Handle BN_mod_word failures.

As of 37258dadaa9e36db4b96a3aa54aa6c67136160cc and the corresponding upstream change, BN_mod_word may fail, like BN_div_word. Handle this properly. Thanks to Brian Smith for pointing this out. See BoringSSL's 44bedc348d9491e63c7ed1438db100a4b8a830be. Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1251
author: David Benjamin <davidben@google.com> 2016-06-24 11:07:52 -0400
committer: Kurt Roeckx <kurt@roeckx.be> 2016-06-25 11:01:34 +0200
commit: d70a562714199c9a4eb835efe7b22c9a7017e7e5 (patch)
tree: d1db68f2d94d79db0f212fb7bcd2896be542fa8e /crypto/dh
parent: 748e85308ef4f3e672975b3604ea2d76424fa404 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 8d2e096c08..fcc1d99ad7 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -68,10 +68,14 @@ int DH_check(const DH *dh, int *ret)
 
     } else if (BN_is_word(dh->g, DH_GENERATOR_2)) {
         l = BN_mod_word(dh->p, 24);
+        if (l == (BN_ULONG)-1)
+            goto err;
         if (l != 11)
             *ret |= DH_NOT_SUITABLE_GENERATOR;
     } else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
         l = BN_mod_word(dh->p, 10);
+        if (l == (BN_ULONG)-1)
+            goto err;
         if ((l != 3) && (l != 7))
             *ret |= DH_NOT_SUITABLE_GENERATOR;
     } else
author	David Benjamin <davidben@google.com>	2016-06-24 11:07:52 -0400
committer	Kurt Roeckx <kurt@roeckx.be>	2016-06-25 11:01:34 +0200
commit	d70a562714199c9a4eb835efe7b22c9a7017e7e5 (patch)
tree	d1db68f2d94d79db0f212fb7bcd2896be542fa8e /crypto/dh
parent	748e85308ef4f3e672975b3604ea2d76424fa404 (diff)