diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2023-03-15 04:30:21 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2023-03-15 04:30:21 +0000 |
| commit | f4f12490feb2b91ebf2c3338b8c9817e2b0856ad (patch) | |
| tree | d7486c1123433fed02c5f470508b9ac1d65a337c /lib/libcrypto/bn | |
| parent | 697014df37d0c896e80981526db79c7809a7ef9a (diff) | |
Ensure negative input to BN_mod_exp_mont_consttime() is correctly reduced.
A negative input to BN_mod_exp_mont_consttime() is not correctly reduced,
remaining negative (when it should be in the range [0, m)). Fix this by
unconditionally calling BN_nnmod() on the input.
Fixes ossfuzz #55997.
ok tb@
Diffstat (limited to 'lib/libcrypto/bn')
| -rw-r--r-- | lib/libcrypto/bn/bn_exp.c | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/lib/libcrypto/bn/bn_exp.c b/lib/libcrypto/bn/bn_exp.c index 4011bb48909..9abf574b576 100644 --- a/lib/libcrypto/bn/bn_exp.c +++ b/lib/libcrypto/bn/bn_exp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_exp.c,v 1.37 2023/02/03 05:30:49 jsing Exp $ */ +/* $OpenBSD: bn_exp.c,v 1.38 2023/03/15 04:30:20 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -459,12 +459,9 @@ BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, #endif /* prepare a^1 in Montgomery domain */ - if (a->neg || BN_ucmp(a, m) >= 0) { - if (!BN_mod_ct(&am, a,m, ctx)) - goto err; - if (!BN_to_montgomery(&am, &am, mont, ctx)) - goto err; - } else if (!BN_to_montgomery(&am, a,mont, ctx)) + if (!BN_nnmod(&am, a, m, ctx)) + goto err; + if (!BN_to_montgomery(&am, &am, mont, ctx)) goto err; #if defined(OPENSSL_BN_ASM_MONT5) |