BN_mod_exp_mont_consttime: check for zero modulus.

Don't dereference |d| when |top| is zero. Also test that various BIGNUM methods behave correctly on zero/even inputs. Original patch from OpenSSL commit d46e946d2603c64df6e1e4f9db0c70baaf1c4c03
author: bcook <> 2016-09-03 14:37:52 +0000
committer: bcook <> 2016-09-03 14:37:52 +0000
commit: e5cd7ad2410b187a41e6ac216c000a85d90f9dcd (patch)
tree: 31d358ba576013da8bf26c4a1d473b7cc1f1e8b0 /src
parent: 27339340e7bb91501e7ce1daf69114c5f1be7146 (diff)
download: openbsd-e5cd7ad2410b187a41e6ac216c000a85d90f9dcd.tar.gz
openbsd-e5cd7ad2410b187a41e6ac216c000a85d90f9dcd.tar.bz2
openbsd-e5cd7ad2410b187a41e6ac216c000a85d90f9dcd.zip
1 files changed, 5 insertions, 4 deletions
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c
index c4ca36d136..9dcbf007f7 100644
--- a/src/lib/libcrypto/bn/bn_exp.c
+++ b/src/lib/libcrypto/bn/bn_exp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_exp.c,v 1.23 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: bn_exp.c,v 1.24 2016/09/03 14:37:52 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -589,13 +589,14 @@ BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
        bn_check_top(p);
        bn_check_top(m);
-        top = m->top;
+        if (!BN_is_odd(m)) {
-        if (!(m->d[0] & 1)) {
                BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,
                    BN_R_CALLED_WITH_EVEN_MODULUS);
                return (0);
        }
+        top = m->top;
        bits = BN_num_bits(p);
        if (bits == 0) {
                ret = BN_one(rr);
author	bcook <>	2016-09-03 14:37:52 +0000
committer	bcook <>	2016-09-03 14:37:52 +0000
commit	e5cd7ad2410b187a41e6ac216c000a85d90f9dcd (patch)
tree	31d358ba576013da8bf26c4a1d473b7cc1f1e8b0 /src
parent	27339340e7bb91501e7ce1daf69114c5f1be7146 (diff)
download	openbsd-e5cd7ad2410b187a41e6ac216c000a85d90f9dcd.tar.gz openbsd-e5cd7ad2410b187a41e6ac216c000a85d90f9dcd.tar.bz2 openbsd-e5cd7ad2410b187a41e6ac216c000a85d90f9dcd.zip