Re: BN_swap_ct() use size_t for byte count

Fri, 20 Jul 2018 22:26:53 -0700 

I checked this diff libressl portable build.

ok inoguchi@

On Sat, Jul 14, 2018 at 02:30:12PM +0200, Theo Buehler wrote:
> As pointed out by jsing, using size_t for nwords would be more
> appropriate for the new internal API BN_swap_ct(). Let's switch to it
> and cast to an int internally after checking the size to avoid overflow.
> 
> Index: bn/bn_lib.c
> ===================================================================
> RCS file: /var/cvs/src/lib/libcrypto/bn/bn_lib.c,v
> retrieving revision 1.44
> diff -u -p -r1.44 bn_lib.c
> --- bn/bn_lib.c       13 Jul 2018 08:43:31 -0000      1.44
> +++ bn/bn_lib.c       14 Jul 2018 12:17:35 -0000
> @@ -897,16 +897,19 @@ BN_consttime_swap(BN_ULONG condition, BI
>   * nwords is the number of words to swap.
>   */
>  int
> -BN_swap_ct(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
> +BN_swap_ct(BN_ULONG condition, BIGNUM *a, BIGNUM *b, size_t nwords)
>  {
>       BN_ULONG t;
> -     int i;
> +     int i, words;
>  
>       if (a == b)
>               return 1;
> -     if (bn_wexpand(a, nwords) == NULL || bn_wexpand(b, nwords) == NULL)
> +     if (nwords > INT_MAX)
>               return 0;
> -     if (a->top > nwords || b->top > nwords) {
> +     words = (int)nwords;
> +     if (bn_wexpand(a, words) == NULL || bn_wexpand(b, words) == NULL)
> +             return 0;
> +     if (a->top > words || b->top > words) {
>               BNerror(BN_R_INVALID_LENGTH);
>               return 0;
>       }
> @@ -930,7 +933,7 @@ BN_swap_ct(BN_ULONG condition, BIGNUM *a
>       b->flags ^= t;
>  
>       /* swap the data */
> -     for (i = 0; i < nwords; i++) {
> +     for (i = 0; i < words; i++) {
>               t = (a->d[i] ^ b->d[i]) & condition;
>               a->d[i] ^= t;
>               b->d[i] ^= t;
> Index: bn/bn_lcl.h
> ===================================================================
> RCS file: /var/cvs/src/lib/libcrypto/bn/bn_lcl.h,v
> retrieving revision 1.28
> diff -u -p -r1.28 bn_lcl.h
> --- bn/bn_lcl.h       10 Jul 2018 21:52:07 -0000      1.28
> +++ bn/bn_lcl.h       14 Jul 2018 12:15:51 -0000
> @@ -606,7 +606,7 @@ BIGNUM *BN_mod_inverse_nonct(BIGNUM *ret
>  int  BN_gcd_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
>  int  BN_gcd_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
>  
> -int  BN_swap_ct(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
> +int  BN_swap_ct(BN_ULONG swap, BIGNUM *a, BIGNUM *b, size_t nwords);
>  
>  __END_HIDDEN_DECLS
>  #endif
>

Reply via email to