[openssl/openssl] 8d6ea2: Check for 0 modulus in BN_RECP_CTX_set.
noreply at github.com
Sun Jun 25 22:10:08 UTC 2023
Author: fullwaywang <fullwaywang at tencent.com>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Check for 0 modulus in BN_RECP_CTX_set.
The function BN_RECP_CTX_set did not check whether arg d is zero,
in which case an early failure should be returned to the invoker.
This is a similar fix to the cognate defect of CVE-2015-1794.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21255)
(cherry picked from commit 43596b306b1fe06da3b1a99e07c0cf235898010d)
More information about the openssl-commits