diff options
author | slontis <shane.lontis@oracle.com> | 2023-01-11 11:05:04 +1000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-02-07 17:05:10 +0100 |
commit | bcec03c33cc00a7b5eb89ebeeee59e604570a86a (patch) | |
tree | dfad452c9fd62d3a7492b04edfb2e6227a1f0345 /test/threadstest.c | |
parent | 3436f9c24ab90c1661e4798e7944f028d5d251ce (diff) | |
download | openssl-new-bcec03c33cc00a7b5eb89ebeeee59e604570a86a.tar.gz |
Fix NULL deference when validating FFC public key.
Fixes CVE-2023-0217
When attempting to do a BN_Copy of params->p there was no NULL check.
Since BN_copy does not check for NULL this is a NULL reference.
As an aside BN_cmp() does do a NULL check, so there are other checks
that fail because a NULL is passed. A more general check for NULL params
has been added for both FFC public and private key validation instead.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Diffstat (limited to 'test/threadstest.c')
0 files changed, 0 insertions, 0 deletions