kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
03d31ed3e4
boringssl/crypto/bn
History
David Benjamin bf681a40d6 Fix out-of-bounds read in BN_mod_exp_mont_consttime. 
bn_get_bits5 always reads two bytes, even when it doesn't need to. For some
sizes of |p|, this can result in reading just past the edge of the array.
Unroll the first iteration of the loop and avoid reading out of bounds.

Replace bn_get_bits5 altogether in C as it's not doing anything interesting.

Change-Id: Ibcc8cea7d9c644a2639445396455da47fe869a5c
Reviewed-on: https://boringssl-review.googlesource.com/1393
Reviewed-by: Adam Langley <agl@google.com>
2014-08-06 00:11:47 +00:00
..
asm Fix out-of-bounds read in BN_mod_exp_mont_consttime. 2014-08-06 00:11:47 +00:00
add.c Inital import. 2014-06-20 13:17:32 -07:00
bn_error.c Move public headers to include/openssl/ 2014-07-14 22:42:18 +00:00
bn_test.c Include some build fixes for OS X. 2014-06-24 11:15:12 -07:00
bn.c Inital import. 2014-06-20 13:17:32 -07:00
CMakeLists.txt The asm files bn/asm/x86* weren't actually used. 2014-07-02 00:29:12 +00:00
cmp.c Inital import. 2014-06-20 13:17:32 -07:00
convert.c A bunch of dead assignments. 2014-07-30 00:44:03 +00:00
ctx.c Inital import. 2014-06-20 13:17:32 -07:00
div.c Check for invalid divisors in BN_div. 2014-06-20 13:17:33 -07:00
exponentiation.c Fix out-of-bounds read in BN_mod_exp_mont_consttime. 2014-08-06 00:11:47 +00:00
gcd.c Inital import. 2014-06-20 13:17:32 -07:00
generic.c Inital import. 2014-06-20 13:17:32 -07:00
internal.h Include some build fixes for OS X. 2014-06-24 11:15:12 -07:00
kronecker.c Inital import. 2014-06-20 13:17:32 -07:00
montgomery.c bignum: allow concurrent BN_MONT_CTX_set_locked() 2014-06-20 13:17:40 -07:00
mul.c Make sure BN_sqr can never return a negative value. 2014-07-28 17:05:12 -07:00
prime.c Small prime generation. 2014-06-20 13:17:34 -07:00
random.c Very minor BN fixes. 2014-06-30 14:22:32 -07:00
rsaz_exp.c Support building with PNaCl. 2014-07-11 19:04:04 +00:00
rsaz_exp.h Inital import. 2014-06-20 13:17:32 -07:00
shift.c Inital import. 2014-06-20 13:17:32 -07:00
sqrt.c Add function to recover RSA CRT params. 2014-06-20 13:17:35 -07:00