generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Introduce limits to prevent malicious keys being able to

Browse Source 
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
This commit is contained in:
Mark J. Cox
2006-09-28 11:29:03 +00:00
parent 81780a3b62
commit 951dfbb13a
18 changed files with 170 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
crypto/dsa/dsa.h
View File

@@ -84,6 +84,10 @@
#endif
#endif
#ifndef OPENSSL_DSA_MAX_MODULUS_BITS
# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
#endif
#define DSA_FLAG_CACHE_MONT_P 0x01
#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
* implementation now uses constant time
@@ -270,8 +274,10 @@ void ERR_load_DSA_strings(void);
#define DSA_F_SIG_CB 114
/* Reason codes. */
#define DSA_R_BAD_Q_VALUE 102
#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
#define DSA_R_MISSING_PARAMETERS 101
#define DSA_R_MODULUS_TOO_LARGE 103
#ifdef __cplusplus
}