kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix over-allocated bounds on bn_mul_part_recursive.

Browse Source 
Same mistake as bn_mul_recursive.

Change-Id: I2374d37e5da61c82ccb1ad79da55597fa3f10640
Reviewed-on: https://boringssl-review.googlesource.com/25405
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2018-01-26 14:03:26 -05:00 committed by CQ bot account: commit-bot@chromium.org
parent 2bf82975ad
commit 6488f4e2ba
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/fipsmodule/bn/mul.c
View File

@ -597,10 +597,8 @@ static int bn_mul_impl(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
// We know |al| and |bl| are at most one from each other, so if al > j,
// bl >= j, and vice versa. Thus we can use |bn_mul_part_recursive|.
assert(al >= j && bl >= j);
// TODO(davidben): Check that these are correctly-sized, after rewriting
// |bn_mul_part_recursive|.
if (!bn_wexpand(t, j * 8) ||
!bn_wexpand(rr, j * 8)) {
!bn_wexpand(rr, j * 4)) {
goto err;
}
bn_mul_part_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d);