Skip to content

Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime#20005

Closed
bernd-edlinger wants to merge 2 commits intoopenssl:masterfrom
bernd-edlinger:limit_alloca_size_in_bn_mod_mul_master
Closed

Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime#20005
bernd-edlinger wants to merge 2 commits intoopenssl:masterfrom
bernd-edlinger:limit_alloca_size_in_bn_mod_mul_master

Conversation

@bernd-edlinger
Copy link
Member

@bernd-edlinger bernd-edlinger commented Jan 7, 2023

Checklist
  • documentation is added or updated
  • tests are added or updated

@bernd-edlinger
Revert "Limit size of modulus for BN_mod_exp_mont_consttime()"
1398f24 
This reverts commit 4378e3c.
@bernd-edlinger
Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime
269c255 
Otherwise the alloca can cause an exception.

Issue reported by Jiayi Lin.
@bernd-edlinger bernd-edlinger added branch: master Applies to master branch branch: 3.0 Applies to openssl-3.0 branch branch: 3.1 Applies to openssl-3.1 (EOL) labels Jan 7, 2023
@github-actions github-actions bot added the severity: fips change The pull request changes FIPS provider sources label Jan 7, 2023
@bernd-edlinger bernd-edlinger changed the title Limit alloca size in bn mod mul master Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime Jan 7, 2023
@openssl openssl deleted a comment from Becky1175 Jan 8, 2023
@t8m t8m added approval: review pending This pull request needs review by a committer approval: otc review pending triaged: bug The issue/pr is/fixes a bug tests: exempted The PR is exempt from requirements for testing tests: present The PR has suitable tests present and removed tests: exempted The PR is exempt from requirements for testing labels Jan 9, 2023
@tmshort tmshort added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Jan 12, 2023
@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Jan 13, 2023
@openssl-machine
Copy link
Collaborator

openssl-machine commented Jan 13, 2023

This pull request is ready to merge

openssl-machine pushed a commit that referenced this pull request Jan 14, 2023
@bernd-edlinger
Revert "Limit size of modulus for BN_mod_exp_mont_consttime()"
92d306b 
This reverts commit 4378e3c.

Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Todd Short <[email protected]>
(Merged from #20005)
openssl-machine pushed a commit that referenced this pull request Jan 14, 2023
@bernd-edlinger
Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime
30667f5 
Otherwise the alloca can cause an exception.

Issue reported by Jiayi Lin.

Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Todd Short <[email protected]>
(Merged from #20005)
openssl-machine pushed a commit that referenced this pull request Jan 14, 2023
@bernd-edlinger
Revert "Limit size of modulus for BN_mod_exp_mont_consttime()"
ada7f22 
This reverts commit 4378e3c.

Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Todd Short <[email protected]>
(Merged from #20005)

(cherry picked from commit 92d306b)
openssl-machine pushed a commit that referenced this pull request Jan 14, 2023
@bernd-edlinger
Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime
5ed42a2 
Otherwise the alloca can cause an exception.

Issue reported by Jiayi Lin.

Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Todd Short <[email protected]>
(Merged from #20005)

(cherry picked from commit 30667f5)
openssl-machine pushed a commit that referenced this pull request Jan 14, 2023
@bernd-edlinger
Revert "Limit size of modulus for BN_mod_exp_mont_consttime()"
54eb249 
This reverts commit 4378e3c.

Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Todd Short <[email protected]>
(Merged from #20005)

(cherry picked from commit 92d306b)
openssl-machine pushed a commit that referenced this pull request Jan 14, 2023
@bernd-edlinger
Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime
e6b1586 
Otherwise the alloca can cause an exception.

Issue reported by Jiayi Lin.

Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Todd Short <[email protected]>
(Merged from #20005)

(cherry picked from commit 30667f5)
@bernd-edlinger
Copy link
Member Author

bernd-edlinger commented Jan 14, 2023

Merged to master/3.1/3.0
will continue with merging #19735 to 1.1.1
Thanks!

@bernd-edlinger bernd-edlinger mentioned this pull request Jan 14, 2023
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@t8m t8m t8m approved these changes

@tmshort tmshort tmshort approved these changes

Assignees

No one assigned

Labels

approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Applies to master branch branch: 3.0 Applies to openssl-3.0 branch branch: 3.1 Applies to openssl-3.1 (EOL) severity: fips change The pull request changes FIPS provider sources tests: present The PR has suitable tests present triaged: bug The issue/pr is/fixes a bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bernd-edlinger @openssl-machine @t8m @tmshort