On Wed, 24 Sep 2003, Nils Larsch wrote:
> Otto Moerbeek wrote:
> > Hi,
>
> Moin Otto,
>
> ....
> > I've been working with the big number lib from the open ssl crypto
> > library, and I have found the following problem, which is demonstrated by
> > the program below (you may have to fix the includes if you test it on
> > another platform than OpenBSD).
> >
> > Summary:
> >
> > It seems that the code
> >
> > BIGNUM *z = BN_new();
> > BN_set_word(z, 0);
> > BN_add_word(z, 0);
> >
> > results in a corrupt z: top is bumped, where it should not have been. The
> > test program core dumps while printing the number.
>
> No, the above does not corrupt the bignum, the problem (core dump)
> occurs in BN_bn2dec as BN_bn2dec does not correctly check if the value
> to print is zero (a bignum A is zero if A->top == 0 or A->top == 1
> and A->d[0] == 0). Please try this patch:
Hmmm, did not try your patch yet, but here's another interesting case that
doesn't use BN_bn2dec():
int g(void)
{
BIGNUM *a, *b;
a = BN_new();
BN_set_word(a, 0);
b = BN_new();
BN_set_word(b, 0);
BN_add_word(b, 0);
return BN_cmp(a, b);
}
returns -1 ...
Does BN_cmp also has the same problem, or is something else happening
here?
> --- crypto/bn/bn_print_old.c 2003-09-24 12:46:24.000000000 +0200
> +++ crypto/bn/bn_print.c 2003-09-24 12:47:05.000000000 +0200
> @@ -122,7 +122,7 @@
> p=buf;
> lp=bn_data;
> if (t->neg) *(p++)='-';
> - if (t->top == 0)
> + if (BN_is_zero(t))
> {
> *(p++)='0';
> *(p++)='\0';
>
> >
> > I've tested this on various versions of OpenBSD, Linux and MacOS 10.
> >
> > The most simple fix could be:
> >
> > Index: lib/libssl/src/crypto/bn/bn_word.c
> > ===================================================================
> > RCS file: /cvs/src/lib/libssl/src/crypto/bn/bn_word.c,v
> > retrieving revision 1.5
> > diff -u -r1.5 bn_word.c
> > --- lib/libssl/src/crypto/bn/bn_word.c 12 May 2003 02:18:36 -0000 1.5
> > +++ lib/libssl/src/crypto/bn/bn_word.c 17 Aug 2003 04:50:15 -0000
> > @@ -110,6 +110,9 @@
> > BN_ULONG l;
> > int i;
> >
> > + if ((w & BN_MASK2) == 0)
> > + return(1);
> > +
> > if (a->neg)
> > {
> > a->neg=0;
>
> Nonetheless I think it makes sense to check if the input word in
> BN_add_word (and BN_sub_word) is zero and immediately return 1
> (btw: wouldn't be a simple 'if (w == 0) return 1;' be sufficient ?).
Don't know for sure, but later in the function the masked value is used,
so for safety reasons, I'm testing the masked value.
-Otto
>
> Nils
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
