Attachment #97750 for bug #148654

Lines 73-78 Link Here

(-)crypto/dh/dh.h (+4 lines)
73	#include <openssl/bn.h>	73	#include <openssl/bn.h>
74	#endif	74	#endif
75		75
		76	#define OPENSSL_DH_MAX_MODULUS_BITS 3072
		77
76	#define DH_FLAG_CACHE_MONT_P 0x01	78	#define DH_FLAG_CACHE_MONT_P 0x01
77	#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH	79	#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
78	* implementation now uses constant time	80	* implementation now uses constant time
Lines 214-219 Link Here
214	#define DH_F_DHPARAMS_PRINT 100	216	#define DH_F_DHPARAMS_PRINT 100
215	#define DH_F_DHPARAMS_PRINT_FP 101	217	#define DH_F_DHPARAMS_PRINT_FP 101
216	#define DH_F_DH_BUILTIN_GENPARAMS 106	218	#define DH_F_DH_BUILTIN_GENPARAMS 106
		219	#define DH_F_DH_COMPUTE_KEY 107
217	#define DH_F_DH_NEW_METHOD 105	220	#define DH_F_DH_NEW_METHOD 105
218	#define DH_F_GENERATE_KEY 103	221	#define DH_F_GENERATE_KEY 103
219	#define DH_F_GENERATE_PARAMETERS 104	222	#define DH_F_GENERATE_PARAMETERS 104
Lines 221-226 Link Here
221	/* Reason codes. */	224	/* Reason codes. */
222	#define DH_R_BAD_GENERATOR 101	225	#define DH_R_BAD_GENERATOR 101
223	#define DH_R_INVALID_PUBKEY 102	226	#define DH_R_INVALID_PUBKEY 102
		227	#define DH_R_MODULUS_TOO_LARGE 103
224	#define DH_R_NO_PRIVATE_VALUE 100	228	#define DH_R_NO_PRIVATE_VALUE 100
225		229
226	#ifdef __cplusplus	230	#ifdef __cplusplus

Lines 74-79 Link Here

(-)crypto/dh/dh_err.c (+2 lines)
74	{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"},	74	{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"},
75	{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},	75	{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
76	{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},	76	{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
		77	{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
77	{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},	78	{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
78	{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"},	79	{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"},
79	{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"},	80	{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"},
Lines 84-89 Link Here
84	{	85	{
85	{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},	86	{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
86	{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},	87	{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
		88	{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
87	{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},	89	{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
88	{0,NULL}	90	{0,NULL}
89	};	91	};

Lines 179-184 Link Here

(-)crypto/dh/dh_key.c (+6 lines)
179	int ret= -1;	179	int ret= -1;
180	int check_result;	180	int check_result;
181		181
		182	if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
		183	{
		184	DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
		185	goto err;
		186	}
		187
182	ctx = BN_CTX_new();	188	ctx = BN_CTX_new();
183	if (ctx == NULL) goto err;	189	if (ctx == NULL) goto err;
184	BN_CTX_start(ctx);	190	BN_CTX_start(ctx);

Lines 84-89 Link Here

(-)crypto/dsa/dsa.h (+4 lines)
84	#endif	84	#endif
85	#endif	85	#endif
86		86
		87	#define OPENSSL_DSA_MAX_MODULUS_BITS 3072
		88
87	#define DSA_FLAG_CACHE_MONT_P 0x01	89	#define DSA_FLAG_CACHE_MONT_P 0x01
88	#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA	90	#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
89	* implementation now uses constant time	91	* implementation now uses constant time
Lines 270-277 Link Here
270	#define DSA_F_SIG_CB 114	272	#define DSA_F_SIG_CB 114
271		273
272	/* Reason codes. */	274	/* Reason codes. */
		275	#define DSA_R_BAD_Q_VALUE 102
273	#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100	276	#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
274	#define DSA_R_MISSING_PARAMETERS 101	277	#define DSA_R_MISSING_PARAMETERS 101
		278	#define DSA_R_MODULUS_TOO_LARGE 103
275		279
276	#ifdef __cplusplus	280	#ifdef __cplusplus
277	}	281	}

Lines 89-96 Link Here

(-)crypto/dsa/dsa_err.c (+2 lines)
89		89
90	static ERR_STRING_DATA DSA_str_reasons[]=	90	static ERR_STRING_DATA DSA_str_reasons[]=
91	{	91	{
		92	{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"},
92	{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},	93	{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
93	{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},	94	{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
		95	{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
94	{0,NULL}	96	{0,NULL}
95	};	97	};
96		98




		return -1;
		}

	if (BN_num_bits(dsa->q) != 160)
		{
		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
		return -1;
		}

	if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
		{
		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
		return -1;
		}

	BN_init(&u1);
	BN_init(&u2);
	BN_init(&t1);

