From 8bd9144b754ef3b1f7fbb88a701fed37c7c064ad Mon Sep 17 00:00:00 2001
From: simon <simon@cda61777-01e9-0310-a592-d414129be87e>
Date: Sun, 4 Aug 2013 19:33:53 +0000
Subject: [PATCH] More consistently defend against division by zero with
 assertions. We now check that all the modular functions (modpow, modinv,
 modmul, bigdivmod) have nonzero moduli, and that modinv also has a nonzero
 thing to try to invert.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9987 cda61777-01e9-0310-a592-d414129be87e
---
 sshbn.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/sshbn.c b/sshbn.c
index ecdb90e8..76529cfa 100644
--- a/sshbn.c
+++ b/sshbn.c
@@ -624,6 +624,7 @@ static void internal_mod(BignumInt *a, int alen,
     int i, k;
 
     m0 = m[0];
+    assert(m0 >> (BIGNUM_INT_BITS-1) == 1);
     if (mlen > 1)
 	m1 = m[1];
     else
@@ -988,6 +989,12 @@ Bignum modmul(Bignum p, Bignum q, Bignum mod)
     int pqlen, mlen, rlen, i, j;
     Bignum result;
 
+    /*
+     * The most significant word of mod needs to be non-zero. It
+     * should already be, but let's make sure.
+     */
+    assert(mod[mod[0]] != 0);
+
     /* Allocate m of size mlen, copy mod to m */
     /* We use big endian internally */
     mlen = mod[0];
@@ -1087,6 +1094,12 @@ static void bigdivmod(Bignum p, Bignum mod, Bignum result, Bignum quotient)
     int mshift;
     int plen, mlen, i, j;
 
+    /*
+     * The most significant word of mod needs to be non-zero. It
+     * should already be, but let's make sure.
+     */
+    assert(mod[mod[0]] != 0);
+
     /* Allocate m of size mlen, copy mod to m */
     /* We use big endian internally */
     mlen = mod[0];
@@ -1617,6 +1630,9 @@ Bignum modinv(Bignum number, Bignum modulus)
     Bignum x = copybn(One);
     int sign = +1;
 
+    assert(number[number[0]] != 0);
+    assert(modulus[modulus[0]] != 0);
+
     while (bignum_cmp(b, One) != 0) {
 	Bignum t = newbn(b[0]);
 	Bignum q = newbn(a[0]);
-- 
2.11.0