diff options
| author | jsing <> | 2015-06-11 15:55:28 +0000 |
|---|---|---|
| committer | jsing <> | 2015-06-11 15:55:28 +0000 |
| commit | a6990537f691ee9962f6bae09adc9de869ac239a (patch) | |
| tree | c5c6ff0c3f2367970e4a46bdfc332c28bf8d5710 /src | |
| parent | df6cbc973e3c1c3e18afd38b4c6a910009cff329 (diff) | |
| download | openbsd-a6990537f691ee9962f6bae09adc9de869ac239a.tar.gz openbsd-a6990537f691ee9962f6bae09adc9de869ac239a.tar.bz2 openbsd-a6990537f691ee9962f6bae09adc9de869ac239a.zip | |
Avoid an infinite loop that can be triggered by parsing an ASN.1
ECParameters structure that has a specially malformed binary polynomial
field.
Issue reported by Joseph Barr-Pixton and fix based on OpenSSL.
Fixes CVE-2015-1788.
ok doug@ miod@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/bn/bn_gf2m.c | 11 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/bn/bn_gf2m.c | 11 |
2 files changed, 16 insertions, 6 deletions
diff --git a/src/lib/libcrypto/bn/bn_gf2m.c b/src/lib/libcrypto/bn/bn_gf2m.c index e1537d5379..40c1a94220 100644 --- a/src/lib/libcrypto/bn/bn_gf2m.c +++ b/src/lib/libcrypto/bn/bn_gf2m.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_gf2m.c,v 1.19 2015/04/29 00:11:12 doug Exp $ */ | 1 | /* $OpenBSD: bn_gf2m.c,v 1.20 2015/06/11 15:55:28 jsing Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | 3 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. |
| 4 | * | 4 | * |
| @@ -745,8 +745,13 @@ BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) | |||
| 745 | ubits--; | 745 | ubits--; |
| 746 | } | 746 | } |
| 747 | 747 | ||
| 748 | if (ubits <= BN_BITS2 && udp[0] == 1) | 748 | if (ubits <= BN_BITS2) { |
| 749 | break; | 749 | /* See if poly was reducible. */ |
| 750 | if (udp[0] == 0) | ||
| 751 | goto err; | ||
| 752 | if (udp[0] == 1) | ||
| 753 | break; | ||
| 754 | } | ||
| 750 | 755 | ||
| 751 | if (ubits < vbits) { | 756 | if (ubits < vbits) { |
| 752 | i = ubits; | 757 | i = ubits; |
diff --git a/src/lib/libssl/src/crypto/bn/bn_gf2m.c b/src/lib/libssl/src/crypto/bn/bn_gf2m.c index e1537d5379..40c1a94220 100644 --- a/src/lib/libssl/src/crypto/bn/bn_gf2m.c +++ b/src/lib/libssl/src/crypto/bn/bn_gf2m.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_gf2m.c,v 1.19 2015/04/29 00:11:12 doug Exp $ */ | 1 | /* $OpenBSD: bn_gf2m.c,v 1.20 2015/06/11 15:55:28 jsing Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | 3 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. |
| 4 | * | 4 | * |
| @@ -745,8 +745,13 @@ BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) | |||
| 745 | ubits--; | 745 | ubits--; |
| 746 | } | 746 | } |
| 747 | 747 | ||
| 748 | if (ubits <= BN_BITS2 && udp[0] == 1) | 748 | if (ubits <= BN_BITS2) { |
| 749 | break; | 749 | /* See if poly was reducible. */ |
| 750 | if (udp[0] == 0) | ||
| 751 | goto err; | ||
| 752 | if (udp[0] == 1) | ||
| 753 | break; | ||
| 754 | } | ||
| 750 | 755 | ||
| 751 | if (ubits < vbits) { | 756 | if (ubits < vbits) { |
| 752 | i = ubits; | 757 | i = ubits; |