Check for 0 modulus in BN_RECP_CTX_set.

The function BN_RECP_CTX_set did not check whether arg d is zero, in which case an early failure should be returned to the invoker. This is a similar fix to the cognate defect of CVE-2015-1794. Fix #21111
openssl · Jun 21, 2023 · 20614d8 · 20614d8
1 parent 7f4cc3b
commit 20614d8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c
@@ -42,7 +42,7 @@ void BN_RECP_CTX_free(BN_RECP_CTX *recp)
 
 int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
 {
-    if (!BN_copy(&(recp->N), d))
+    if (BN_is_zero(d) || !BN_copy(&(recp->N), d))
         return 0;
     BN_zero(&(recp->Nr));
     recp->num_bits = BN_num_bits(d);