projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ada5774)
Check for 0 modulus in BN_MONT_CTX_set
authorMatt Caswell <matt@openssl.org>
Mon, 10 Aug 2015 11:00:29 +0000 (12:00 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 11 Aug 2015 19:20:24 +0000 (20:20 +0100)
The function BN_MONT_CTX_set was assuming that the modulus was non-zero
and therefore that |mod->top| > 0. In an error situation that may not be
the case and could cause a seg fault.

This is a follow on from CVE-2015-1794.

Reviewed-by: Richard Levitte <levitte@openssl.org>
crypto/bn/bn_mont.c patch | blob | history

diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index aafd1b852654b60256ab08bc842ba3c34dfa17f6..be95bd55d02064793ee505f171f42d0431294049 100644 (file)
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -373,6 +373,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
     int ret = 0;
     BIGNUM *Ri, *R;
 
     int ret = 0;
     BIGNUM *Ri, *R;
 
+    if (BN_is_zero(mod))
+        return 0;
+
     BN_CTX_start(ctx);
     if ((Ri = BN_CTX_get(ctx)) == NULL)
         goto err;
     BN_CTX_start(ctx);
     if ((Ri = BN_CTX_get(ctx)) == NULL)
         goto err;
Unnamed repository; edit this file 'description' to name the repository.