generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters.

Browse Source 
CVE-2015-1788

Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Andy Polyakov 2015-06-11 00:18:01 +02:00
parent 59302b600e
commit 4924b37ee0
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
crypto/bn/bn_gf2m.c
View File

@ -691,9 +691,10 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
} }
# else # else
{ {
int i, ubits = BN_num_bits(u), vbits = BN_num_bits(v), /* v is copy int i;
* of p */ int ubits = BN_num_bits(u);
top = p->top; int vbits = BN_num_bits(v); /* v is copy of p */
int top = p->top;
BN_ULONG *udp, *bdp, *vdp, *cdp; BN_ULONG *udp, *bdp, *vdp, *cdp;
bn_wexpand(u, top); bn_wexpand(u, top);
@ -737,8 +738,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
ubits--; ubits--;
} }
if (ubits <= BN_BITS2 && udp[0] == 1) if (ubits <= BN_BITS2) {
break; if (udp[0] == 0) /* poly was reducible */
goto err;
if (udp[0] == 1)
break;
}
if (ubits < vbits) { if (ubits < vbits) {
i = ubits; i = ubits;