From 152a689cf93f2bac78c1b0d6ee24c86640ae0f34 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Sun, 3 Dec 2000 09:39:04 +0000 Subject: [PATCH] Don't allow BIGNUMs to become so large that computations with dmax might overflow. --- crypto/bn/bn.h | 1 + crypto/bn/bn_err.c | 1 + crypto/bn/bn_lib.c | 6 ++++++ 3 files changed, 8 insertions(+) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 3d5c91adb9..a5b6ed9d4c 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -541,6 +541,7 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom); #define BN_R_NOT_INITIALIZED 107 #define BN_R_NO_INVERSE 108 #define BN_R_P_IS_NOT_PRIME 112 +#define BN_R_TOO_LARGE 114 #define BN_R_TOO_MANY_ITERATIONS 113 #define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index afb9320322..2bb311f95c 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -105,6 +105,7 @@ static ERR_STRING_DATA BN_str_reasons[]= {BN_R_NOT_INITIALIZED ,"not initialized"}, {BN_R_NO_INVERSE ,"no inverse"}, {BN_R_P_IS_NOT_PRIME ,"p is not prime"}, +{BN_R_TOO_LARGE ,"too large"}, {BN_R_TOO_MANY_ITERATIONS ,"too many iterations"}, {BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"}, {0,NULL} diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 050e02bd3a..096bcf1835 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -312,6 +312,12 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) const BN_ULONG *B; int i; + if (words > (INT_MAX/(4*BN_BITS2))) + { + BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_TOO_LARGE); + return NULL; + } + bn_check_top(b); if (BN_get_flags(b,BN_FLG_STATIC_DATA)) { -- 2.25.1