I checked this diff libressl portable build. ok inoguchi@
On Sat, Jul 14, 2018 at 02:30:12PM +0200, Theo Buehler wrote: > As pointed out by jsing, using size_t for nwords would be more > appropriate for the new internal API BN_swap_ct(). Let's switch to it > and cast to an int internally after checking the size to avoid overflow. > > Index: bn/bn_lib.c > =================================================================== > RCS file: /var/cvs/src/lib/libcrypto/bn/bn_lib.c,v > retrieving revision 1.44 > diff -u -p -r1.44 bn_lib.c > --- bn/bn_lib.c 13 Jul 2018 08:43:31 -0000 1.44 > +++ bn/bn_lib.c 14 Jul 2018 12:17:35 -0000 > @@ -897,16 +897,19 @@ BN_consttime_swap(BN_ULONG condition, BI > * nwords is the number of words to swap. > */ > int > -BN_swap_ct(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) > +BN_swap_ct(BN_ULONG condition, BIGNUM *a, BIGNUM *b, size_t nwords) > { > BN_ULONG t; > - int i; > + int i, words; > > if (a == b) > return 1; > - if (bn_wexpand(a, nwords) == NULL || bn_wexpand(b, nwords) == NULL) > + if (nwords > INT_MAX) > return 0; > - if (a->top > nwords || b->top > nwords) { > + words = (int)nwords; > + if (bn_wexpand(a, words) == NULL || bn_wexpand(b, words) == NULL) > + return 0; > + if (a->top > words || b->top > words) { > BNerror(BN_R_INVALID_LENGTH); > return 0; > } > @@ -930,7 +933,7 @@ BN_swap_ct(BN_ULONG condition, BIGNUM *a > b->flags ^= t; > > /* swap the data */ > - for (i = 0; i < nwords; i++) { > + for (i = 0; i < words; i++) { > t = (a->d[i] ^ b->d[i]) & condition; > a->d[i] ^= t; > b->d[i] ^= t; > Index: bn/bn_lcl.h > =================================================================== > RCS file: /var/cvs/src/lib/libcrypto/bn/bn_lcl.h,v > retrieving revision 1.28 > diff -u -p -r1.28 bn_lcl.h > --- bn/bn_lcl.h 10 Jul 2018 21:52:07 -0000 1.28 > +++ bn/bn_lcl.h 14 Jul 2018 12:15:51 -0000 > @@ -606,7 +606,7 @@ BIGNUM *BN_mod_inverse_nonct(BIGNUM *ret > int BN_gcd_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); > int BN_gcd_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); > > -int BN_swap_ct(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); > +int BN_swap_ct(BN_ULONG swap, BIGNUM *a, BIGNUM *b, size_t nwords); > > __END_HIDDEN_DECLS > #endif >