Google Git
Sign in
boringssl / boringssl / 9e45d6e42feeed18d8818540471874072f429983
commit9e45d6e42feeed18d8818540471874072f429983[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Tue Aug 11 17:10:55 2015 -0400
committerAdam Langley <agl@google.com>Mon Aug 17 20:32:38 2015 +0000
tree063d0c2028f0e2be4c51a0d21bec58d49ed40a83
parent719220ec8ea71081c521e4d6fbcf11424a8a6ffa [diff]
Check for 0 modulus in BN_MONT_CTX_set.

The function BN_MONT_CTX_set was assuming that the modulus was non-zero
and therefore that |mod->top| > 0. In an error situation that may not be
the case and could cause a seg fault.

This is a follow on from CVE-2015-1794.

(Imported from upstream's 512368c9ed4d53fb230000e83071eb81bf628b22.)

The CVE itself doesn't affect us as the bit strength check in the DHE logic
excludes zero.

Also add tests to bn_test for a couple of division by zero cases. (This and
BN_div.)

Change-Id: Ibd8ef98d6be48eb95110021c23cd8e278656764d
Reviewed-on: https://boringssl-review.googlesource.com/5690
Reviewed-by: Adam Langley <agl@google.com>
2 files changed
tree: 063d0c2028f0e2be4c51a0d21bec58d49ed40a83
  1. crypto/
  2. decrepit/
  3. doc/
  4. include/
  5. ssl/
  6. tool/
  7. util/
  8. .clang-format
  9. .gitignore
  10. BUILDING
  11. CMakeLists.txt
  12. codereview.settings
  13. LICENSE
  14. STYLE