Commit f61bbf8d authored by Andy Polyakov's avatar Andy Polyakov Committed by Matt Caswell
Browse files

bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters. 



CVE-2015-1788

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(cherry picked from commit 4924b37e)
parent 1f31458a

crypto/bn/bn_gf2m.c

+10 −5
Original line number Diff line number Diff line
@@ -694,9 +694,10 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) 
    }

# else

    {

        int i, ubits = BN_num_bits(u), vbits = BN_num_bits(v), /* v is copy

                                                                * of p */

            top = p->top;

        int i;

        int ubits = BN_num_bits(u);

        int vbits = BN_num_bits(v); /* v is copy of p */

        int top = p->top;

        BN_ULONG *udp, *bdp, *vdp, *cdp;



        bn_wexpand(u, top);
@@ -740,8 +741,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) 
                ubits--;

            }



            if (ubits <= BN_BITS2 && udp[0] == 1)

            if (ubits <= BN_BITS2) {

                if (udp[0] == 0) /* poly was reducible */

                    goto err;

                if (udp[0] == 1)

                    break;

            }



            if (ubits < vbits) {

                i = ubits;