From: fullwaywang <fullwaywang@tencent.com>
Date: Wed, 21 Jun 2023 07:00:06 +0000 (+0800)
Subject: Check for 0 modulus in BN_RECP_CTX_set.
X-Git-Tag: openssl-3.2.0-alpha1~599
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=43596b306b1fe06da3b1a99e07c0cf235898010d;p=thirdparty%2Fopenssl.git

Check for 0 modulus in BN_RECP_CTX_set.
The function BN_RECP_CTX_set did not check whether arg d is zero,
in which case an early failure should be returned to the invoker.
This is a similar fix to the cognate defect of CVE-2015-1794.

Fixes #21111

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21255)
---

diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c
index 462329ad255..aa548d62eae 100644
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@@ -42,7 +42,7 @@ void BN_RECP_CTX_free(BN_RECP_CTX *recp)
 
 int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
 {
-    if (!BN_copy(&(recp->N), d))
+    if (BN_is_zero(d) || !BN_copy(&(recp->N), d))
         return 0;
     BN_zero(&(recp->Nr));
     recp->num_bits = BN_num_bits(d);