diff options
| author | Emilia Kasper <emilia@openssl.org> | 2015-08-31 15:51:27 +0200 |
|---|---|---|
| committer | Emilia Kasper <emilia@openssl.org> | 2015-08-31 19:25:59 +0200 |
| commit | a9009e518ca03f35a1e1a0858faf81865f8eff1e (patch) | |
| tree | a2bfd81e795639693e5ff02476b07c73df6fad46 /crypto | |
| parent | 6dc08048d93ff35de882878f190ae49aa698b5d2 (diff) | |
| download | openssl-new-a9009e518ca03f35a1e1a0858faf81865f8eff1e.tar.gz | |
BN_mod_exp_mont_consttime: check for zero modulus.
Don't dereference |d| when |top| is zero. Also test that various BIGNUM methods behave correctly on zero/even inputs.
Follow-up to b11980d79a52ec08844f08bea0e66c04b691840b
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/bn/bn_exp.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 10dc3eb358..66feddcf96 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -662,12 +662,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, bn_check_top(p); bn_check_top(m); - top = m->top; - - if (!(m->d[0] & 1)) { + if (!BN_is_odd(m)) { BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS); return (0); } + + top = m->top; + bits = BN_num_bits(p); if (bits == 0) { ret = BN_one(rr); |