Commit f91e026e authored by Bernd Edlinger's avatar Bernd Edlinger
Browse files

Fix a possible crash in BN_from_montgomery_word 



Thanks to Darovskikh Andrei for for reporting this issue.

Fixes: #5785

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5793)
parent 803cc8c7

crypto/bn/bn_mont.c

+2 −0
Original line number Diff line number Diff line
@@ -95,6 +95,8 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) 


    /* clear the top words of T */

    i = max - r->top;

    if (i < 0)

        return 0;

    if (i)

        memset(&rp[r->top], 0, sizeof(*rp) * i);

test/bntest.c

+15 −3
Original line number Diff line number Diff line
@@ -408,9 +408,21 @@ static int test_modexp_mont5(void) 
    BN_free(b);

    b = BN_dup(a);

    BN_MONT_CTX_set(mont, n, ctx);

    BN_mod_mul_montgomery(c, a, a, mont, ctx);

    BN_mod_mul_montgomery(d, a, b, mont, ctx);

    if (!TEST_BN_eq(c, d))

    if (!TEST_true(BN_mod_mul_montgomery(c, a, a, mont, ctx))

            || !TEST_true(BN_mod_mul_montgomery(d, a, b, mont, ctx))

            || !TEST_BN_eq(c, d))

        goto err;



    /* Regression test for bug in BN_from_montgomery_word */

    BN_hex2bn(&a,

        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"

        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"

        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");

    BN_hex2bn(&n,

        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"

        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");

    BN_MONT_CTX_set(mont, n, ctx);

    if (!TEST_false(BN_mod_mul_montgomery(d, a, a, mont, ctx)))

        goto err;



    /* Regression test for bug in rsaz_1024_mul_avx2 */