diff options
author | Bodo Möller <bodo@openssl.org> | 2008-09-14 13:42:40 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2008-09-14 13:42:40 +0000 |
commit | 36a4a67b2b016b5918c06b8c001cdb94c387c0e2 (patch) | |
tree | 8e54db33ea20191ec387d6fa1d5b02a028685837 /crypto/bn/bn_div.c | |
parent | 3413424f0157de3a19ad0b2c21e3585ff1b07c6a (diff) |
Some precautions to avoid potential security-relevant problems.
Diffstat (limited to 'crypto/bn/bn_div.c')
-rw-r--r-- | crypto/bn/bn_div.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 8655eb118e..1e8e57626b 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -187,6 +187,17 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_ULONG d0,d1; int num_n,div_n; + /* Invalid zero-padding would have particularly bad consequences + * in the case of 'num', so don't just rely on bn_check_top() for this one + * (bn_check_top() works only for BN_DEBUG builds) */ + if (num->top > 0 && num->d[num->top - 1] == 0) + { + BNerr(BN_F_BN_DIV,BN_R_NOT_INITIALIZED); + return 0; + } + + bn_check_top(num); + if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) { return BN_div_no_branch(dv, rm, num, divisor, ctx); @@ -194,7 +205,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, bn_check_top(dv); bn_check_top(rm); - bn_check_top(num); + /* bn_check_top(num); */ /* 'num' has been checked already */ bn_check_top(divisor); if (BN_is_zero(divisor)) @@ -419,7 +430,7 @@ static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, bn_check_top(dv); bn_check_top(rm); - bn_check_top(num); + /* bn_check_top(num); */ /* 'num' has been checked in BN_div() */ bn_check_top(divisor); if (BN_is_zero(divisor)) |