From 43135a5d2274c24e97f50e16ce492c22eb717ab2 Mon Sep 17 00:00:00 2001
From: Hugo Landau <hlandau@openssl.org>
Date: Tue, 1 Mar 2022 14:08:12 +0000
Subject: Fix NULL pointer dereference for BN_mod_exp2_mont

This fixes a bug whereby BN_mod_exp2_mont can dereference a NULL pointer
if BIGNUM argument m represents zero.

Regression test added. Fixes #17648.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17783)
---
 crypto/bn/bn_exp2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'crypto')

diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c
index 4713503d07..e8043cb26f 100644
--- a/crypto/bn/bn_exp2.c
+++ b/crypto/bn/bn_exp2.c
@@ -32,7 +32,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
     bn_check_top(p2);
     bn_check_top(m);
 
-    if (!(m->d[0] & 1)) {
+    if (!BN_is_odd(m)) {
         ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS);
         return 0;
     }
-- 
cgit v1.2.3