Avoid a NULL dereference in BN_mod_exp2_mont()

tb · tb · commit f4d5104dbf79 · 2022-02-07T19:49:56.000Z
This is a very rarely used function and the crash is hard to reach in
practice. Instead of implementing BN_is_odd() badly by hand, just call
the real thing.

Reported by Guido Vranken

ok beck jsing
diff --git a/src/lib/libcrypto/bn/bn_exp2.c b/src/lib/libcrypto/bn/bn_exp2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_exp2.c,v 1.12 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: bn_exp2.c,v 1.13 2022/02/07 19:49:56 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -136,7 +136,7 @@ BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
 	bn_check_top(p2);
 	bn_check_top(m);
 
-	if (!(m->d[0] & 1)) {
+	if (!BN_is_odd(m)) {
 		BNerror(BN_R_CALLED_WITH_EVEN_MODULUS);
 		return (0);
 	}

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-/* $OpenBSD: bn_exp2.c,v 1.12 2017/01/29 17:49:22 beck Exp $ */`
	`1`	`+/* $OpenBSD: bn_exp2.c,v 1.13 2022/02/07 19:49:56 tb Exp $ */`
`2`	`2`	`/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)`
`3`	`3`	`* All rights reserved.`
`4`	`4`	`*`
`@@ -136,7 +136,7 @@ BN_mod_exp2_mont(BIGNUM rr, const BIGNUM a1, const BIGNUM *p1,`
`136`	`136`	`bn_check_top(p2);`
`137`	`137`	`bn_check_top(m);`
`138`	`138`
`139`		`- if (!(m->d[0] & 1)) {`
	`139`	`+ if (!BN_is_odd(m)) {`
`140`	`140`	`BNerror(BN_R_CALLED_WITH_EVEN_MODULUS);`
`141`	`141`	`return (0);`
`142`	`142`	`}`