Created a pull request at: https://github.com/openssl/openssl/pull/140
On Thu, Jun 19, 2014 at 1:08 PM, The default queue via RT <[email protected]> wrote: > > Greetings, > > This message has been automatically generated in response to the > creation of a trouble ticket regarding: > "[patch] Make sure the return BIGNUM from BN_sqr cannot be > negative under any condition", > a summary of which appears below. > > There is no need to reply to this message right now. Your ticket has been > assigned an ID of [openssl.org #3410]. > > Please include the string: > > [openssl.org #3410] > > in the subject line of all future correspondence about this issue. To do > so, > you may reply to this message. > > Thank you, > [email protected] > > ------------------------------------------------------------------------- > Hi All, > > I was looking at the bugs reported in openssl bignum implementation at: > http://seclists.org/fulldisclosure/2013/Dec/8 > > Most of them are false positives or abuse of the API/internal bignum > structure. > I have put some details here: > https://bugzilla.redhat.com/show_bug.cgi?id=1038999 > > There is only one which looks like a minor issue to me and i have an > attached a patch to correct it. > > Consider the code-snippet below: > > BIGNUM *z,*o; > BN_CTX *ctx = BN_CTX_new(); > > z = BN_new(); > o = BN_new(); > > > BN_zero(z); > BN_one(o); > BN_set_negative(o, 1); > BN_sqr(o, z, ctx); > > printf("%s\n", BN_bn2hex(o)); > > I know its wrong to mangle 'o' before passing it to BN_sqr, but just > in case someone does this, > > this patch should address the problem. > > > commit 84a8e4cdb1a49808c44fc2ae3a1d5ef5c125c2a3 > Author: Huzaifa Sidhpurwala <[email protected]> > Date: Thu Jun 19 12:33:39 2014 +0530 > > Make sure BN_sqr can never return a negative number, > even though the output BN is mangled > > diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c > index 270d0cd..7b98e1c 100644 > --- a/crypto/bn/bn_sqr.c > +++ b/crypto/bn/bn_sqr.c > @@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) > if (al <= 0) > { > r->top=0; > + r->neg=0; /* just to make sure */ > return 1; > } > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
