Handle BN_mod_word failures.
As of 67cb49d045f04973ddba0f92fe8a8ad483c7da89 and the corresponding upstream
change, BN_mod_word may fail, like BN_div_word. Handle this properly and
document in bn.h. Thanks to Brian Smith for pointing this out.
Change-Id: I6d4f32dc37bcabf70847c9a8b417d55d31b3a380
Reviewed-on: https://boringssl-review.googlesource.com/8491
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/dh/check.c b/crypto/dh/check.c
index fbe58a5..ed1508f 100644
--- a/crypto/dh/check.c
+++ b/crypto/dh/check.c
@@ -173,11 +173,17 @@
}
} else if (BN_is_word(dh->g, DH_GENERATOR_2)) {
l = BN_mod_word(dh->p, 24);
+ if (l == (BN_ULONG)-1) {
+ goto err;
+ }
if (l != 11) {
*ret |= DH_CHECK_NOT_SUITABLE_GENERATOR;
}
} else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
l = BN_mod_word(dh->p, 10);
+ if (l == (BN_ULONG)-1) {
+ goto err;
+ }
if (l != 3 && l != 7) {
*ret |= DH_CHECK_NOT_SUITABLE_GENERATOR;
}