The branch OpenSSL_1_0_2-stable has been updated via 8ac70bef694e733cec0f19a9438af98991cb5fa3 (commit) from 3201a1d68121cb074c4b7e7712be77acb17df632 (commit)
- Log ----------------------------------------------------------------- commit 8ac70bef694e733cec0f19a9438af98991cb5fa3 Author: Rich Salz <rs...@openssl.org> Date: Tue Nov 15 18:54:28 2016 -0500 Check return value of some BN functions. Factorise multiple bn_get_top(group->field) calls Add missing checks on some conditional BN_copy return value Add missing checks on some BN_copy return value Add missing checks on a few bn_wexpand return value Reviewed-by: Richard Levitte <levi...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1626) (cherry picked from commit 78e09b53a40729f5e99829ccc733b592bd22fea1) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_exp.c | 5 +++-- crypto/bn/bn_mul.c | 5 +++-- crypto/bn/bn_prime.c | 3 ++- crypto/bn/bn_sqr.c | 5 +++-- crypto/ec/ec2_mult.c | 20 +++++++++++--------- crypto/rsa/rsa_gen.c | 3 ++- 6 files changed, 24 insertions(+), 17 deletions(-) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 1670f01..195a786 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -180,8 +180,9 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto err; } } - if (r != rr) - BN_copy(r, rr); + if (r != rr && BN_copy(r, rr) == NULL) + goto err; + ret = 1; err: BN_CTX_end(ctx); diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index b174850..3c618dc 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -1083,8 +1083,9 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) end: #endif bn_correct_top(rr); - if (r != rr) - BN_copy(r, rr); + if (r != rr && BN_copy(r, rr) == NULL) + goto err; + ret = 1; err: bn_check_top(r); diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 1d25687..8177fd2 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -283,7 +283,8 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BIGNUM *t; if ((t = BN_CTX_get(ctx)) == NULL) goto err; - BN_copy(t, a); + if (BN_copy(t, a) == NULL) + goto err; t->neg = 0; A = t; } else diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c index 3ca6987..256d26e 100644 --- a/crypto/bn/bn_sqr.c +++ b/crypto/bn/bn_sqr.c @@ -143,8 +143,9 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) rr->top = max - 1; else rr->top = max; - if (rr != r) - BN_copy(r, rr); + if (r != rr && BN_copy(r, rr) == NULL) + goto err; + ret = 1; err: bn_check_top(rr); diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c index 68cc877..1f9cc00 100644 --- a/crypto/ec/ec2_mult.c +++ b/crypto/ec/ec2_mult.c @@ -267,7 +267,7 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, BN_CTX *ctx) { BIGNUM *x1, *x2, *z1, *z2; - int ret = 0, i; + int ret = 0, i, group_top; BN_ULONG mask, word; if (r == point) { @@ -297,10 +297,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, x2 = &r->X; z2 = &r->Y; - bn_wexpand(x1, group->field.top); - bn_wexpand(z1, group->field.top); - bn_wexpand(x2, group->field.top); - bn_wexpand(z2, group->field.top); + group_top = group->field.top; + if (bn_wexpand(x1, group_top) == NULL + || bn_wexpand(z1, group_top) == NULL + || bn_wexpand(x2, group_top) == NULL + || bn_wexpand(z2, group_top) == NULL) + goto err; if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ @@ -329,14 +331,14 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, for (; i >= 0; i--) { word = scalar->d[i]; while (mask) { - BN_consttime_swap(word & mask, x1, x2, group->field.top); - BN_consttime_swap(word & mask, z1, z2, group->field.top); + BN_consttime_swap(word & mask, x1, x2, group_top); + BN_consttime_swap(word & mask, z1, z2, group_top); if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; - BN_consttime_swap(word & mask, x1, x2, group->field.top); - BN_consttime_swap(word & mask, z1, z2, group->field.top); + BN_consttime_swap(word & mask, x1, x2, group_top); + BN_consttime_swap(word & mask, z1, z2, group_top); mask >>= 1; } mask = BN_TBIT; diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 7f7dca3..082c8da 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -142,7 +142,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL)) goto err; - BN_copy(rsa->e, e_value); + if (BN_copy(rsa->e, e_value) == NULL) + goto err; /* generate p and q */ for (;;) { _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits