X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/8bd9144b754ef3b1f7fbb88a701fed37c7c064ad..HEAD:/sshbn.c diff --git a/sshbn.c b/sshbn.c index 76529cfa..a5e0552f 100644 --- a/sshbn.c +++ b/sshbn.c @@ -6,6 +6,7 @@ #include #include #include +#include #include "misc.h" @@ -120,7 +121,11 @@ Bignum Zero = bnZero, One = bnOne; static Bignum newbn(int length) { - Bignum b = snewn(length + 1, BignumInt); + Bignum b; + + assert(length >= 0 && length < INT_MAX / BIGNUM_INT_BITS); + + b = snewn(length + 1, BignumInt); if (!b) abort(); /* FIXME */ memset(b, 0, (length + 1) * sizeof(*b)); @@ -154,7 +159,11 @@ void freebn(Bignum b) Bignum bn_power_2(int n) { - Bignum ret = newbn(n / BIGNUM_INT_BITS + 1); + Bignum ret; + + assert(n >= 0); + + ret = newbn(n / BIGNUM_INT_BITS + 1); bignum_set_bit(ret, n, 1); return ret; } @@ -598,6 +607,7 @@ static void internal_add_shifted(BignumInt *number, addend = (BignumDblInt)n << bshift; while (addend) { + assert(word <= number[0]); addend += number[word]; number[word] = (BignumInt) addend & BIGNUM_INT_MASK; addend >>= BIGNUM_INT_BITS; @@ -869,6 +879,7 @@ Bignum modpow(Bignum base_in, Bignum exp, Bignum mod) len = mod[0]; r = bn_power_2(BIGNUM_INT_BITS * len); inv = modinv(mod, r); + assert(inv); /* cannot fail, since mod is odd and r is a power of 2 */ /* * Multiply the base by r mod n, to get it into Montgomery @@ -1173,6 +1184,8 @@ Bignum bignum_from_bytes(const unsigned char *data, int nbytes) Bignum result; int w, i; + assert(nbytes >= 0 && nbytes < INT_MAX/8); + w = (nbytes + BIGNUM_INT_BYTES - 1) / BIGNUM_INT_BYTES; /* bytes->words */ result = newbn(w); @@ -1249,7 +1262,7 @@ int ssh2_bignum_length(Bignum bn) */ int bignum_byte(Bignum bn, int i) { - if (i >= (int)(BIGNUM_INT_BYTES * bn[0])) + if (i < 0 || i >= (int)(BIGNUM_INT_BYTES * bn[0])) return 0; /* beyond the end */ else return (bn[i / BIGNUM_INT_BYTES + 1] >> @@ -1261,7 +1274,7 @@ int bignum_byte(Bignum bn, int i) */ int bignum_bit(Bignum bn, int i) { - if (i >= (int)(BIGNUM_INT_BITS * bn[0])) + if (i < 0 || i >= (int)(BIGNUM_INT_BITS * bn[0])) return 0; /* beyond the end */ else return (bn[i / BIGNUM_INT_BITS + 1] >> (i % BIGNUM_INT_BITS)) & 1; @@ -1272,7 +1285,7 @@ int bignum_bit(Bignum bn, int i) */ void bignum_set_bit(Bignum bn, int bitnum, int value) { - if (bitnum >= (int)(BIGNUM_INT_BITS * bn[0])) + if (bitnum < 0 || bitnum >= (int)(BIGNUM_INT_BITS * bn[0])) abort(); /* beyond the end */ else { int v = bitnum / BIGNUM_INT_BITS + 1; @@ -1308,7 +1321,18 @@ int ssh1_write_bignum(void *data, Bignum bn) int bignum_cmp(Bignum a, Bignum b) { int amax = a[0], bmax = b[0]; - int i = (amax > bmax ? amax : bmax); + int i; + + /* Annoyingly we have two representations of zero */ + if (amax == 1 && a[amax] == 0) + amax = 0; + if (bmax == 1 && b[bmax] == 0) + bmax = 0; + + assert(amax == 0 || a[amax] != 0); + assert(bmax == 0 || b[bmax] != 0); + + i = (amax > bmax ? amax : bmax); while (i) { BignumInt aval = (i > amax ? 0 : a[i]); BignumInt bval = (i > bmax ? 0 : b[i]); @@ -1330,6 +1354,8 @@ Bignum bignum_rshift(Bignum a, int shift) int i, shiftw, shiftb, shiftbb, bits; BignumInt ai, ai1; + assert(shift >= 0); + bits = bignum_bitcount(a) - shift; ret = newbn((bits + BIGNUM_INT_BITS - 1) / BIGNUM_INT_BITS); @@ -1634,8 +1660,22 @@ Bignum modinv(Bignum number, Bignum modulus) assert(modulus[modulus[0]] != 0); while (bignum_cmp(b, One) != 0) { - Bignum t = newbn(b[0]); - Bignum q = newbn(a[0]); + Bignum t, q; + + if (bignum_cmp(b, Zero) == 0) { + /* + * Found a common factor between the inputs, so we cannot + * return a modular inverse at all. + */ + freebn(b); + freebn(a); + freebn(xp); + freebn(x); + return NULL; + } + + t = newbn(b[0]); + q = newbn(a[0]); bigdivmod(a, b, t, q); while (t[0] > 1 && t[t[0]] == 0) t[0]--;