Lines 93-98 Link Here

(-)crypto/ec/ec.h (+6 lines)
93	#endif	93	#endif
94		94
95		95
		96	#define OPENSSL_ECC_MAX_FIELD_BITS 661
		97
		98
96	typedef enum {	99	typedef enum {
97	/* values as defined in X9.62 (ECDSA) and elsewhere */	100	/* values as defined in X9.62 (ECDSA) and elsewhere */
98	POINT_CONVERSION_COMPRESSED = 2,	101	POINT_CONVERSION_COMPRESSED = 2,
Lines 482-487 Link Here
482	#define EC_R_D2I_ECPKPARAMETERS_FAILURE 117	485	#define EC_R_D2I_ECPKPARAMETERS_FAILURE 117
483	#define EC_R_DISCRIMINANT_IS_ZERO 118	486	#define EC_R_DISCRIMINANT_IS_ZERO 118
484	#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119	487	#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119
		488	#define EC_R_FIELD_TOO_LARGE 138
485	#define EC_R_GROUP2PKPARAMETERS_FAILURE 120	489	#define EC_R_GROUP2PKPARAMETERS_FAILURE 120
486	#define EC_R_I2D_ECPKPARAMETERS_FAILURE 121	490	#define EC_R_I2D_ECPKPARAMETERS_FAILURE 121
487	#define EC_R_INCOMPATIBLE_OBJECTS 101	491	#define EC_R_INCOMPATIBLE_OBJECTS 101
Lines 492-498 Link Here
492	#define EC_R_INVALID_FIELD 103	496	#define EC_R_INVALID_FIELD 103
493	#define EC_R_INVALID_FORM 104	497	#define EC_R_INVALID_FORM 104
494	#define EC_R_INVALID_GROUP_ORDER 122	498	#define EC_R_INVALID_GROUP_ORDER 122
		499	#define EC_R_INVALID_PENTANOMIAL_BASIS 132
495	#define EC_R_INVALID_PRIVATE_KEY 123	500	#define EC_R_INVALID_PRIVATE_KEY 123
		501	#define EC_R_INVALID_TRINOMIAL_BASIS 137
496	#define EC_R_MISSING_PARAMETERS 124	502	#define EC_R_MISSING_PARAMETERS 124
497	#define EC_R_MISSING_PRIVATE_KEY 125	503	#define EC_R_MISSING_PRIVATE_KEY 125
498	#define EC_R_NOT_A_NIST_PRIME 135	504	#define EC_R_NOT_A_NIST_PRIME 135

Lines 741-746 Link Here

(-)crypto/ec/ec_asn1.c (+46 lines)
741	EC_GROUP *ret = NULL;	741	EC_GROUP *ret = NULL;
742	BIGNUM p = NULL, a = NULL, *b = NULL;	742	BIGNUM p = NULL, a = NULL, *b = NULL;
743	EC_POINT *point=NULL;	743	EC_POINT *point=NULL;
		744	long field_bits;
744		745
745	if (!params->fieldID \|\| !params->fieldID->fieldType \|\|	746	if (!params->fieldID \|\| !params->fieldID->fieldType \|\|
746	!params->fieldID->p.ptr)	747	!params->fieldID->p.ptr)
Lines 779-784 Link Here
779		780
780	char_two = params->fieldID->p.char_two;	781	char_two = params->fieldID->p.char_two;
781		782
		783	field_bits = char_two->m;
		784	if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS)
		785	{
		786	ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
		787	goto err;
		788	}
		789
782	if ((p = BN_new()) == NULL)	790	if ((p = BN_new()) == NULL)
783	{	791	{
784	ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE);	792	ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE);
Lines 799-804 Link Here
799	}	807	}
800		808
801	tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);	809	tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
		810
		811	if (!(char_two->m > tmp_long && tmp_long > 0))
		812	{
		813	ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_TRINOMIAL_BASIS);
		814	goto err;
		815	}
		816
802	/* create the polynomial */	817	/* create the polynomial */
803	if (!BN_set_bit(p, (int)char_two->m))	818	if (!BN_set_bit(p, (int)char_two->m))
804	goto err;	819	goto err;
Lines 817-822 Link Here
817	ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);	832	ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
818	goto err;	833	goto err;
819	}	834	}
		835
		836	if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0))
		837	{
		838	ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_PENTANOMIAL_BASIS);
		839	goto err;
		840	}
		841
820	/* create the polynomial */	842	/* create the polynomial */
821	if (!BN_set_bit(p, (int)char_two->m)) goto err;	843	if (!BN_set_bit(p, (int)char_two->m)) goto err;
822	if (!BN_set_bit(p, (int)penta->k1)) goto err;	844	if (!BN_set_bit(p, (int)penta->k1)) goto err;
Lines 853-858 Link Here
853	ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);	875	ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
854	goto err;	876	goto err;
855	}	877	}
		878
		879	if (BN_is_negative(p) \|\| BN_is_zero(p))
		880	{
		881	ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
		882	goto err;
		883	}
		884
		885	field_bits = BN_num_bits(p);
		886	if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS)
		887	{
		888	ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
		889	goto err;
		890	}
		891
856	/* create the EC_GROUP structure */	892	/* create the EC_GROUP structure */
857	ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);	893	ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
858	}	894	}
Lines 910-915 Link Here
910	ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);	946	ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
911	goto err;	947	goto err;
912	}	948	}
		949	if (BN_is_negative(a) \|\| BN_is_zero(a))
		950	{
		951	ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
		952	goto err;
		953	}
		954	if (BN_num_bits(a) > (int)field_bits + 1) /* Hasse bound */
		955	{
		956	ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
		957	goto err;
		958	}
913		959
914	/* extract the cofactor (optional) */	960	/* extract the cofactor (optional) */
915	if (params->cofactor == NULL)	961	if (params->cofactor == NULL)




{ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),"d2i ecpkparameters failure"},
{ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO)   ,"discriminant is zero"},
{ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),"ec group new by name failure"},
{ERR_REASON(EC_R_FIELD_TOO_LARGE)        ,"field too large"},
{ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),"group2pkparameters failure"},
{ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),"i2d ecpkparameters failure"},
{ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS)   ,"incompatible objects"},

{ERR_REASON(EC_R_INVALID_FIELD)          ,"invalid field"},
{ERR_REASON(EC_R_INVALID_FORM)           ,"invalid form"},
{ERR_REASON(EC_R_INVALID_GROUP_ORDER)    ,"invalid group order"},
{ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS),"invalid pentanomial basis"},
{ERR_REASON(EC_R_INVALID_PRIVATE_KEY)    ,"invalid private key"},
{ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS),"invalid trinomial basis"},
{ERR_REASON(EC_R_MISSING_PARAMETERS)     ,"missing parameters"},
{ERR_REASON(EC_R_MISSING_PRIVATE_KEY)    ,"missing private key"},
{ERR_REASON(EC_R_NOT_A_NIST_PRIME)       ,"not a NIST prime"},

Lines 159-164 Link Here

(-)crypto/rsa/rsa.h (+6 lines)
159	BN_BLINDING *mt_blinding;	159	BN_BLINDING *mt_blinding;
160	};	160	};
161		161
		162	#define OPENSSL_RSA_MAX_MODULUS_BITS 16384
		163
		164	#define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
		165	#define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "small" modulus only */
		166
162	#define RSA_3 0x3L	167	#define RSA_3 0x3L
163	#define RSA_F4 0x10001L	168	#define RSA_F4 0x10001L
164		169
Lines 407-412 Link Here
407	#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126	412	#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
408	#define RSA_R_KEY_SIZE_TOO_SMALL 120	413	#define RSA_R_KEY_SIZE_TOO_SMALL 120
409	#define RSA_R_LAST_OCTET_INVALID 134	414	#define RSA_R_LAST_OCTET_INVALID 134
		415	#define RSA_R_MODULUS_TOO_LARGE 105
410	#define RSA_R_NO_PUBLIC_EXPONENT 140	416	#define RSA_R_NO_PUBLIC_EXPONENT 140
411	#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113	417	#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
412	#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127	418	#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127




	unsigned char *buf=NULL;
	BN_CTX *ctx=NULL;

	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
		{
		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
		return -1;
		}

	if (BN_ucmp(rsa->n, rsa->e) <= 0)
		{
		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
		return -1;
		}

	/* for large moduli, enforce exponent limit */
	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
		{
		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
			{
			RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
			return -1;
			}
		}
	
	if ((ctx=BN_CTX_new()) == NULL) goto err;
	BN_CTX_start(ctx);
	f = BN_CTX_get(ctx);

	unsigned char *buf=NULL;
	BN_CTX *ctx=NULL;

	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
		{
		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
		return -1;
		}

	if (BN_ucmp(rsa->n, rsa->e) <= 0)
		{
		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
		return -1;
		}

	/* for large moduli, enforce exponent limit */
	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
		{
		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
			{
			RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
			return -1;
			}
		}
	
	if((ctx = BN_CTX_new()) == NULL) goto err;
	BN_CTX_start(ctx);
	f = BN_CTX_get(ctx);

Lines 137-142 Link Here

(-)crypto/rsa/rsa_err.c (+1 lines)
137	{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},	137	{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
138	{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},	138	{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
139	{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"},	139	{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"},
		140	{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
140	{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"},	141	{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"},
141	{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},	142	{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
142	{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},	143	{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},

