summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ec/ec_err.c
diff options
context:
space:
mode:
authortb <>2023-06-02 17:15:30 +0000
committertb <>2023-06-02 17:15:30 +0000
commitbb185fc15eb97e85801b9f2ecdd0bfb242f9231a (patch)
treef043b7261800ea529ad2ae4a8fdf8af2a680e927 /src/lib/libcrypto/ec/ec_err.c
parentdcfdb948c3fc128619f39682d17f9b718a9b4ebc (diff)
downloadopenbsd-bb185fc15eb97e85801b9f2ecdd0bfb242f9231a.tar.gz
openbsd-bb185fc15eb97e85801b9f2ecdd0bfb242f9231a.tar.bz2
openbsd-bb185fc15eb97e85801b9f2ecdd0bfb242f9231a.zip
Fix variable reuse in BN_mod_inverse()
The somewhat strange calculation m = a^{-1} (mod m) can return 0. This breaks because of BN_nnmod() having delicate semantics of which variable can be reused. BN_nnmod(a, a, m, ctx) works and the library relies on that. Here, the code ends up doing BN_nnmod(m, a, m, ctx) and this doesn't work. If the result of the initial BN_mod() is negative, then BN_nnmod() will return 0. Problem reported by Guido Vranken in https://github.com/openssl/openssl/issues/21110 This code is well covered by regress, but it does not currently have explicit test coverage. Such will be added soon. ok beck jsing
Diffstat (limited to 'src/lib/libcrypto/ec/ec_err.c')
0 files changed, 0 insertions, 0 deletions