diff options
| author | tb <> | 2023-06-13 09:28:13 +0000 |
|---|---|---|
| committer | tb <> | 2023-06-13 09:28:13 +0000 |
| commit | 76fac483ab33603d9382e483db0e7bc158578397 (patch) | |
| tree | 7c7288ba2b684c96959520f33f7b6b9390b1e34a /src | |
| parent | c83852c11b8675efa6930be4e17c9743d2cfda4d (diff) | |
| download | openbsd-76fac483ab33603d9382e483db0e7bc158578397.tar.gz openbsd-76fac483ab33603d9382e483db0e7bc158578397.tar.bz2 openbsd-76fac483ab33603d9382e483db0e7bc158578397.zip | |
Disallow aliasing of return value and modulus
All the functions changed in this commit would silently misbehave if the
return value aliases the modulus, most of the time they would succeed and
return an incorrect result of 0 in that situation. This adjusts all the
functions in BN_mod.c, others and documentation will follow later.
Prompted by a bug report about BN_mod_inverse() by Guido Vranken.
ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/bn/bn_mod.c | 45 |
1 files changed, 44 insertions, 1 deletions
diff --git a/src/lib/libcrypto/bn/bn_mod.c b/src/lib/libcrypto/bn/bn_mod.c index 868ef5bc5b..79766d0036 100644 --- a/src/lib/libcrypto/bn/bn_mod.c +++ b/src/lib/libcrypto/bn/bn_mod.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_mod.c,v 1.20 2023/03/27 10:21:23 tb Exp $ */ | 1 | /* $OpenBSD: bn_mod.c,v 1.21 2023/06/13 09:28:13 tb Exp $ */ |
| 2 | /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> | 2 | /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> |
| 3 | * for the OpenSSL project. */ | 3 | * for the OpenSSL project. */ |
| 4 | /* ==================================================================== | 4 | /* ==================================================================== |
| @@ -136,6 +136,10 @@ BN_mod_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) | |||
| 136 | int | 136 | int |
| 137 | BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) | 137 | BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) |
| 138 | { | 138 | { |
| 139 | if (r == m) { | ||
| 140 | BNerror(BN_R_INVALID_ARGUMENT); | ||
| 141 | return 0; | ||
| 142 | } | ||
| 139 | if (!BN_mod_ct(r, a, m, ctx)) | 143 | if (!BN_mod_ct(r, a, m, ctx)) |
| 140 | return 0; | 144 | return 0; |
| 141 | if (BN_is_negative(r)) | 145 | if (BN_is_negative(r)) |
| @@ -147,6 +151,10 @@ int | |||
| 147 | BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, | 151 | BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, |
| 148 | BN_CTX *ctx) | 152 | BN_CTX *ctx) |
| 149 | { | 153 | { |
| 154 | if (r == m) { | ||
| 155 | BNerror(BN_R_INVALID_ARGUMENT); | ||
| 156 | return 0; | ||
| 157 | } | ||
| 150 | if (!BN_add(r, a, b)) | 158 | if (!BN_add(r, a, b)) |
| 151 | return 0; | 159 | return 0; |
| 152 | return BN_nnmod(r, r, m, ctx); | 160 | return BN_nnmod(r, r, m, ctx); |
| @@ -159,6 +167,10 @@ BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, | |||
| 159 | int | 167 | int |
| 160 | BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) | 168 | BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) |
| 161 | { | 169 | { |
| 170 | if (r == m) { | ||
| 171 | BNerror(BN_R_INVALID_ARGUMENT); | ||
| 172 | return 0; | ||
| 173 | } | ||
| 162 | if (!BN_uadd(r, a, b)) | 174 | if (!BN_uadd(r, a, b)) |
| 163 | return 0; | 175 | return 0; |
| 164 | if (BN_ucmp(r, m) >= 0) | 176 | if (BN_ucmp(r, m) >= 0) |
| @@ -170,6 +182,10 @@ int | |||
