diff options
author | slontis <shane.lontis@oracle.com> | 2023-01-11 11:05:04 +1000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-02-07 17:05:10 +0100 |
commit | bcec03c33cc00a7b5eb89ebeeee59e604570a86a (patch) | |
tree | dfad452c9fd62d3a7492b04edfb2e6227a1f0345 /crypto | |
parent | 3436f9c24ab90c1661e4798e7944f028d5d251ce (diff) |
Fix NULL deference when validating FFC public key.
Fixes CVE-2023-0217
When attempting to do a BN_Copy of params->p there was no NULL check.
Since BN_copy does not check for NULL this is a NULL reference.
As an aside BN_cmp() does do a NULL check, so there are other checks
that fail because a NULL is passed. A more general check for NULL params
has been added for both FFC public and private key validation instead.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/ffc/ffc_key_validate.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/crypto/ffc/ffc_key_validate.c b/crypto/ffc/ffc_key_validate.c index 9f6525a2c8..442303e4b3 100644 --- a/crypto/ffc/ffc_key_validate.c +++ b/crypto/ffc/ffc_key_validate.c @@ -24,6 +24,11 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params, BN_CTX *ctx = NULL; *ret = 0; + if (params == NULL || pub_key == NULL || params->p == NULL) { + *ret = FFC_ERROR_PASSED_NULL_PARAM; + return 0; + } + ctx = BN_CTX_new_ex(NULL); if (ctx == NULL) goto err; @@ -107,6 +112,10 @@ int ossl_ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv, *ret = 0; + if (priv == NULL || upper == NULL) { + *ret = FFC_ERROR_PASSED_NULL_PARAM; + goto err; + } if (BN_cmp(priv, BN_value_one()) < 0) { *ret |= FFC_ERROR_PRIVKEY_TOO_SMALL; goto err; |