cherrypick patch from OpenSSL 0.9.8m:

*) Always check bn_wexpend() return values for failure. (CVE-2009-3245) [Martin Olsson, Neel Mehta]
author: djm <> 2010-03-04 11:02:42 +0000
committer: djm <> 2010-03-04 11:02:42 +0000
commit: c87e2fef950513f29035f0902cde1cae8fbaf456 (patch)
tree: f4e593c3e9705b2454c89af66d536e4f5e716173 /src
parent: eb98df51d4533bcb55eec48a0547d0a3fd3780bc (diff)
download: openbsd-c87e2fef950513f29035f0902cde1cae8fbaf456.tar.gz
openbsd-c87e2fef950513f29035f0902cde1cae8fbaf456.tar.bz2
openbsd-c87e2fef950513f29035f0902cde1cae8fbaf456.zip
7 files changed, 20 insertions, 14 deletions
diff --git a/src/lib/libcrypto/bn/bn_div.c b/src/lib/libcrypto/bn/bn_div.c
index 1e8e57626b..d6ddc9cbe3 100644
--- a/src/lib/libcrypto/bn/bn_div.c
+++ b/src/lib/libcrypto/bn/bn_div.c
@@ -102,7 +102,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
        /* The next 2 are needed so we can do a dv->d[0]|=1 later
         * since BN_lshift1 will only work once there is a value :-) */
        BN_zero(dv);
-        bn_wexpand(dv,1);
+        if(bn_wexpand(dv,1) == NULL) goto end;
        dv->top=1;
        if (!BN_lshift(D,D,nm-nd)) goto end;
diff --git a/src/lib/libcrypto/bn/bn_gf2m.c b/src/lib/libcrypto/bn/bn_gf2m.c
index 306f029f27..ae642ccb39 100644
--- a/src/lib/libcrypto/bn/bn_gf2m.c
+++ b/src/lib/libcrypto/bn/bn_gf2m.c
@@ -294,7 +294,8 @@ int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
        if (a->top < b->top) { at = b; bt = a; }
        else { at = a; bt = b; }
-        bn_wexpand(r, at->top);
+        if(bn_wexpand(r, at->top) == NULL)
+                return 0;
        for (i = 0; i < bt->top; i++)
                {
diff --git a/src/lib/libcrypto/ec/ec2_smpl.c b/src/lib/libcrypto/ec/ec2_smpl.c
index 5cd1eac41f..522d036ca1 100644
--- a/src/lib/libcrypto/ec/ec2_smpl.c
+++ b/src/lib/libcrypto/ec/ec2_smpl.c
@@ -174,8 +174,10 @@ int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
        dest->poly[2] = src->poly[2];
        dest->poly[3] = src->poly[3];
        dest->poly[4] = src->poly[4];
-        bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+        if(bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL)
-        bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+                return 0;
+        if(bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL)
+                return 0;
        for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0;
        for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0;
        return 1;
@@ -199,12 +201,12 @@ int ec_GF2m_simple_group_set_curve(EC_GROUP *group,
        /* group->a */
        if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err;
-        bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+        if(bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err;
        for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0;
        
        /* group->b */
        if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err;
-        bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+        if(bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err;
        for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0;
                
        ret = 1;
diff --git a/src/lib/libssl/src/crypto/bn/bn_div.c b/src/lib/libssl/src/crypto/bn/bn_div.c
index 1e8e57626b..d6ddc9cbe3 100644
--- a/src/lib/libssl/src/crypto/bn/bn_div.c
+++ b/src/lib/libssl/src/crypto/bn/bn_div.c
@@ -102,7 +102,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
        /* The next 2 are needed so we can do a dv->d[0]|=1 later
         * since BN_lshift1 will only work once there is a value :-) */
        BN_zero(dv);
-        bn_wexpand(dv,1);
+        if(bn_wexpand(dv,1) == NULL) goto end;
        dv->top=1;
        if (!BN_lshift(D,D,nm-nd)) goto end;
diff --git a/src/lib/libssl/src/crypto/bn/bn_gf2m.c b/src/lib/libssl/src/crypto/bn/bn_gf2m.c
index 306f029f27..ae642ccb39 100644
--- a/src/lib/libssl/src/crypto/bn/bn_gf2m.c
+++ b/src/lib/libssl/src/crypto/bn/bn_gf2m.c
@@ -294,7 +294,8 @@ int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
        if (a->top < b->top) { at = b; bt = a; }
        else { at = a; bt = b; }
-        bn_wexpand(r, at->top);
+        if(bn_wexpand(r, at->top) == NULL)
+                return 0;
        for (i = 0; i < bt->top; i++)
                {
diff --git a/src/lib/libssl/src/crypto/ec/ec2_smpl.c b/src/lib/libssl/src/crypto/ec/ec2_smpl.c
index 5cd1eac41f..522d036ca1 100644
--- a/src/lib/libssl/src/crypto/ec/ec2_smpl.c
+++ b/src/lib/libssl/src/crypto/ec/ec2_smpl.c
@@ -174,8 +174,10 @@ int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
        dest->poly[2] = src->poly[2];
        dest->poly[3] = src->poly[3];
        dest->poly[4] = src->poly[4];
-        bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+        if(bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL)
-        bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+                return 0;
+        if(bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL)
+                return 0;
        for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0;
        for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0;
        return 1;
@@ -199,12 +201,12 @@ int ec_GF2m_simple_group_set_curve(EC_GROUP *group,
        /* group->a */
        if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err;
-        bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+        if(bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err;
        for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0;
        
        /* group->b */
        if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err;
-        bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+        if(bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err;
        for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0;
                
        ret = 1;
diff --git a/src/lib/libssl/src/engines/e_ubsec.c b/src/lib/libssl/src/engines/e_ubsec.c
index e8389de6a1..a0f320caf5 100644
--- a/src/lib/libssl/src/engines/e_ubsec.c
+++ b/src/lib/libssl/src/engines/e_ubsec.c
@@ -934,7 +934,7 @@ static int ubsec_dh_generate_key(DH *dh)
                priv_key = BN_new();
                if (priv_key == NULL) goto err;
                priv_key_len = BN_num_bits(dh->p);
-                bn_wexpand(priv_key, dh->p->top);
+                if(bn_wexpand(priv_key, dh->p->top) == NULL) goto err;
                do
                        if (!BN_rand_range(priv_key, dh->p)) goto err;
                while (BN_is_zero(priv_key));
@@ -949,7 +949,7 @@ static int ubsec_dh_generate_key(DH *dh)
                {
                pub_key = BN_new();
                pub_key_len = BN_num_bits(dh->p);
-                bn_wexpand(pub_key, dh->p->top);
+                if(bn_wexpand(pub_key, dh->p->top) == NULL) goto err;
                if(pub_key == NULL) goto err;
                }
        else
author	djm <>	2010-03-04 11:02:42 +0000
committer	djm <>	2010-03-04 11:02:42 +0000
commit	c87e2fef950513f29035f0902cde1cae8fbaf456 (patch)
tree	f4e593c3e9705b2454c89af66d536e4f5e716173 /src
parent	eb98df51d4533bcb55eec48a0547d0a3fd3780bc (diff)
download	openbsd-c87e2fef950513f29035f0902cde1cae8fbaf456.tar.gz openbsd-c87e2fef950513f29035f0902cde1cae8fbaf456.tar.bz2 openbsd-c87e2fef950513f29035f0902cde1cae8fbaf456.zip