[openssl/openssl] bde822: Avoid an infinite loop in BN_GF2m_mod_inv

Matt Caswell noreply at github.com
Tue Dec 12 16:17:03 UTC 2023


  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: bde822724fa50dfd636414b2830710c16dbfe037
      https://github.com/openssl/openssl/commit/bde822724fa50dfd636414b2830710c16dbfe037
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-12-12 (Tue, 12 Dec 2023)

  Changed paths:
    M crypto/bn/bn_gf2m.c

  Log Message:
  -----------
  Avoid an infinite loop in BN_GF2m_mod_inv

If p is set to 1 when calling BN_GF2m_mod_inv then an infinite loop will
result. Calling this function set 1 when applications call this directly
is a non-sensical value - so this would be considered a bug in the caller.

It does not seem possible to cause OpenSSL internal callers of
BN_GF2m_mod_inv to call it with a value of 1.

So, for the above reasons, this is not considered a security issue.
Reported by Bing Shi.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Todd Short <todd.short at me.com>
(Merged from https://github.com/openssl/openssl/pull/22960)

(cherry picked from commit 9c1b8f17ce2471ca37ee3936d07aed29aab10975)


  Commit: 601be4b60eb3d525b77306ce54ba30e88aadf7e5
      https://github.com/openssl/openssl/commit/601be4b60eb3d525b77306ce54ba30e88aadf7e5
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-12-12 (Tue, 12 Dec 2023)

  Changed paths:
    M test/bntest.c

  Log Message:
  -----------
  Extend the test of BN_GF2m_mod_inv

Test that input value of 1 for p is treated as an error

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Todd Short <todd.short at me.com>
(Merged from https://github.com/openssl/openssl/pull/22960)

(cherry picked from commit b83c719ecb884f609ade7ad7f52bd5e09737585b)


  Commit: f437288d5fa5bd95b1e5dd99db42bfbb735548dc
      https://github.com/openssl/openssl/commit/f437288d5fa5bd95b1e5dd99db42bfbb735548dc
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-12-12 (Tue, 12 Dec 2023)

  Changed paths:
    M apps/errstr.c
    M crypto/http/http_lib.c

  Log Message:
  -----------
  Fix some invalid use of sscanf

sscanf can return -1 on an empty input string. We need to appropriately
handle such an invalid case.

The instance in OSSL_HTTP_parse_url could cause an uninitialised read of
sizeof(unsigned int) bytes (typically 4). In many cases this uninit read
will immediately fail on the following check (i.e. if the read value
>65535).

If the top 2 bytes of a 4 byte unsigned int are zero then the value will
be <=65535 and the uninitialised value will be returned to the caller and
could represent arbitrary data on the application stack.

The OpenSSL security team has assessed this issue and consider it to be
a bug only (i.e. not a CVE).

Reviewed-by: Todd Short <todd.short at me.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22961)

(cherry picked from commit 322517d817ecb5c1a3a8b0e7e038fa146857b4d4)


  Commit: 54c7f928f3bfb1b9277ff462c1749a93c7fbd07b
      https://github.com/openssl/openssl/commit/54c7f928f3bfb1b9277ff462c1749a93c7fbd07b
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-12-12 (Tue, 12 Dec 2023)

  Changed paths:
    M test/http_test.c

  Log Message:
  -----------
  Add a test case for OSSL_HTTP_parse_url

Ensure we test the case where the port value is empty in the URL.

Reviewed-by: Todd Short <todd.short at me.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22961)

(cherry picked from commit a36d10dfb7e77614c8d3da602ff3800a2e9f4989)


Compare: https://github.com/openssl/openssl/compare/8425b1822d21...54c7f928f3bf


More information about the openssl-commits mailing list