diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2015-06-11 15:55:29 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2015-06-11 15:55:29 +0000 |
| commit | a8e50a85b6b5fc1afe7979fc6483f583e3cc308e (patch) | |
| tree | 97d361eed30ee2110ccae6572f384f53b02d62c8 /lib/libcrypto | |
| parent | 05cd3947a5689855ed11c1c309438a1b83b9cdbf (diff) | |
Avoid an infinite loop that can be triggered by parsing an ASN.1
ECParameters structure that has a specially malformed binary polynomial
field.
Issue reported by Joseph Barr-Pixton and fix based on OpenSSL.
Fixes CVE-2015-1788.
ok doug@ miod@
Diffstat (limited to 'lib/libcrypto')
| -rw-r--r-- | lib/libcrypto/bn/bn_gf2m.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/libcrypto/bn/bn_gf2m.c b/lib/libcrypto/bn/bn_gf2m.c index e1537d53793..40c1a942200 100644 --- a/lib/libcrypto/bn/bn_gf2m.c +++ b/lib/libcrypto/bn/bn_gf2m.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_gf2m.c,v 1.19 2015/04/29 00:11:12 doug Exp $ */ +/* $OpenBSD: bn_gf2m.c,v 1.20 2015/06/11 15:55:28 jsing Exp $ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -745,8 +745,13 @@ BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ubits--; } - if (ubits <= BN_BITS2 && udp[0] == 1) - break; + if (ubits <= BN_BITS2) { + /* See if poly was reducible. */ + if (udp[0] == 0) + goto err; + if (udp[0] == 1) + break; + } if (ubits < vbits) { i = ubits; |