONT_CTX *mont = NULL;
> >     BIGNUM *pub_key = NULL, *priv_key = NULL;
> >  
> > +   if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
> > +           DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
> 
> We don't use these two parameter error macros anymore. Please use
> 
>               DHerror(DH_R_MODULUS_TOO_LARGE);

oops :) started the build but forgot to check it before sending the mail ...

updated for these two below.

> With that it's
> 
> ok tb
> 
> (provided that those more knowledgeable about the fine points of
> licencing agree that it's fine pulling it in.)

I'm not sure what ended up happening with the switch to Apache license,
but the license in their repo hasn't changed.

Index: dh/dh_key.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/dh/dh_key.c,v
retrieving revision 1.27
diff -u -p -r1.27 dh_key.c
--- dh/dh_key.c 29 Jan 2017 17:49:22 -0000      1.27
+++ dh/dh_key.c 12 Jun 2018 15:15:39 -0000
@@ -108,6 +108,11 @@ generate_key(DH *dh)
        BN_MONT_CTX *mont = NULL;
        BIGNUM *pub_key = NULL, *priv_key = NULL;
 
+       if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+               DHerror(DH_R_MODULUS_TOO_LARGE);
+               return 0;
+       }
+
        ctx = BN_CTX_new();
        if (ctx == NULL)
                goto err;

Reply via email to