diff options
author | Andy Polyakov <appro@openssl.org> | 2015-06-11 00:18:01 +0200 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-06-11 14:52:39 +0100 |
commit | 40b8eb792d591d19751afc4d056c8e84260bdeb8 (patch) | |
tree | 943eafc5398331b14a4202b0678c8679e6aea7a0 /crypto/bn | |
parent | ab17f6b746b99bab3d9d3728a2ad067b2cf4970e (diff) |
bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters.
CVE-2015-1788
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4924b37ee01f71ae19c94a8934b80eeb2f677932)
Diffstat (limited to 'crypto/bn')
-rw-r--r-- | crypto/bn/bn_gf2m.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 1981f16023..cfa1c7ce14 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -693,9 +693,10 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) } # else { - int i, ubits = BN_num_bits(u), vbits = BN_num_bits(v), /* v is copy - * of p */ - top = p->top; + int i; + int ubits = BN_num_bits(u); + int vbits = BN_num_bits(v); /* v is copy of p */ + int top = p->top; BN_ULONG *udp, *bdp, *vdp, *cdp; bn_wexpand(u, top); @@ -739,8 +740,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ubits--; } - if (ubits <= BN_BITS2 && udp[0] == 1) - break; + if (ubits <= BN_BITS2) { + if (udp[0] == 0) /* poly was reducible */ + goto err; + if (udp[0] == 1) + break; + } if (ubits < vbits) { i = ubits; |