Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
49 lines (41 sloc) 1.67 KB
/* Example code to show miscalculation of BN_mod_exp() function in OpenSSL (CVE-2015-3193)
* compile:
* gcc -o [output] [input] -lgcrypt -lcrypto
* OpenSSL 1.0.2 versions before 1.0.2e on x86_64 contain a bug in the function BN_mod_exp(),
* sometimes it produces wrong results. This example code will do a calculation that is affected
* and compares the result with the same calculation done by libgcrypt.
* by Hanno Böck, license: CC0 (public domain)
#include <gcrypt.h>
#include <openssl/bn.h>
#define MI "414141414141414141414127414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005"
#define AI "050505050505"
#define BI "02"
int main() {
gcry_mpi_t ag = gcry_mpi_new(0);
gcry_mpi_t bg = gcry_mpi_new(0);
gcry_mpi_t mg = gcry_mpi_new(0);
gcry_mpi_t rg = gcry_mpi_new(0);
char* o;
size_t i;
BN_CTX *ctx = BN_CTX_new();
BIGNUM *a = BN_new();
BIGNUM *b = BN_new();
BIGNUM *m = BN_new();
BIGNUM *r = BN_new();
gcry_mpi_scan(&mg, GCRYMPI_FMT_HEX, MI, 0, NULL);
gcry_mpi_scan(&ag, GCRYMPI_FMT_HEX, AI, 0, NULL);
gcry_mpi_scan(&bg, GCRYMPI_FMT_HEX, BI, 0, NULL);
gcry_mpi_powm(rg, ag, bg, mg);
gcry_mpi_aprint(GCRYMPI_FMT_HEX, (unsigned char**) &o, &i, rg);
BN_hex2bn(&m, MI);
BN_hex2bn(&a, AI);
BN_hex2bn(&b, BI);
BN_mod_exp(r, a, b, m, ctx);
printf("%s\n", BN_bn2hex(r));
if (strcmp(BN_bn2hex(r), o)!=0) printf("fail\n"); else printf("ok\n");
You can’t perform that action at this time.