Skip to content

Commit

Permalink
Fix bn_gcd code to check return value when calling BN_one()
Browse files Browse the repository at this point in the history 
BN_one() uses the expand function which calls malloc which may fail.
All other places that reference BN_one() check the return value.

The issue is triggered by a memory allocation failure.
Detected by PR openssl#18355

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from openssl#18697)

(cherry picked from commit 7fe7cc5)
  • Loading branch information
@slontis @levitte
slontis authored and levitte committed Jul 5, 2022
1 parent 7a05fcb commit 6495cab
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions crypto/bn/bn_gcd.c
View file
Expand Up @@ -47,7 +47,8 @@ BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in,
if (R == NULL)
goto err;

BN_one(X);
if (!BN_one(X))
goto err;
BN_zero(Y);
if (BN_copy(B, a) == NULL)
goto err;
Expand Down Expand Up @@ -235,7 +236,8 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
if (R == NULL)
goto err;

BN_one(X);
if (!BN_one(X))
goto err;
BN_zero(Y);
if (BN_copy(B, a) == NULL)
goto err;
Expand Down

0 comments on commit 6495cab

Please sign in to comment.