Check for 0 modulus in BN_RECP_CTX_set.

The function BN_RECP_CTX_set did not check whether arg d is zero, in which case an early failure should be returned to the invoker. This is a similar fix to the cognate defect of CVE-2015-1794. Fixes #21111 CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21255)
author: fullwaywang <fullwaywang@tencent.com> 2023-06-21 15:00:06 +0800
committer: Pauli <pauli@openssl.org> 2023-06-26 08:07:55 +1000
commit: 43596b306b1fe06da3b1a99e07c0cf235898010d (patch)
tree: c9e7d43f693a778cd1e5483a284a3c8bd4a84782
parent: a7c54dde5189f11c046f638e5aaf2004aee34202 (diff)
download: openssl-43596b306b1fe06da3b1a99e07c0cf235898010d.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c
index 462329ad25..aa548d62ea 100644
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@@ -42,7 +42,7 @@ void BN_RECP_CTX_free(BN_RECP_CTX *recp)
 
 int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
 {
-    if (!BN_copy(&(recp->N), d))
+    if (BN_is_zero(d) || !BN_copy(&(recp->N), d))
         return 0;
     BN_zero(&(recp->Nr));
     recp->num_bits = BN_num_bits(d);
author	fullwaywang <fullwaywang@tencent.com>	2023-06-21 15:00:06 +0800
committer	Pauli <pauli@openssl.org>	2023-06-26 08:07:55 +1000
commit	43596b306b1fe06da3b1a99e07c0cf235898010d (patch)
tree	c9e7d43f693a778cd1e5483a284a3c8bd4a84782
parent	a7c54dde5189f11c046f638e5aaf2004aee34202 (diff)
download	openssl-43596b306b1fe06da3b1a99e07c0cf235898010d.tar.gz