bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters.

author Andy Polyakov <appro@openssl.org>

Wed, 10 Jun 2015 22:18:01 +0000 (00:18 +0200)

committer Matt Caswell <matt@openssl.org>

Thu, 11 Jun 2015 14:02:21 +0000 (15:02 +0100)
author Andy Polyakov <appro@openssl.org>
Wed, 10 Jun 2015 22:18:01 +0000 (00:18 +0200)
committer Matt Caswell <matt@openssl.org>
Thu, 11 Jun 2015 14:02:21 +0000 (15:02 +0100)
diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c

index aeee49a0156f2a2b15f8d246907dd3f67deaa8dd..a0ba8de31ad4e52199f2db8a20fa6ac0802f8acb 100644 (file)
--- a/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
@@ -694,9 +694,10 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
      }
  # else
      {
-        int i, ubits = BN_num_bits(u), vbits = BN_num_bits(v), /* v is copy
-                                                                * of p */
-            top = p->top;
+        int i;
+        int ubits = BN_num_bits(u);
+        int vbits = BN_num_bits(v); /* v is copy of p */
+        int top = p->top;
          BN_ULONG *udp, *bdp, *vdp, *cdp;
  
          bn_wexpand(u, top);
@@ -740,8 +741,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                  ubits--;
              }
  
-            if (ubits <= BN_BITS2 && udp[0] == 1)
-                break;
+            if (ubits <= BN_BITS2) {
+                if (udp[0] == 0) /* poly was reducible */
+                    goto err;
+                if (udp[0] == 1)
+                    break;
+            }
  
              if (ubits < vbits) {
                  i = ubits;
author	Andy Polyakov <appro@openssl.org>
	Wed, 10 Jun 2015 22:18:01 +0000 (00:18 +0200)
committer	Matt Caswell <matt@openssl.org>
	Thu, 11 Jun 2015 14:02:21 +0000 (15:02 +0100)