diff options
author | Matt Caswell <matt@openssl.org> | 2018-04-27 17:36:11 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-05-03 10:14:12 +0100 |
commit | b1860d6c71733314417d053a72af66ae72e8268e (patch) | |
tree | 0dd7cac671060990c58addb98f72c29b87c7dc4c /crypto/bn/bn_gcd.c | |
parent | 4db296d9f0cf2855b358883a55b77a6b6f6848ba (diff) |
Return an error from BN_mod_inverse if n is 1 (or -1)
Calculating BN_mod_inverse where n is 1 (or -1) doesn't make sense. We
should return an error in that case. Instead we were returning a valid
result with value 0.
Fixes #6004
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6119)
Diffstat (limited to 'crypto/bn/bn_gcd.c')
-rw-r--r-- | crypto/bn/bn_gcd.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index 22f80939d6..6d8c565575 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -140,7 +140,14 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, BIGNUM *ret = NULL; int sign; - if (pnoinv) + /* This is invalid input so we don't worry about constant time here */ + if (BN_abs_is_word(n, 1) || BN_is_zero(n)) { + if (pnoinv != NULL) + *pnoinv = 1; + return NULL; + } + + if (pnoinv != NULL) *pnoinv = 0; if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) |