New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check for 0 modulus in BN_RECP_CTX_set. #21255
Conversation
This would be eligible for CLA: trivial. If you're OK with it, please amend the commit message body ( |
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
The function BN_RECP_CTX_set did not check whether arg d is zero, in which case an early failure should be returned to the invoker. This is a similar fix to the cognate defect of CVE-2015-1794. Fixes openssl#21111 CLA: trivial
20614d8
to
6d61f26
Compare
Merged to all three. Thanks for the contribution. |
The function BN_RECP_CTX_set did not check whether arg d is zero, in which case an early failure should be returned to the invoker. This is a similar fix to the cognate defect of CVE-2015-1794. Fixes #21111 CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #21255) (cherry picked from commit 43596b3)
The function BN_RECP_CTX_set did not check whether arg d is zero, in which case an early failure should be returned to the invoker. This is a similar fix to the cognate defect of CVE-2015-1794. Fixes #21111 CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #21255) (cherry picked from commit 43596b3)
The function BN_RECP_CTX_set did not check whether arg d is zero, in which case an early failure should be returned to the invoker. This is a similar fix to the cognate defect of CVE-2015-1794. Fixes #21111 CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #21255)
The function BN_RECP_CTX_set did not check whether arg d is zero, in which case an early failure should be returned to the invoker. This is a similar fix to the cognate defect of CVE-2015-1794.
Fixes #21111
Checklist