summaryrefslogtreecommitdiffstats
path: root/crypto/bn/bn_div.c
diff options
context:
space:
mode:
authorBodo Möller <bodo@openssl.org>2008-09-14 13:42:40 +0000
committerBodo Möller <bodo@openssl.org>2008-09-14 13:42:40 +0000
commit36a4a67b2b016b5918c06b8c001cdb94c387c0e2 (patch)
tree8e54db33ea20191ec387d6fa1d5b02a028685837 /crypto/bn/bn_div.c
parent3413424f0157de3a19ad0b2c21e3585ff1b07c6a (diff)
Some precautions to avoid potential security-relevant problems.
Diffstat (limited to 'crypto/bn/bn_div.c')
-rw-r--r--crypto/bn/bn_div.c15
1 files changed, 13 insertions, 2 deletions
diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
index 8655eb118e..1e8e57626b 100644
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -187,6 +187,17 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
BN_ULONG d0,d1;
int num_n,div_n;
+ /* Invalid zero-padding would have particularly bad consequences
+ * in the case of 'num', so don't just rely on bn_check_top() for this one
+ * (bn_check_top() works only for BN_DEBUG builds) */
+ if (num->top > 0 && num->d[num->top - 1] == 0)
+ {
+ BNerr(BN_F_BN_DIV,BN_R_NOT_INITIALIZED);
+ return 0;
+ }
+
+ bn_check_top(num);
+
if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0))
{
return BN_div_no_branch(dv, rm, num, divisor, ctx);
@@ -194,7 +205,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
bn_check_top(dv);
bn_check_top(rm);
- bn_check_top(num);
+ /* bn_check_top(num); */ /* 'num' has been checked already */
bn_check_top(divisor);
if (BN_is_zero(divisor))
@@ -419,7 +430,7 @@ static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
bn_check_top(dv);
bn_check_top(rm);
- bn_check_top(num);
+ /* bn_check_top(num); */ /* 'num' has been checked in BN_div() */
bn_check_top(divisor);
if (BN_is_zero(divisor))
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-21 19:20:50 +0000