| 170 | BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, | 182 | BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, |
| 171 | BN_CTX *ctx) | 183 | BN_CTX *ctx) |
| 172 | { | 184 | { |
| 185 | if (r == m) { | ||
| 186 | BNerror(BN_R_INVALID_ARGUMENT); | ||
| 187 | return 0; | ||
| 188 | } | ||
| 173 | if (!BN_sub(r, a, b)) | 189 | if (!BN_sub(r, a, b)) |
| 174 | return 0; | 190 | return 0; |
| 175 | return BN_nnmod(r, r, m, ctx); | 191 | return BN_nnmod(r, r, m, ctx); |
| @@ -182,6 +198,10 @@ BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, | |||
| 182 | int | 198 | int |
| 183 | BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) | 199 | BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) |
| 184 | { | 200 | { |
| 201 | if (r == m) { | ||
| 202 | BNerror(BN_R_INVALID_ARGUMENT); | ||
| 203 | return 0; | ||
| 204 | } | ||
| 185 | if (BN_ucmp(a, b) >= 0) | 205 | if (BN_ucmp(a, b) >= 0) |
| 186 | return BN_usub(r, a, b); | 206 | return BN_usub(r, a, b); |
| 187 | if (!BN_usub(r, b, a)) | 207 | if (!BN_usub(r, b, a)) |
| @@ -198,6 +218,11 @@ BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, | |||
| 198 | 218 | ||
| 199 | BN_CTX_start(ctx); | 219 | BN_CTX_start(ctx); |
| 200 | 220 | ||
| 221 | if (r == m) { | ||
| 222 | BNerror(BN_R_INVALID_ARGUMENT); | ||
| 223 | goto err; | ||
| 224 | } | ||
| 225 | |||
| 201 | rr = r; | 226 | rr = r; |
| 202 | if (rr == a || rr == b) | 227 | if (rr == a || rr == b) |
| 203 | rr = BN_CTX_get(ctx); | 228 | rr = BN_CTX_get(ctx); |
| @@ -231,6 +256,10 @@ BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) | |||
| 231 | int | 256 | int |
| 232 | BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) | 257 | BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) |
| 233 | { | 258 | { |
| 259 | if (r == m) { | ||
| 260 | BNerror(BN_R_INVALID_ARGUMENT); | ||
| 261 | return 0; | ||
| 262 | } | ||
| 234 | if (!BN_lshift1(r, a)) | 263 | if (!BN_lshift1(r, a)) |
| 235 | return 0; | 264 | return 0; |
| 236 | return BN_nnmod(r, r, m, ctx); | 265 | return BN_nnmod(r, r, m, ctx); |
| @@ -243,6 +272,10 @@ BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) | |||
| 243 | int | 272 | int |
| 244 | BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m) | 273 | BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m) |
| 245 | { | 274 | { |
| 275 | if (r == m) { | ||
| 276 | BNerror(BN_R_INVALID_ARGUMENT); | ||
| 277 | return 0; | ||
| 278 | } | ||
| 246 | if (!BN_lshift1(r, a)) | 279 | if (!BN_lshift1(r, a)) |
| 247 | return 0; | 280 | return 0; |
| 248 | if (BN_ucmp(r, m) >= 0) | 281 | if (BN_ucmp(r, m) >= 0) |
| @@ -258,6 +291,11 @@ BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx) | |||
| 258 | 291 | ||
| 259 | BN_CTX_start(ctx); | 292 | BN_CTX_start(ctx); |
| 260 | 293 | ||
| 294 | if (r == m) { | ||
| 295 | BNerror(BN_R_INVALID_ARGUMENT); | ||
| 296 | goto err; | ||
| 297 | } | ||
| 298 | |||
| 261 | if (!BN_nnmod(r, a, m, ctx)) | 299 | if (!BN_nnmod(r, a, m, ctx)) |
| 262 | goto err; | 300 | goto err; |
| 263 | 301 | ||
| @@ -288,6 +326,11 @@ BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) | |||
| 288 | { | 326 | { |
| 289 | int max_shift; | 327 | int max_shift; |
| 290 | 328 | ||
| 329 | if (r == m) { | ||
| 330 | BNerror(BN_R_INVALID_ARGUMENT); | ||
| 331 | return 0; | ||
| 332 | } | ||
| 333 | |||
| 291 | if (!bn_copy(r, a)) | 334 | if (!bn_copy(r, a)) |
| 292 | return 0; | 335 | return 0; |
| 293 | 336 | ||