From 2d9dcd4ff0923347fab727ac90e8526dd65e4e07 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Tue, 23 Feb 2010 10:36:35 +0000 Subject: [PATCH] Always check bn_wexpend() return values for failure (CVE-2009-3245). (The CHANGES entry covers the change from PR #2111 as well, submitted by Martin Olsson.) Submitted by: Neel Mehta --- crypto/bn/bn_div.c | 2 +- crypto/bn/bn_gf2m.c | 3 ++- crypto/ec/ec2_smpl.c | 8 ++++---- engines/e_ubsec.c | 4 ++-- 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 899d07ca24..802a43d642 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -102,7 +102,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, /* The next 2 are needed so we can do a dv->d[0]|=1 later * since BN_lshift1 will only work once there is a value :-) */ BN_zero(dv); - bn_wexpand(dv,1); + if(bn_wexpand(dv,1) == NULL) goto end; dv->top=1; if (!BN_lshift(D,D,nm-nd)) goto end; diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index f7551dacd9..527b0fa15b 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -232,7 +232,8 @@ int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) if (a->top < b->top) { at = b; bt = a; } else { at = a; bt = b; } - bn_wexpand(r, at->top); + if(bn_wexpand(r, at->top) == NULL) + return 0; for (i = 0; i < bt->top; i++) { diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 01d8483c3a..cf357b462a 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -176,8 +176,8 @@ int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) dest->poly[3] = src->poly[3]; dest->poly[4] = src->poly[4]; dest->poly[5] = src->poly[5]; - bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); - bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); + if (bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) return 0; + if (bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) return 0; for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0; for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0; return 1; @@ -201,12 +201,12 @@ int ec_GF2m_simple_group_set_curve(EC_GROUP *group, /* group->a */ if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err; - bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2); + if(bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err; for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0; /* group->b */ if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err; - bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2); + if(bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err; for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0; ret = 1; diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index fe6bdba25b..b685410836 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -935,7 +935,7 @@ static int ubsec_dh_generate_key(DH *dh) priv_key = BN_new(); if (priv_key == NULL) goto err; priv_key_len = BN_num_bits(dh->p); - bn_wexpand(priv_key, dh->p->top); + if(bn_wexpand(priv_key, dh->p->top) == NULL) goto err; do if (!BN_rand_range(priv_key, dh->p)) goto err; while (BN_is_zero(priv_key)); @@ -950,7 +950,7 @@ static int ubsec_dh_generate_key(DH *dh) { pub_key = BN_new(); pub_key_len = BN_num_bits(dh->p); - bn_wexpand(pub_key, dh->p->top); + if(bn_wexpand(pub_key, dh->p->top) == NULL) goto err; if(pub_key == NULL) goto err; } else -- 2.34.1