Skip to content

Comments

Limit size of modulus for BN_mod_exp_mont_consttime()#19632

Closed
t8m wants to merge 1 commit intoopenssl:masterfrom
t8m:bn-modexp-limit
Closed

Limit size of modulus for BN_mod_exp_mont_consttime()#19632
t8m wants to merge 1 commit intoopenssl:masterfrom
t8m:bn-modexp-limit

Conversation

@t8m
Copy link
Member

@t8m t8m commented Nov 9, 2022

Otherwise the powerbufLen can overflow.

Issue reported by Jiayi Lin.

@t8m t8m added branch: master Applies to master branch approval: review pending This pull request needs review by a committer branch: 1.1.1 Applies to OpenSSL_1_1_1-stable branch (EOL) approval: otc review pending triaged: bug The issue/pr is/fixes a bug branch: 3.0 Applies to openssl-3.0 branch branch: 3.1 Applies to openssl-3.1 (EOL) labels Nov 9, 2022
@t8m
Copy link
Member Author

t8m commented Nov 9, 2022

Although not a security issue it is kind of hardening so we might want to consider this for 1.1.1 as well.

@t8m
Limit size of modulus for BN_mod_exp_mont_consttime()
5b86cce 
Otherwise the powerbufLen can overflow.

Issue reported by Jiayi Lin.
@t8m t8m force-pushed the bn-modexp-limit branch from 02239ae to 5b86cce Compare November 9, 2022 08:11
mattcaswell
mattcaswell reviewed Nov 9, 2022
View reviewed changes
test/exptest.c

if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a)))
failed = 1;

Copy link
Member

@mattcaswell mattcaswell Nov 9, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess this test doesn't really cover the overflow condition....but I'm not sure how it is even possible to reasonably test that???

Copy link
Member Author

@t8m t8m Nov 9, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah. IMO it is not possible, the test would require too much memory to run, i.e. it could fail randomly if run on machines with small memory and it could also possibly be a CPU hog.

Copy link
Member Author

@t8m t8m Nov 9, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The added test case tests just the BN_MONT_CTX not set up.

beldmit
beldmit approved these changes Nov 9, 2022
View reviewed changes
Copy link
Member

@beldmit beldmit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@beldmit beldmit added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Nov 9, 2022
kroeckx
kroeckx reviewed Nov 9, 2022
View reviewed changes
@t8m t8m added the tests: present The PR has suitable tests present label Nov 10, 2022
@openssl-machine
Copy link
Collaborator

openssl-machine commented Nov 10, 2022

24 hours has passed since 'approval: done' was set, but this PR has failing CI tests. Once the tests pass it will get moved to 'approval: ready to merge' automatically, alternatively please review and set the label manually.

openssl-machine pushed a commit that referenced this pull request Nov 10, 2022
@t8m
Limit size of modulus for BN_mod_exp_mont_consttime()
b8a5adf 
Otherwise the powerbufLen can overflow.

Issue reported by Jiayi Lin.

Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Dmitry Belyavskiy <[email protected]>
(Merged from #19632)

(cherry picked from commit 4378e3c)
openssl-machine pushed a commit that referenced this pull request Nov 10, 2022
@t8m
Limit size of modulus for BN_mod_exp_mont_consttime()
80645df 
Otherwise the powerbufLen can overflow.

Issue reported by Jiayi Lin.

Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Dmitry Belyavskiy <[email protected]>
(Merged from #19632)

(cherry picked from commit 4378e3c)
openssl-machine pushed a commit that referenced this pull request Nov 10, 2022
@t8m
Limit size of modulus for BN_mod_exp_mont_consttime()
4378e3c 
Otherwise the powerbufLen can overflow.

Issue reported by Jiayi Lin.

Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Dmitry Belyavskiy <[email protected]>
(Merged from #19632)
@t8m t8m mentioned this pull request Nov 10, 2022
Closed
1 task
@t8m
Copy link
Member Author

t8m commented Nov 10, 2022

Merged to master, 3.0, and 3.1 branches. Thank you for the reviews. 1.1.1 needs tweaks so created a separate PR.

@t8m t8m closed this Nov 10, 2022
beldmit pushed a commit to beldmit/openssl that referenced this pull request Dec 26, 2022
@t8m @beldmit
Limit size of modulus for BN_mod_exp_mont_consttime()
08c81b0 
Otherwise the powerbufLen can overflow.

Issue reported by Jiayi Lin.

Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Dmitry Belyavskiy <[email protected]>
(Merged from openssl#19632)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kroeckx kroeckx kroeckx left review comments

@mattcaswell mattcaswell mattcaswell approved these changes

@beldmit beldmit beldmit approved these changes

Assignees

No one assigned

Labels

approval: done This pull request has the required number of approvals branch: master Applies to master branch branch: 1.1.1 Applies to OpenSSL_1_1_1-stable branch (EOL) branch: 3.0 Applies to openssl-3.0 branch branch: 3.1 Applies to openssl-3.1 (EOL) tests: present The PR has suitable tests present triaged: bug The issue/pr is/fixes a bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@t8m @openssl-machine @kroeckx @mattcaswell @beldmit