diff options
| author | bcook <> | 2016-09-03 17:21:38 +0000 |
|---|---|---|
| committer | bcook <> | 2016-09-03 17:21:38 +0000 |
| commit | a1bddd1baaaf2f6eb4754140425b09a3b301210f (patch) | |
| tree | 74a723d43d186731139fdeb9fae1f56bf7687f9d /src | |
| parent | 2f6c739fc7dec9a4248f97ca2604a0e7fcd1d890 (diff) | |
| download | openbsd-a1bddd1baaaf2f6eb4754140425b09a3b301210f.tar.gz openbsd-a1bddd1baaaf2f6eb4754140425b09a3b301210f.tar.bz2 openbsd-a1bddd1baaaf2f6eb4754140425b09a3b301210f.zip | |
BN_mod_exp_mont_consttime: check for zero modulus.
Don't dereference d when top is zero.
Original patch from OpenSSL commit d46e946d2603c64df6e1e4f9db0c70baaf1c4c03
ok jsing@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/bn/bn_exp.c | 42 |
1 files changed, 33 insertions, 9 deletions
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c index 9dcbf007f7..87b5775886 100644 --- a/src/lib/libcrypto/bn/bn_exp.c +++ b/src/lib/libcrypto/bn/bn_exp.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_exp.c,v 1.24 2016/09/03 14:37:52 bcook Exp $ */ | 1 | /* $OpenBSD: bn_exp.c,v 1.25 2016/09/03 17:21:38 bcook Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -265,9 +265,13 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, | |||
| 265 | } | 265 | } |
| 266 | 266 | ||
| 267 | bits = BN_num_bits(p); | 267 | bits = BN_num_bits(p); |
| 268 | |||
| 269 | if (bits == 0) { | 268 | if (bits == 0) { |
| 270 | ret = BN_one(r); | 269 | /* x**0 mod 1 is still zero. */ |
| 270 | if (BN_is_one(m)) { | ||
| 271 | ret = 1; | ||
| 272 | BN_zero(r); | ||
| 273 | } else | ||
| 274 | ret = BN_one(r); | ||
| 271 | return ret; | 275 | return ret; |
| 272 | } | 276 | } |
| 273 | 277 | ||
| @@ -401,9 +405,15 @@ BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, | |||
| 401 | BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS); | 405 | BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS); |
| 402 | return (0); | 406 | return (0); |
| 403 | } | 407 | } |
| 408 | |||
| 404 | bits = BN_num_bits(p); | 409 | bits = BN_num_bits(p); |
| 405 | if (bits == 0) { | 410 | if (bits == 0) { |
| 406 | ret = BN_one(rr); | 411 | /* x**0 mod 1 is still zero. */ |
| 412 | if (BN_is_one(m)) { | ||
| 413 | ret = 1; | ||
| 414 | BN_zero(rr); | ||
| 415 | } else | ||
| 416 | ret = BN_one(rr); | ||
| 407 | return ret; | 417 | return ret; |
| 408 | } | 418 | } |
| 409 | 419 | ||
| @@ -599,7 +609,12 @@ BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, | |||
| 599 | 609 | ||
| 600 | bits = BN_num_bits(p); | 610 | bits = BN_num_bits(p); |
| 601 | if (bits == 0) { | 611 | if (bits == 0) { |
| 602 | ret = BN_one(rr); | 612 | /* x**0 mod 1 is still zero. */ |
| 613 | if (BN_is_one(m)) { | ||
| 614 | ret = 1; | ||
| 615 | BN_zero(rr); | ||
| 616 | } else | ||
| 617 | ret = BN_one(rr); | ||
| 603 | return ret; | 618 | return ret; |
| 604 | } | 619 | } |
| 605 | 620 | ||
| @@ -878,7 +893,12 @@ BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, const BIGNUM *m, | |||
| 878 | 893 | ||
| 879 | bits = BN_num_bits(p); | 894 | bits = BN_num_bits(p); |
| 880 | if (bits == 0) { | 895 | if (bits == 0) { |
| 881 | ret = BN_one(rr); | 896 | /* x**0 mod 1 is still zero. */ |
| 897 | if (BN_is_one(m)) { | ||
| 898 | ret = 1; | ||
| 899 | BN_zero(rr); | ||
| 900 | } else | ||
| 901 | ret = BN_one(rr); | ||
| 882 | return ret; | 902 | return ret; |
| 883 | } | 903 | } |
| 884 | if (a == 0) { | 904 | if (a == 0) { |
| @@ -986,7 +1006,7 @@ int | |||
| 986 | BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, | 1006 | BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, |
| 987 | BN_CTX *ctx) | 1007 | BN_CTX *ctx) |
| 988 | { | 1008 | { |
| 989 | int i, j,bits, ret = 0, wstart, wend, window, wvalue; | 1009 | int i, j, bits, ret = 0, wstart, wend, window, wvalue; |
| 990 | int start = 1; | 1010 | int start = 1; |
| 991 | BIGNUM *d; | 1011 | BIGNUM *d; |
| 992 | /* Table of variables obtained from 'ctx' */ | 1012 | /* Table of variables obtained from 'ctx' */ |
| @@ -1000,9 +1020,13 @@ BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, | |||
| 1000 | } | 1020 | } |
| 1001 | 1021 | ||
| 1002 | bits = BN_num_bits(p); | 1022 | bits = BN_num_bits(p); |
| 1003 | |||
| 1004 | if (bits == 0) { | 1023 | if (bits == 0) { |
| 1005 | ret = BN_one(r); | 1024 | /* x**0 mod 1 is still zero. */ |
| 1025 | if (BN_is_one(m)) { | ||
| 1026 | ret = 1; | ||
| 1027 | BN_zero(r); | ||
| 1028 | } else | ||
| 1029 | ret = BN_one(r); | ||
| 1006 | return ret; | 1030 | return ret; |
| 1007 | } | 1031 | } |
| 1008 | 1032 | ||