Return to bug 148654

Lines 304-309 Link Here

(-)crypto/dsa/dsa_ossl.c (+12 lines)
304	return -1;	304	return -1;
305	}	305	}
306		306
		307	if (BN_num_bits(dsa->q) != 160)
		308	{
		309	DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
		310	return -1;
		311	}
		312
		313	if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
		314	{
		315	DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
		316	return -1;
		317	}
		318
307	BN_init(&u1);	319	BN_init(&u1);
308	BN_init(&u2);	320	BN_init(&u2);
309	BN_init(&t1);	321	BN_init(&t1);

Lines 188-193 Link Here

(-)crypto/ec/ec_err.c (+3 lines)
188	{ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),"d2i ecpkparameters failure"},	188	{ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),"d2i ecpkparameters failure"},
189	{ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO) ,"discriminant is zero"},	189	{ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO) ,"discriminant is zero"},
190	{ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),"ec group new by name failure"},	190	{ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),"ec group new by name failure"},
		191	{ERR_REASON(EC_R_FIELD_TOO_LARGE) ,"field too large"},
191	{ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),"group2pkparameters failure"},	192	{ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),"group2pkparameters failure"},
192	{ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),"i2d ecpkparameters failure"},	193	{ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),"i2d ecpkparameters failure"},
193	{ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS) ,"incompatible objects"},	194	{ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS) ,"incompatible objects"},
Lines 198-204 Link Here
198	{ERR_REASON(EC_R_INVALID_FIELD) ,"invalid field"},	199	{ERR_REASON(EC_R_INVALID_FIELD) ,"invalid field"},
199	{ERR_REASON(EC_R_INVALID_FORM) ,"invalid form"},	200	{ERR_REASON(EC_R_INVALID_FORM) ,"invalid form"},
200	{ERR_REASON(EC_R_INVALID_GROUP_ORDER) ,"invalid group order"},	201	{ERR_REASON(EC_R_INVALID_GROUP_ORDER) ,"invalid group order"},
		202	{ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS),"invalid pentanomial basis"},
201	{ERR_REASON(EC_R_INVALID_PRIVATE_KEY) ,"invalid private key"},	203	{ERR_REASON(EC_R_INVALID_PRIVATE_KEY) ,"invalid private key"},
		204	{ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS),"invalid trinomial basis"},
202	{ERR_REASON(EC_R_MISSING_PARAMETERS) ,"missing parameters"},	205	{ERR_REASON(EC_R_MISSING_PARAMETERS) ,"missing parameters"},
203	{ERR_REASON(EC_R_MISSING_PRIVATE_KEY) ,"missing private key"},	206	{ERR_REASON(EC_R_MISSING_PRIVATE_KEY) ,"missing private key"},
204	{ERR_REASON(EC_R_NOT_A_NIST_PRIME) ,"not a NIST prime"},	207	{ERR_REASON(EC_R_NOT_A_NIST_PRIME) ,"not a NIST prime"},

Lines 168-173 Link Here

(-)crypto/rsa/rsa_eay.c (+44 lines)
168	unsigned char *buf=NULL;	168	unsigned char *buf=NULL;
169	BN_CTX *ctx=NULL;	169	BN_CTX *ctx=NULL;
170		170
		171	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
		172	{
		173	RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
		174	return -1;
		175	}
		176
		177	if (BN_ucmp(rsa->n, rsa->e) <= 0)
		178	{
		179	RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
		180	return -1;
		181	}
		182
		183	/* for large moduli, enforce exponent limit */
		184	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
		185	{
		186	if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
		187	{
		188	RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
		189	return -1;
		190	}
		191	}
		192
171	if ((ctx=BN_CTX_new()) == NULL) goto err;	193	if ((ctx=BN_CTX_new()) == NULL) goto err;
172	BN_CTX_start(ctx);	194	BN_CTX_start(ctx);
173	f = BN_CTX_get(ctx);	195	f = BN_CTX_get(ctx);
Lines 597-602 Link Here
597	unsigned char *buf=NULL;	619	unsigned char *buf=NULL;
598	BN_CTX *ctx=NULL;	620	BN_CTX *ctx=NULL;
599		621
		622	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
		623	{
		624	RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
		625	return -1;
		626	}
		627
		628	if (BN_ucmp(rsa->n, rsa->e) <= 0)
		629	{
		630	RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
		631	return -1;
		632	}
		633
		634	/* for large moduli, enforce exponent limit */
		635	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
		636	{
		637	if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
		638	{
		639	RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
		640	return -1;
		641	}
		642	}
		643
600	if((ctx = BN_CTX_new()) == NULL) goto err;	644	if((ctx = BN_CTX_new()) == NULL) goto err;
601	BN_CTX_start(ctx);	645	BN_CTX_start(ctx);
602	f = BN_CTX_get(ctx);	646	f = BN_CTX_get(ctx);