diff options
| author | Brent Cook <bcook@cvs.openbsd.org> | 2016-09-02 15:22:07 +0000 |
|---|---|---|
| committer | Brent Cook <bcook@cvs.openbsd.org> | 2016-09-02 15:22:07 +0000 |
| commit | 4190ed6ccd8a86723b4f0491a0cbd1a5d04bea01 (patch) | |
| tree | 571d23fb0bfed8a3c5737b37444430337963d3f5 /lib/libcrypto | |
| parent | 5b759075f45ba3cb774c8c8ca34d38a8ccab2916 (diff) | |
BN_mod_exp_mont_consttime: check for zero modulus.
Don't dereference d when top is zero.
Original patch from OpenSSL commit d46e946d2603c64df6e1e4f9db0c70baaf1c4c03
ok jsing@
Diffstat (limited to 'lib/libcrypto')
| -rw-r--r-- | lib/libcrypto/bn/bn_exp.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/libcrypto/bn/bn_exp.c b/lib/libcrypto/bn/bn_exp.c index c4ca36d1365..bd9fce59ffc 100644 --- a/lib/libcrypto/bn/bn_exp.c +++ b/lib/libcrypto/bn/bn_exp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_exp.c,v 1.23 2015/09/10 15:56:25 jsing Exp $ */ +/* $OpenBSD: bn_exp.c,v 1.24 2016/09/02 15:22:06 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -589,13 +589,14 @@ BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, bn_check_top(p); bn_check_top(m); - top = m->top; - - if (!(m->d[0] & 1)) { + if (!BN_is_odd(m)) { BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS); return (0); } + + top = m->top; + bits = BN_num_bits(p); if (bits == 0) { ret = BN_one(rr); |