diff options
| author | David Benjamin <davidben@chromium.org> | 2015-08-12 00:10:55 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2015-08-17 23:32:38 +0300 |
| commit | 9e45d6e42feeed18d8818540471874072f429983 (patch) | |
| tree | 063d0c2028f0e2be4c51a0d21bec58d49ed40a83 /crypto/bn | |
| parent | 719220ec8ea71081c521e4d6fbcf11424a8a6ffa (diff) | |
Check for 0 modulus in BN_MONT_CTX_set.
The function BN_MONT_CTX_set was assuming that the modulus was non-zero
and therefore that |mod->top| > 0. In an error situation that may not be
the case and could cause a seg fault.
This is a follow on from CVE-2015-1794.
(Imported from upstream's 512368c9ed4d53fb230000e83071eb81bf628b22.)
The CVE itself doesn't affect us as the bit strength check in the DHE logic
excludes zero.
Also add tests to bn_test for a couple of division by zero cases. (This and
BN_div.)
Change-Id: Ibd8ef98d6be48eb95110021c23cd8e278656764d
Reviewed-on: https://boringssl-review.googlesource.com/5690
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'crypto/bn')
| -rw-r--r-- | crypto/bn/bn_test.cc | 16 | ||||
| -rw-r--r-- | crypto/bn/montgomery.c | 6 |
2 files changed, 22 insertions, 0 deletions
diff --git a/crypto/bn/bn_test.cc b/crypto/bn/bn_test.cc index f9f83d32..e1588f71 100644 --- a/crypto/bn/bn_test.cc +++ b/crypto/bn/bn_test.cc @@ -488,6 +488,14 @@ static bool test_div(FILE *fp, BN_CTX *ctx) { return false; } + // Test the BN_div checks for division by zero. + BN_zero(b.get()); + if (BN_div(d.get(), c.get(), a.get(), b.get(), ctx)) { + fprintf(stderr, "Divided by zero!\n"); + return false; + } + ERR_clear_error(); + return true; } @@ -912,6 +920,14 @@ static bool test_mont(FILE *fp, BN_CTX *ctx) { return false; } } + + BN_zero(n.get()); + if (BN_MONT_CTX_set(mont.get(), n.get(), ctx)) { + fprintf(stderr, "Division by zero!\n"); + return false; + } + ERR_clear_error(); + return true; } diff --git a/crypto/bn/montgomery.c b/crypto/bn/montgomery.c index 152cf2d8..c6c9c886 100644 --- a/crypto/bn/montgomery.c +++ b/crypto/bn/montgomery.c @@ -110,6 +110,7 @@ #include <string.h> +#include <openssl/err.h> #include <openssl/mem.h> #include <openssl/thread.h> @@ -176,6 +177,11 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) { BIGNUM tmod; BN_ULONG buf[2]; + if (BN_is_zero(mod)) { + OPENSSL_PUT_ERROR(BN, BN_R_DIV_BY_ZERO); + return 0; + } + BN_CTX_start(ctx); Ri = BN_CTX_get(ctx); if (Ri == NULL) { |