The branch OpenSSL_1_0_2-stable has been updated via 83ab6e55a1f8de9b3e45d13dcc78eb739dc66dea (commit) via 7107798ae6c5e19f581915928a69073d17cc21ab (commit) from 2b0c11a620c3a3431410c5d56799286f60f60d8d (commit)
- Log ----------------------------------------------------------------- commit 83ab6e55a1f8de9b3e45d13dcc78eb739dc66dea Author: Matt Caswell <m...@openssl.org> Date: Fri Jan 29 09:40:03 2016 +0000 Add missing return value checks The function DH_check_pub_key() was missing some return value checks in some calls to BN functions. RT#4278 Reviewed-by: Andy Polyakov <ap...@openssl.org> (cherry picked from commit f5a12207eccfd814bde68b880a96910dfa25f164) commit 7107798ae6c5e19f581915928a69073d17cc21ab Author: Matt Caswell <m...@openssl.org> Date: Fri Jan 29 09:38:06 2016 +0000 Correct value of DH_CHECK_PUBKEY_INVALID A new return value for DH_check_pub_key was recently added: DH_CHECK_PUBKEY_INVALID. As this is a flag which can be ORed with other return values it should have been set to the value 4 not 3. RT#4278 Reviewed-by: Andy Polyakov <ap...@openssl.org> (cherry picked from commit cb389fe80462e20daba30835a9e86354451bd14f) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh.h | 2 +- crypto/dh/dh_check.c | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 5498a9d..a5bd901 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -174,7 +174,7 @@ struct dh_st { /* DH_check_pub_key error codes */ # define DH_CHECK_PUBKEY_TOO_SMALL 0x01 # define DH_CHECK_PUBKEY_TOO_LARGE 0x02 -# define DH_CHECK_PUBKEY_INVALID 0x03 +# define DH_CHECK_PUBKEY_INVALID 0x04 /* * primes p where (p-1)/2 is prime too are called "safe"; we define this for diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 5adedc0..0277041 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -160,13 +160,12 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) goto err; BN_CTX_start(ctx); tmp = BN_CTX_get(ctx); - if (tmp == NULL) + if (tmp == NULL || !BN_set_word(tmp, 1)) goto err; - BN_set_word(tmp, 1); if (BN_cmp(pub_key, tmp) <= 0) *ret |= DH_CHECK_PUBKEY_TOO_SMALL; - BN_copy(tmp, dh->p); - BN_sub_word(tmp, 1); + if (BN_copy(tmp, dh->p) == NULL || !BN_sub_word(tmp, 1)) + goto err; if (BN_cmp(pub_key, tmp) >= 0) *ret |= DH_CHECK_PUBKEY_TOO_LARGE; _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits