Fix bn_gcd code to check return value when calling BN_one()

BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18697) (cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b)
author: slontis <shane.lontis@oracle.com> 2022-07-01 13:47:11 +1000
committer: Richard Levitte <levitte@openssl.org> 2022-07-05 08:18:09 +0200
commit: c6b5c00c0e6a95eb68b936e0a2a55741717c642a (patch)
tree: 68ce897b6ca62d21c17dda93aff790c7775daa57 /crypto/bn
parent: 016930a13cee4bbad6f989b86a970c60d7d05fe5 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
index 6d709811ac..2b42c7df97 100644
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -47,7 +47,8 @@ BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in,
     if (R == NULL)
         goto err;
 
-    BN_one(X);
+    if (!BN_one(X))
+        goto err;
     BN_zero(Y);
     if (BN_copy(B, a) == NULL)
         goto err;
@@ -235,7 +236,8 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
     if (R == NULL)
         goto err;
 
-    BN_one(X);
+    if (!BN_one(X))
+        goto err;
     BN_zero(Y);
     if (BN_copy(B, a) == NULL)
         goto err;
author	slontis <shane.lontis@oracle.com>	2022-07-01 13:47:11 +1000
committer	Richard Levitte <levitte@openssl.org>	2022-07-05 08:18:09 +0200
commit	c6b5c00c0e6a95eb68b936e0a2a55741717c642a (patch)
tree	68ce897b6ca62d21c17dda93aff790c7775daa57 /crypto/bn
parent	016930a13cee4bbad6f989b86a970c60d7d05fe5 (diff)