Fix CVE-2014-3570: properly calculate the square of a BIGNUM value.

See https://www.openssl.org/news/secadv_20150108.txt for a more detailed discussion. Original OpenSSL patch here: https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0 The regression test is modified a little for KNF. ok miod@
author: bcook <> 2015-02-25 15:39:49 +0000
committer: bcook <> 2015-02-25 15:39:49 +0000
commit: f3031aa7bff24911a8cae9bdd7cdcd88d8554f42 (patch)
tree: fca56e3d23c024e7f0d0132456914f4f3181e5df /src/regress/lib
parent: 2725a02f7a7b4932578ec02826b4501c29e21ddf (diff)
download: openbsd-f3031aa7bff24911a8cae9bdd7cdcd88d8554f42.tar.gz
openbsd-f3031aa7bff24911a8cae9bdd7cdcd88d8554f42.tar.bz2
openbsd-f3031aa7bff24911a8cae9bdd7cdcd88d8554f42.zip
1 files changed, 66 insertions, 23 deletions
diff --git a/src/regress/lib/libcrypto/bn/general/bntest.c b/src/regress/lib/libcrypto/bn/general/bntest.c
index 9debc00042..6a9c2e8a53 100644
--- a/src/regress/lib/libcrypto/bn/general/bntest.c
+++ b/src/regress/lib/libcrypto/bn/general/bntest.c
@@ -690,42 +690,85 @@ test_mul(BIO *bp)
 int
 test_sqr(BIO *bp, BN_CTX *ctx)
 {
-        BIGNUM a, c,d, e;
+        BIGNUM *a, *c, *d, *e;
-        int i;
+        int i, ret = 0;
-        int rc = 1;
-        BN_init(&a);
+        a = BN_new();
-        BN_init(&c);
+        c = BN_new();
-        BN_init(&d);
+        d = BN_new();
-        BN_init(&e);
+        e = BN_new();
        for (i = 0; i < num0; i++) {
-                BN_bntest_rand(&a, 40 + i*10, 0, 0);
+                BN_bntest_rand(a, 40 + i * 10, 0, 0);
-                a.neg = rand_neg();
+                a->neg = rand_neg();
-                BN_sqr(&c, &a, ctx);
+                BN_sqr(c, a, ctx);
                if (bp != NULL) {
                        if (!results) {
-                                BN_print(bp, &a);
+                                BN_print(bp, a);
                                BIO_puts(bp, " * ");
-                                BN_print(bp, &a);
+                                BN_print(bp, a);
                                BIO_puts(bp, " - ");
                        }
-                        BN_print(bp, &c);
+                        BN_print(bp, c);
                        BIO_puts(bp, "\n");
                }
-                BN_div(&d, &e, &c, &a, ctx);
+                BN_div(d, e, c, a, ctx);
-                BN_sub(&d, &d, &a);
+                BN_sub(d, d, a);
-                if (!BN_is_zero(&d) || !BN_is_zero(&e)) {
+                if (!BN_is_zero(d) || !BN_is_zero(e)) {
                        fprintf(stderr, "Square test failed!\n");
-                        rc = 0;
+                        goto err;
-                        break;
                }
        }
-        BN_free(&a);
-        BN_free(&c);
+        /* Regression test for a BN_sqr overflow bug. */
-        BN_free(&d);
+        BN_hex2bn(&a, "80000000000000008000000000000001"
-        BN_free(&e);
+            "FFFFFFFFFFFFFFFE0000000000000000");
-        return (rc);
+        BN_sqr(c, a, ctx);
+        if (bp != NULL) {
+                if (!results) {
+                        BN_print(bp, a);
+                        BIO_puts(bp, " * ");
+                        BN_print(bp, a);
+                        BIO_puts(bp, " - ");
+                }
+                BN_print(bp, c);
+                BIO_puts(bp, "\n");
+        }
+        BN_mul(d, a, a, ctx);
+        if (BN_cmp(c, d)) {
+                fprintf(stderr,
+                    "Square test failed: BN_sqr and BN_mul produce "
+                    "different results!\n");
+                goto err;
+        }
+        /* Regression test for a BN_sqr overflow bug. */
+        BN_hex2bn(&a, "80000000000000000000000080000001"
+            "FFFFFFFE000000000000000000000000");
+        BN_sqr(c, a, ctx);
+        if (bp != NULL) {
+                if (!results) {
+                        BN_print(bp, a);
+                        BIO_puts(bp, " * ");
+                        BN_print(bp, a);
+                        BIO_puts(bp, " - ");
+                }
+                BN_print(bp, c);
+                BIO_puts(bp, "\n");
+        }
+        BN_mul(d, a, a, ctx);
+        if (BN_cmp(c, d)) {
+                fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
+                                "different results!\n");
+                goto err;
+        }
+        ret = 1;
+ err:
+        BN_free(a);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        return ret;
 }
 int
author	bcook <>	2015-02-25 15:39:49 +0000
committer	bcook <>	2015-02-25 15:39:49 +0000
commit	f3031aa7bff24911a8cae9bdd7cdcd88d8554f42 (patch)
tree	fca56e3d23c024e7f0d0132456914f4f3181e5df /src/regress/lib
parent	2725a02f7a7b4932578ec02826b4501c29e21ddf (diff)
download	openbsd-f3031aa7bff24911a8cae9bdd7cdcd88d8554f42.tar.gz openbsd-f3031aa7bff24911a8cae9bdd7cdcd88d8554f42.tar.bz2 openbsd-f3031aa7bff24911a8cae9bdd7cdcd88d8554f42.zip

diff --git a/src/regress/lib/libcrypto/bn/general/bntest.c b/src/regress/lib/libcrypto/bn/general/bntest.c index 9debc00042..6a9c2e8a53 100644 --- a/src/regress/lib/libcrypto/bn/general/bntest.c +++ b/src/regress/lib/libcrypto/bn/general/bntest.c
@@ -690,42 +690,85 @@ test_mul(BIO *bp)
690	int	690	int
691	test_sqr(BIO bp, BN_CTX ctx)	691	test_sqr(BIO bp, BN_CTX ctx)
692	{	692	{
693	BIGNUM a, c,d, e;	693	BIGNUM a, c, d, e;
694	int i;	694	int i, ret = 0;
695	int rc = 1;
696		695
697	BN_init(&a);	696	a = BN_new();
698	BN_init(&c);	697	c = BN_new();
699	BN_init(&d);	698	d = BN_new();
700	BN_init(&e);	699	e = BN_new();
701		700
702	for (i = 0; i < num0; i++) {	701	for (i = 0; i < num0; i++) {
703	BN_bntest_rand(&a, 40 + i*10, 0, 0);	702	BN_bntest_rand(a, 40 + i * 10, 0, 0);
704	a.neg = rand_neg();	703	a->neg = rand_neg();
705	BN_sqr(&c, &a, ctx);	704	BN_sqr(c, a, ctx);
706	if (bp != NULL) {	705	if (bp != NULL) {
707	if (!results) {	706	if (!results) {
708	BN_print(bp, &a);	707	BN_print(bp, a);
709	BIO_puts(bp, " * ");	708	BIO_puts(bp, " * ");
710	BN_print(bp, &a);	709	BN_print(bp, a);
711	BIO_puts(bp, " - ");	710	BIO_puts(bp, " - ");
712	}	711	}
713	BN_print(bp, &c);	712	BN_print(bp, c);
714	BIO_puts(bp, "\n");	713	BIO_puts(bp, "\n");
715	}	714	}
716	BN_div(&d, &e, &c, &a, ctx);	715	BN_div(d, e, c, a, ctx);
717	BN_sub(&d, &d, &a);	716	BN_sub(d, d, a);
718	if (!BN_is_zero(&d) \|\| !BN_is_zero(&e)) {	717	if (!BN_is_zero(d) \|\| !BN_is_zero(e)) {
719	fprintf(stderr, "Square test failed!\n");	718	fprintf(stderr, "Square test failed!\n");
720	rc = 0;	719	goto err;
721	break;
722	}	720	}
723	}	721	}
724	BN_free(&a);	722
725	BN_free(&c);	723	/* Regression test for a BN_sqr overflow bug. */
726	BN_free(&d);	724	BN_hex2bn(&a, "80000000000000008000000000000001"
727	BN_free(&e);	725	"FFFFFFFFFFFFFFFE0000000000000000");
728	return (rc);	726	BN_sqr(c, a, ctx);
		727	if (bp != NULL) {
		728	if (!results) {
		729	BN_print(bp, a);
		730	BIO_puts(bp, " * ");
		731	BN_print(bp, a);
		732	BIO_puts(bp, " - ");
		733	}
		734	BN_print(bp, c);
		735	BIO_puts(bp, "\n");
		736	}
		737	BN_mul(d, a, a, ctx);
		738	if (BN_cmp(c, d)) {
		739	fprintf(stderr,
		740	"Square test failed: BN_sqr and BN_mul produce "
		741	"different results!\n");
		742	goto err;
		743	}
		744
		745	/* Regression test for a BN_sqr overflow bug. */
		746	BN_hex2bn(&a, "80000000000000000000000080000001"
		747	"FFFFFFFE000000000000000000000000");
		748	BN_sqr(c, a, ctx);
		749	if (bp != NULL) {
		750	if (!results) {
		751	BN_print(bp, a);
		752	BIO_puts(bp, " * ");
		753	BN_print(bp, a);
		754	BIO_puts(bp, " - ");
		755	}
		756	BN_print(bp, c);
		757	BIO_puts(bp, "\n");
		758	}
		759	BN_mul(d, a, a, ctx);
		760	if (BN_cmp(c, d)) {
		761	fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
		762	"different results!\n");
		763	goto err;
		764	}
		765	ret = 1;
		766	err:
		767	BN_free(a);
		768	BN_free(c);
		769	BN_free(d);
		770	BN_free(e);
		771	return ret;
729	}	772	}
730		773
731	int	774	int