3 files changed, 12 insertions, 0 deletions

diff --git a/usr/src/common/openssl/crypto/dh/dh.h b/usr/src/common/openssl/crypto/dh/dh.h
index 7871882e35..43afc2b854 100644
--- a/usr/src/common/openssl/crypto/dh/dh.h
+++ b/usr/src/common/openssl/crypto/dh/dh.h
@@ -72,6 +72,10 @@
 #ifndef OPENSSL_NO_DEPRECATED
 #include <openssl/bn.h>
 #endif
+
+#ifndef OPENSSL_DH_MAX_MODULUS_BITS
+# define OPENSSL_DH_MAX_MODULUS_BITS   10000
+#endif
 	
 #define DH_FLAG_CACHE_MONT_P     0x01
 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
@@ -222,6 +226,7 @@ void ERR_load_DH_strings(void);
 #define DH_R_BAD_GENERATOR				 101
 #define DH_R_NO_PRIVATE_VALUE				 100
 #define DH_R_INVALID_PUBKEY				 102
+#define DH_R_MODULUS_TOO_LARGE				 103
 
 #ifdef  __cplusplus
 }
diff --git a/usr/src/common/openssl/crypto/dh/dh_err.c b/usr/src/common/openssl/crypto/dh/dh_err.c
index ea67fb71a0..502e9d1c27 100644
--- a/usr/src/common/openssl/crypto/dh/dh_err.c
+++ b/usr/src/common/openssl/crypto/dh/dh_err.c
@@ -85,6 +85,7 @@ static ERR_STRING_DATA DH_str_reasons[]=
 {ERR_REASON(DH_R_BAD_GENERATOR)          ,"bad generator"},
 {ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},
 {ERR_REASON(DH_R_INVALID_PUBKEY)         ,"invalid public key"},
+{ERR_REASON(DH_R_MODULUS_TOO_LARGE)      ,"modulus too large"},
 {0,NULL}
 	};
 
diff --git a/usr/src/common/openssl/crypto/dh/dh_key.c b/usr/src/common/openssl/crypto/dh/dh_key.c
index cc17c8851b..994546e044 100644
--- a/usr/src/common/openssl/crypto/dh/dh_key.c
+++ b/usr/src/common/openssl/crypto/dh/dh_key.c
@@ -179,6 +179,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 	int ret= -1;
         int check_result;
 
+	if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
+		{
+		DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
+		goto err;
+		}
+
 	ctx = BN_CTX_new();
 	if (ctx == NULL) goto err;
 	BN_CTX_start(ctx);