From 5ed42a26dacd5dde493c7471c6f79c7ee2cf0c41 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Tue, 8 Nov 2022 17:43:22 +0100 Subject: Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime Otherwise the alloca can cause an exception. Issue reported by Jiayi Lin. Reviewed-by: Tomas Mraz Reviewed-by: Todd Short (Merged from https://github.com/openssl/openssl/pull/20005) (cherry picked from commit 30667f5c306dbc11ac0e6fddc7d26fd984d546ab) --- test/exptest.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'test/exptest.c') diff --git a/test/exptest.c b/test/exptest.c index f6ff411ca1..9dadd4873f 100644 --- a/test/exptest.c +++ b/test/exptest.c @@ -50,6 +50,7 @@ static int test_mod_exp_zero(void) BN_ULONG one_word = 1; BN_CTX *ctx = BN_CTX_new(); int ret = 0, failed = 0; + BN_MONT_CTX *mont = NULL; if (!TEST_ptr(m = BN_new()) || !TEST_ptr(a = BN_new()) @@ -94,6 +95,33 @@ static int test_mod_exp_zero(void) if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a))) failed = 1; + if (!TEST_ptr(mont = BN_MONT_CTX_new())) + goto err; + + ERR_set_mark(); + /* mont is not set but passed in */ + if (!TEST_false(BN_mod_exp_mont_consttime(r, p, a, m, ctx, mont))) + goto err; + if (!TEST_false(BN_mod_exp_mont(r, p, a, m, ctx, mont))) + goto err; + ERR_pop_to_mark(); + + if (!TEST_true(BN_MONT_CTX_set(mont, m, ctx))) + goto err; + + /* we compute 0 ** a mod 1 here, to execute code that uses mont */ + if (!TEST_true(BN_mod_exp_mont_consttime(r, p, a, m, ctx, mont))) + goto err; + + if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a))) + failed = 1; + + if (!TEST_true(BN_mod_exp_mont(r, p, a, m, ctx, mont))) + goto err; + + if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont", r, a))) + failed = 1; + /* * A different codepath exists for single word multiplication * in non-constant-time only. @@ -114,6 +142,7 @@ static int test_mod_exp_zero(void) BN_free(a); BN_free(p); BN_free(m); + BN_MONT_CTX_free(mont); BN_CTX_free(ctx); return ret; -- cgit v1.2.3