[openssl-dev] [openssl.org #4100] Overlapping memcpy arguments in bn_add.c
Kurt Roeckx via RT
rt at openssl.org
Mon Oct 19 18:15:53 UTC 2015
On Mon, Oct 19, 2015 at 08:10:01PM +0200, Kurt Roeckx wrote:
> The manpage says that for BN_add(), BN_mul(), BN_sqr(), BN_mod_mul()
> and BN_gcd() r can be one of the other BIGNUMs that got passed, but
> it doesn't say so for BN_sub(). So one could also argue that
> probable_prime_dh_safe() shouldn't have called BN_sub() like that.
> But we have various other callers internally that call BN_sub()
> like that. So we should probably either fix all the callers not
> to do that, or really make sure that it works properly when they
> alias and document that they can. And I'm currently in favor of
> making it safe for them to alias. (It should probably only be
> allowed to alias a, not b.)
I think that only allow a to alias and not b doesn't make sense
anymore, and clearly would be a problem since BN_sub() can call
BN_usub() with a and b switched.
Kurt
More information about the openssl-dev
mailing list