artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1c33081) | patch
Avoid negative zero.
authorjsing <jsing@openbsd.org>
Mon, 13 Feb 2023 04:25:37 +0000 (04:25 +0000)
committerjsing <jsing@openbsd.org>
Mon, 13 Feb 2023 04:25:37 +0000 (04:25 +0000)
commit896da13f36ab415bb7658262ff0a462cbc165790
tree56b0738a592ac35821dfa5e7dfafdfb3f3720a49tree | snapshot
parent1c33081b158d6d8e6d1fd755233b65a604d88a96commit | diff
Avoid negative zero.

Whenever setting negative to one (or when it could potentially be one),
always use BN_set_negative() since it checks for a zero valued bignum and
will not permit negative to be set in this case. Since BN_is_zero()
currently relies on top == 0, call BN_set_negative() after top has been
set (or bn_correct_top() has been called).

This fixes a long standing issue where -0 and +0 have been permitted,
however multiple code paths (such as BN_cmp()) fail to treat these as
equivalent.

Prompted by Guido Vranken who is adding negative zero fuzzing to oss-fuzz.

ok tb@
lib/libcrypto/bn/bn_add.c diff | blob | history
lib/libcrypto/bn/bn_div.c diff | blob | history
lib/libcrypto/bn/bn_mont.c diff | blob | history
lib/libcrypto/bn/bn_mpi.c diff | blob | history
lib/libcrypto/bn/bn_mul.c diff | blob | history
lib/libcrypto/bn/bn_print.c diff | blob | history
lib/libcrypto/bn/bn_recp.c diff | blob | history
lib/libcrypto/bn/bn_shift.c diff | blob | history
lib/libcrypto/bn/bn_sqr.c diff | blob | history
lib/libcrypto/bn/bn_word.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim