Skip to content
Permalink
Browse files

bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters.

CVE-2015-1788

Reviewed-by: Matt Caswell <matt@openssl.org>
  • Loading branch information...
dot-asm committed Jun 10, 2015
1 parent 59302b6 commit 4924b37ee01f71ae19c94a8934b80eeb2f677932
Showing with 10 additions and 5 deletions.
  1. +10 −5 crypto/bn/bn_gf2m.c
@@ -691,9 +691,10 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
}
# else
{
int i, ubits = BN_num_bits(u), vbits = BN_num_bits(v), /* v is copy
* of p */
top = p->top;
int i;
int ubits = BN_num_bits(u);
int vbits = BN_num_bits(v); /* v is copy of p */
int top = p->top;
BN_ULONG *udp, *bdp, *vdp, *cdp;

bn_wexpand(u, top);
@@ -737,8 +738,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
ubits--;
}

if (ubits <= BN_BITS2 && udp[0] == 1)
break;
if (ubits <= BN_BITS2) {
if (udp[0] == 0) /* poly was reducible */
goto err;
if (udp[0] == 1)
break;
}

if (ubits < vbits) {
i = ubits;

0 comments on commit 4924b37

Please sign in to comment.
You can’t perform that action at this time.