Reject negative shifts for BN_rshift and BN_lshift

The functions BN_rshift and BN_lshift shift their arguments to the right or left by a specified number of bits. Unpredicatable results (including crashes) can occur if a negative number is supplied for the shift value. Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-05-19 15:19:30 +0100
committer: Matt Caswell <matt@openssl.org> 2015-05-22 23:15:02 +0100
commit: 7cc18d8158b5fc2676393d99b51c30c135502107 (patch)
tree: 45d10d9d5128ff63ade1d546f43e9b138aa9fa6e /crypto/bn/bn_shift.c
parent: 2c55a0bc93bf578757ec5c85bdb3abe9cf3f4893 (diff)
download: openssl-7cc18d8158b5fc2676393d99b51c30c135502107.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c
index 1b38bd861a..4e43a60b22 100644
--- a/crypto/bn/bn_shift.c
+++ b/crypto/bn/bn_shift.c
@@ -136,6 +136,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
     bn_check_top(r);
     bn_check_top(a);
 
+    if (n < 0) {
+        BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT);
+        return 0;
+    }
+
     r->neg = a->neg;
     nw = n / BN_BITS2;
     if (bn_wexpand(r, a->top + nw + 1) == NULL)
@@ -170,6 +175,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
     bn_check_top(r);
     bn_check_top(a);
 
+    if (n < 0) {
+        BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT);
+        return 0;
+    }
+
     nw = n / BN_BITS2;
     rb = n % BN_BITS2;
     lb = BN_BITS2 - rb;
author	Matt Caswell <matt@openssl.org>	2015-05-19 15:19:30 +0100
committer	Matt Caswell <matt@openssl.org>	2015-05-22 23:15:02 +0100
commit	7cc18d8158b5fc2676393d99b51c30c135502107 (patch)
tree	45d10d9d5128ff63ade1d546f43e9b138aa9fa6e /crypto/bn/bn_shift.c
parent	2c55a0bc93bf578757ec5c85bdb3abe9cf3f4893 (diff)
download	openssl-7cc18d8158b5fc2676393d99b51c30c135502107.tar.gz