Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return an error from BN_mod_inverse if n is 1 (or -1) #6119

Closed
wants to merge 1 commit into from
Closed

Return an error from BN_mod_inverse if n is 1 (or -1) #6119

wants to merge 1 commit into from

Conversation

mattcaswell
Copy link
Member

Calculating BN_mod_inverse where n is 1 (or -1) doesn't make sense. We
should return an error in that case. Instead we were returning a valid
result with value 0.

Fixes #6004

I've marked this as WIP because I'd like some feedback on this. It turns out that, even though it doesn't make any sense to ask for BN_mod_inverse() with n set to 1 we were doing it anyway - and rely on the fact that the result is 0. I have fixed the instance where that occurred, but it made me worry that if we are doing it, are there other applications doing it too (which we would break)?

The alternative to fixing it is to just document the quirk.

Should we fix it or document it?

@mattcaswell
Return an error from BN_mod_inverse if n is 1 (or -1)
5636d86 
Calculating BN_mod_inverse where n is 1 (or -1) doesn't make sense. We
should return an error in that case. Instead we were returning a valid
result with value 0.

Fixes openssl#6004
@mattcaswell
Copy link
Member Author

Ping @openssl/committers. Thoughts please!

@richsalz
Copy link
Contributor

Fix it. It's a math error.

@mattcaswell mattcaswell changed the title WIP: Return an error from BN_mod_inverse if n is 1 (or -1) Return an error from BN_mod_inverse if n is 1 (or -1) May 2, 2018
@mattcaswell
Copy link
Member Author

Taken out of WIP.

@mattcaswell mattcaswell added branch: master Merge to master branch 1.1.0 branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch labels May 2, 2018
@mattcaswell
Copy link
Member Author

Forgot to add target branch labels. @richsalz are you ok for backport to 1.1.0? It cherry-picks cleanly.

@richsalz
Copy link
Contributor

richsalz commented May 3, 2018

Yes, I am fine with merging to other branches.

@richsalz richsalz added the approval: done This pull request has the required number of approvals label May 3, 2018
levitte pushed a commit that referenced this pull request May 3, 2018
@mattcaswell
Return an error from BN_mod_inverse if n is 1 (or -1)
b1860d6 
Calculating BN_mod_inverse where n is 1 (or -1) doesn't make sense. We
should return an error in that case. Instead we were returning a valid
result with value 0.

Fixes #6004

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from #6119)
levitte pushed a commit that referenced this pull request May 3, 2018
@mattcaswell
Return an error from BN_mod_inverse if n is 1 (or -1)
f4be878 
Calculating BN_mod_inverse where n is 1 (or -1) doesn't make sense. We
should return an error in that case. Instead we were returning a valid
result with value 0.

Fixes #6004

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from #6119)

(cherry picked from commit b1860d6)
@mattcaswell
Copy link
Member Author

Pushed to master and 1.1.0. Thanks.

@mattcaswell mattcaswell closed this May 3, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richsalz richsalz richsalz approved these changes

Assignees
No one assigned
Labels
approval: done This pull request has the required number of approvals branch: master Merge to master branch branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

BN_mod_inverse undocumented behaviour
2 participants
@mattcaswell @richsalz