Google Git
Sign in
boringssl/boringssl.git/074cc04022db52072b486e60ffdf456116b10145^!/.
commit
074cc04022db52072b486e60ffdf456116b10145
[log]
author
David Benjamin <davidben@chromium.org>
Tue May 26 18:23:16 2015 -0400
committer
Adam Langley <agl@google.com>
Wed May 27 21:59:35 2015 +0000
tree
c3d753d7b07e33b8c68a89b950d4c50aee6d573b
parent
75fb74ae96264860ce37d010f010702241d7344c [diff]
Reject negative shifts for BN_rshift and BN_lshift.

The functions BN_rshift and BN_lshift shift their arguments to the right or
left by a specified number of bits. Unpredicatable results (including
crashes) can occur if a negative number is supplied for the shift value.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian
for discovering and reporting this issue.

(Imported from upstream's 7cc18d8158b5fc2676393d99b51c30c135502107.)

Change-Id: Ib9f5e410a46df3d7f02a61374807fba209612bd3
Reviewed-on: https://boringssl-review.googlesource.com/4892
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/bn/shift.c b/crypto/bn/shift.c
index 1e3b7c3..f143996 100644
--- a/crypto/bn/shift.c
+++ b/crypto/bn/shift.c

@@ -58,6 +58,8 @@
 
 #include <string.h>
 
+#include <openssl/err.h>
+
 #include "internal.h"
 
 
@@ -66,6 +68,11 @@
   BN_ULONG *t, *f;
   BN_ULONG l;
 
+  if (n < 0) {
+    OPENSSL_PUT_ERROR(BN, BN_lshift, BN_R_NEGATIVE_NUMBER);
+    return 0;
+  }
+
   r->neg = a->neg;
   nw = n / BN_BITS2;
   if (bn_wexpand(r, a->top + nw + 1) == NULL) {
@@ -130,6 +137,11 @@
   BN_ULONG *t, *f;
   BN_ULONG l, tmp;
 
+  if (n < 0) {
+    OPENSSL_PUT_ERROR(BN, BN_rshift, BN_R_NEGATIVE_NUMBER);
+    return 0;
+  }
+
   nw = n / BN_BITS2;
   rb = n % BN_BITS2;
   lb = BN_BITS2 - rb;

diff --git a/crypto/err/bn.errordata b/crypto/err/bn.errordata
index ab74073..6fd4968 100644
--- a/crypto/err/bn.errordata
+++ b/crypto/err/bn.errordata

@@ -8,6 +8,7 @@
 BN,function,107,BN_exp
 BN,function,108,BN_generate_dsa_nonce
 BN,function,109,BN_generate_prime_ex
+BN,function,125,BN_lshift
 BN,function,110,BN_mod_exp2_mont
 BN,function,111,BN_mod_exp_mont
 BN,function,112,BN_mod_exp_mont_consttime
@@ -19,6 +20,7 @@
 BN,function,118,BN_new
 BN,function,119,BN_rand
 BN,function,120,BN_rand_range
+BN,function,126,BN_rshift
 BN,function,121,BN_sqrt
 BN,function,122,BN_usub
 BN,function,123,bn_wexpand

diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 2cd0224..d4c85df 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h

@@ -852,6 +852,8 @@
 #define BN_F_BN_usub 122
 #define BN_F_bn_wexpand 123
 #define BN_F_mod_exp_recp 124
+#define BN_F_BN_lshift 125
+#define BN_F_BN_rshift 126
 #define BN_R_ARG2_LT_ARG3 100
 #define BN_R_BAD_RECIPROCAL 101
 #define BN_R_BIGNUM_TOO_LONG 102