From d70a562714199c9a4eb835efe7b22c9a7017e7e5 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Fri, 24 Jun 2016 11:07:52 -0400
Subject: Handle BN_mod_word failures.

As of 37258dadaa9e36db4b96a3aa54aa6c67136160cc and the corresponding upstream
change, BN_mod_word may fail, like BN_div_word. Handle this properly. Thanks to
Brian Smith for pointing this out. See BoringSSL's
44bedc348d9491e63c7ed1438db100a4b8a830be.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1251
---
 crypto/dh/dh_check.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'crypto/dh')

diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 8d2e096c08..fcc1d99ad7 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -68,10 +68,14 @@ int DH_check(const DH *dh, int *ret)
 
     } else if (BN_is_word(dh->g, DH_GENERATOR_2)) {
         l = BN_mod_word(dh->p, 24);
+        if (l == (BN_ULONG)-1)
+            goto err;
         if (l != 11)
             *ret |= DH_NOT_SUITABLE_GENERATOR;
     } else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
         l = BN_mod_word(dh->p, 10);
+        if (l == (BN_ULONG)-1)
+            goto err;
         if ((l != 3) && (l != 7))
             *ret |= DH_NOT_SUITABLE_GENERATOR;
     } else
-- 
cgit v1.2.3