diff options
| author | David Benjamin <davidben@google.com> | 2016-06-24 17:07:52 +0200 |
|---|---|---|
| committer | Kurt Roeckx <kurt@roeckx.be> | 2016-06-25 11:01:34 +0200 |
| commit | d70a562714199c9a4eb835efe7b22c9a7017e7e5 (patch) | |
| tree | d1db68f2d94d79db0f212fb7bcd2896be542fa8e /crypto/dh | |
| parent | Fix BN_is_prime* calls. (diff) | |
| download | openssl-d70a562714199c9a4eb835efe7b22c9a7017e7e5.tar.xz openssl-d70a562714199c9a4eb835efe7b22c9a7017e7e5.zip | |
Handle BN_mod_word failures.
As of 37258dadaa9e36db4b96a3aa54aa6c67136160cc and the corresponding upstream
change, BN_mod_word may fail, like BN_div_word. Handle this properly. Thanks to
Brian Smith for pointing this out. See BoringSSL's
44bedc348d9491e63c7ed1438db100a4b8a830be.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1251
Diffstat (limited to 'crypto/dh')
| -rw-r--r-- | crypto/dh/dh_check.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 8d2e096c08..fcc1d99ad7 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -68,10 +68,14 @@ int DH_check(const DH *dh, int *ret) } else if (BN_is_word(dh->g, DH_GENERATOR_2)) { l = BN_mod_word(dh->p, 24); + if (l == (BN_ULONG)-1) + goto err; if (l != 11) *ret |= DH_NOT_SUITABLE_GENERATOR; } else if (BN_is_word(dh->g, DH_GENERATOR_5)) { l = BN_mod_word(dh->p, 10); + if (l == (BN_ULONG)-1) + goto err; if ((l != 3) && (l != 7)) *ret |= DH_NOT_SUITABLE_GENERATOR; } else |