Prevent negative zero from being created via BN bit functions.

Both BN_clear_bit() and BN_mask_bits() can create zero values - in both cases ensure that the negative sign is correctly handled if the value becomes zero. Thanks to Guido Vranken for providing a reproducer. Fixes oss-fuzz #67901 ok tb@
author: jsing <> 2024-04-15 14:35:25 +0000
committer: jsing <> 2024-04-15 14:35:25 +0000
commit: d2daaa3702c2e527e918b7aa9f6c6183ca882b53 (patch)
tree: 7c40fc922bc215b7006125221e65b5d3a04adbe4 /src/lib
parent: f7646eb021595fb6f85c38b99e043277fa2436bc (diff)
download: openbsd-d2daaa3702c2e527e918b7aa9f6c6183ca882b53.tar.gz
openbsd-d2daaa3702c2e527e918b7aa9f6c6183ca882b53.tar.bz2
openbsd-d2daaa3702c2e527e918b7aa9f6c6183ca882b53.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index c0c0ac876f..b59e65a1e1 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_lib.c,v 1.90 2023/07/28 10:35:14 tb Exp $ */
+/* $OpenBSD: bn_lib.c,v 1.91 2024/04/15 14:35:25 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -438,6 +438,9 @@ BN_clear_bit(BIGNUM *a, int n)
        a->d[i] &= (~(((BN_ULONG)1) << j));
        bn_correct_top(a);
+        BN_set_negative(a, a->neg);
        return (1);
 }
 LCRYPTO_ALIAS(BN_clear_bit);
@@ -476,6 +479,9 @@ BN_mask_bits(BIGNUM *a, int n)
                a->d[w] &= ~(BN_MASK2 << b);
        }
        bn_correct_top(a);
+        BN_set_negative(a, a->neg);
        return (1);
 }
 LCRYPTO_ALIAS(BN_mask_bits);
author	jsing <>	2024-04-15 14:35:25 +0000
committer	jsing <>	2024-04-15 14:35:25 +0000
commit	d2daaa3702c2e527e918b7aa9f6c6183ca882b53 (patch)
tree	7c40fc922bc215b7006125221e65b5d3a04adbe4 /src/lib
parent	f7646eb021595fb6f85c38b99e043277fa2436bc (diff)
download	openbsd-d2daaa3702c2e527e918b7aa9f6c6183ca882b53.tar.gz openbsd-d2daaa3702c2e527e918b7aa9f6c6183ca882b53.tar.bz2 openbsd-d2daaa3702c2e527e918b7aa9f6c6183ca882b53.zip