diff options
author | David Benjamin <davidben@google.com> | 2016-08-22 22:19:01 -0700 |
---|---|---|
committer | Sean McCreary <mccreary@mcwest.org> | 2017-03-22 12:17:27 -0600 |
commit | 70920e0bef6d67c9c48246347a29722af7161542 (patch) | |
tree | 8d56a728e7dd30251707bbdba092771b850e2dd8 /src/crypto/bn/bn_test.cc | |
parent | 1c725f9b6cce4af300ac28b902d186e8053c2f97 (diff) | |
download | external_boringssl-70920e0bef6d67c9c48246347a29722af7161542.zip external_boringssl-70920e0bef6d67c9c48246347a29722af7161542.tar.gz external_boringssl-70920e0bef6d67c9c48246347a29722af7161542.tar.bz2 |
Rewrite BN_bn2dec.
This is a more complete fix for CVE-2016-2182. The original commit
message was:
"If an oversize BIGNUM is presented to BN_bn2dec() it can cause
BN_div_word() to fail and not reduce the value of 't' resulting
in OOB writes to the bn_data buffer and eventually crashing.
Fix by checking return value of BN_div_word() and checking writes
don't overflow buffer.
Thanks to Shi Lei for reporting this bug."
BoringSSL's rewrite commit message:
"958aaf1ea1b481e8ef32970d5b0add80504be4b2, imported from upstream, had
an off-by-one error. Reproducing the failure is fairly easy as it can't
even serialize 1. See also upstream's
099e2968ed3c7d256cda048995626664082b1b30.
Rewrite the function completely with CBB and add a basic test.
BUG=chromium:639740"
CVE-2016-2182
Change-Id: I41a91514c4bb9e83854824ed5258ffe4e49d9491
Bug: 32096880
(cherry picked from commit 29b92ab938c1a17d4d1b3b039042a0f499f58b5d)
(cherry picked from commit 54bf62a81586d99d0a951ca3342d569b59e69b80
with adaptations from <sultanxda@gmail.com>)
Diffstat (limited to 'src/crypto/bn/bn_test.cc')
-rw-r--r-- | src/crypto/bn/bn_test.cc | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/src/crypto/bn/bn_test.cc b/src/crypto/bn/bn_test.cc index 6a7d48c..95b7bbb 100644 --- a/src/crypto/bn/bn_test.cc +++ b/src/crypto/bn/bn_test.cc @@ -122,6 +122,7 @@ static bool test_dec2bn(FILE *fp, BN_CTX *ctx); static bool test_hex2bn(FILE *fp, BN_CTX *ctx); static bool test_asc2bn(FILE *fp, BN_CTX *ctx); static bool test_rand(); +static bool TestBN2Dec(); static const uint8_t kSample[] = "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9" @@ -341,6 +342,12 @@ int main(int argc, char *argv[]) { } flush_fp(bc_file.get()); + message(bc_file.get(), "BN_bn2dec"); + if (!TestBN2Dec()) { + return 1; + } + flush_fp(bc_file.get()); + printf("PASS\n"); return 0; } @@ -1628,3 +1635,38 @@ static bool test_rand() { return true; } + +static bool TestBN2Dec() { + static const char *kBN2DecTests[] = { + "0", + "1", + "-1", + "100", + "-100", + "123456789012345678901234567890", + "-123456789012345678901234567890", + "123456789012345678901234567890123456789012345678901234567890", + "-123456789012345678901234567890123456789012345678901234567890", + }; + + for (const char *test : kBN2DecTests) { + ScopedBIGNUM bn; + int ret = DecimalToBIGNUM(&bn, test); + if (ret == 0) { + return false; + } + + ScopedOpenSSLString dec(BN_bn2dec(bn.get())); + if (!dec) { + fprintf(stderr, "BN_bn2dec failed on %s.\n", test); + return false; + } + + if (strcmp(dec.get(), test) != 0) { + fprintf(stderr, "BN_bn2dec gave %s, wanted %s.\n", dec.get(), test); + return false; + } + } + + return true; +} |