1 files changed, 50 insertions, 0 deletions
diff --git a/recipes-connectivity/openssl/openssl/CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch b/recipes-connectivity/openssl/openssl/CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch
new file mode 100644
index 0000000..e3da5f3
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch
@@ -0,0 +1,50 @@
+From: Guido Vranken <guidovranken@gmail.com>
+Date: Mon, 11 Jun 2018 17:38:54 +0000 (+0200)
+Subject: Reject excessively large primes in DH key generation.
+X-Git-Tag: OpenSSL_1_0_2p~40
+X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=3984ef0b72831da8b3ece4745cac4f8575b19098
+Reject excessively large primes in DH key generation.
+CVE-2018-0732
+Signed-off-by: Guido Vranken <guidovranken@gmail.com>
+(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/6457)
+CVE: CVE-2018-0732
+Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=3984ef0b72831da8b3ece4745cac4f8575b19098]
+Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
+---
+ crypto/dh/dh_key.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
+index 387558f..f235e0d 100644
+--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
+@@ -130,10 +130,15 @@ static int generate_key(DH *dh)
+     int ok = 0;
+     int generate_new_key = 0;
+     unsigned l;
+-    BN_CTX *ctx;
+    BN_CTX *ctx = NULL;
+     BN_MONT_CTX *mont = NULL;
+     BIGNUM *pub_key = NULL, *priv_key = NULL;
+ 
+    if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+        DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
+        return 0;
+    }
+
+     ctx = BN_CTX_new();
+     if (ctx == NULL)
+         goto err;
+-- 
+2.7.4

diff --git a/recipes-connectivity/openssl/openssl/CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch b/recipes-connectivity/openssl/openssl/CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch new file mode 100644 index 0000000..e3da5f3 --- /dev/null +++ b/recipes-connectivity/openssl/openssl/CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch
@@ -0,0 +1,50 @@
	1	From: Guido Vranken <guidovranken@gmail.com>
	2	Date: Mon, 11 Jun 2018 17:38:54 +0000 (+0200)
	3	Subject: Reject excessively large primes in DH key generation.
	4	X-Git-Tag: OpenSSL_1_0_2p~40
	5	X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=3984ef0b72831da8b3ece4745cac4f8575b19098
	6
	7	Reject excessively large primes in DH key generation.
	8
	9	CVE-2018-0732
	10
	11	Signed-off-by: Guido Vranken <guidovranken@gmail.com>
	12
	13	(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
	14
	15	Reviewed-by: Tim Hudson <tjh@openssl.org>
	16	Reviewed-by: Matt Caswell <matt@openssl.org>
	17	(Merged from https://github.com/openssl/openssl/pull/6457)
	18
	19	CVE: CVE-2018-0732
	20	Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=3984ef0b72831da8b3ece4745cac4f8575b19098]
	21
	22	Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
	23	---
	24	crypto/dh/dh_key.c \| 7 ++++++-
	25	1 file changed, 6 insertions(+), 1 deletion(-)
	26
	27	diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
	28	index 387558f..f235e0d 100644
	29	--- a/crypto/dh/dh_key.c
	30	+++ b/crypto/dh/dh_key.c
	31	@@ -130,10 +130,15 @@ static int generate_key(DH *dh)
	32	int ok = 0;
	33	int generate_new_key = 0;
	34	unsigned l;
	35	- BN_CTX *ctx;
	36	+ BN_CTX *ctx = NULL;
	37	BN_MONT_CTX *mont = NULL;
	38	BIGNUM pub_key = NULL, priv_key = NULL;
	39
	40	+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
	41	+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
	42	+ return 0;
	43	+ }
	44	+
	45	ctx = BN_CTX_new();
	46	if (ctx == NULL)
	47	goto err;
	48	--
	49	2.7.4
	50