File openssl-add-BN_FLG_FIXED_TOP-flag.patch of Package compat-openssl098.29129
From b7862891fed4cfb5ec36a31d35e14b51bf26d01e Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Fri, 6 Jul 2018 15:02:29 +0200
Subject: [PATCH] bn/bn_lib.c: add BN_FLG_FIXED_TOP flag.
The new flag marks vectors that were not treated with bn_correct_top,
in other words such vectors are permitted to be zero padded. For now
it's BN_DEBUG-only flag, as initial use case for zero-padded vectors
would be controlled Montgomery multiplication/exponentiation, not
general purpose. For general purpose use another type might be more
appropriate. Advantage of this suggestion is that it's possible to
back-port it...
bn/bn_div.c: fix memory sanitizer problem.
bn/bn_sqr.c: harmonize with BN_mul.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6707)
(cherry picked from commit 305b68f1a2b6d4d0aa07a6ab47ac372f067a40bb)
Resolved conflicts:
crypto/bn/bn_lcl.h
---
crypto/bn/bn_div.c | 1 +
crypto/bn/bn_lcl.h | 18 +++++++++++++++---
crypto/bn/bn_lib.c | 15 +++++++++++----
crypto/bn/bn_sqr.c | 10 ++--------
4 files changed, 29 insertions(+), 15 deletions(-)
Index: openssl-0.9.8j/crypto/bn/bn_div.c
===================================================================
--- openssl-0.9.8j.orig/crypto/bn/bn_div.c
+++ openssl-0.9.8j/crypto/bn/bn_div.c
@@ -247,7 +247,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const
wnum.neg = 0;
wnum.d = &(snum->d[loop]);
wnum.top = div_n;
- /* only needed when BN_ucmp messes up the values between top and max */
+ wnum.flags = BN_FLG_STATIC_DATA;
+ /*
+ * only needed when BN_ucmp messes up the values between top and max
+ */
wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */
/* Get the top 2 words of sdiv */
Index: openssl-0.9.8j/crypto/bn/bn_lib.c
===================================================================
--- openssl-0.9.8j.orig/crypto/bn/bn_lib.c
+++ openssl-0.9.8j/crypto/bn/bn_lib.c
@@ -506,8 +506,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM
memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
#endif
- a->top=b->top;
a->neg=b->neg;
+ a->top=b->top;
+ a->flags |= b->flags & BN_FLG_FIXED_TOP;
bn_check_top(a);
return(a);
}
@@ -550,8 +551,9 @@ void BN_clear(BIGNUM *a)
bn_check_top(a);
if (a->d != NULL)
memset(a->d,0,a->dmax*sizeof(a->d[0]));
- a->top=0;
a->neg=0;
+ a->top=0;
+ a->flags &= ~BN_FLG_FIXED_TOP;
}
BN_ULONG BN_get_word(const BIGNUM *a)
@@ -571,6 +573,7 @@ int BN_set_word(BIGNUM *a, BN_ULONG w)
a->neg = 0;
a->d[0] = w;
a->top = (w ? 1 : 0);
+ a->flags &= ~BN_FLG_FIXED_TOP;
bn_check_top(a);
return(1);
}
@@ -761,6 +764,7 @@ int BN_set_bit(BIGNUM *a, int n)
for(k=a->top; k<i+1; k++)
a->d[k]=0;
a->top=i+1;
+ a->flags &= ~BN_FLG_FIXED_TOP;
}
a->d[i]|=(((BN_ULONG)1)<<j);
Index: openssl-0.9.8j/crypto/bn/bn.h
===================================================================
--- openssl-0.9.8j.orig/crypto/bn/bn.h
+++ openssl-0.9.8j/crypto/bn/bn.h
@@ -389,8 +389,9 @@ int BN_GENCB_call(BN_GENCB *cb, int a, i
#define BN_zero_ex(a) \
do { \
BIGNUM *_tmp_bn = (a); \
- _tmp_bn->top = 0; \
_tmp_bn->neg = 0; \
+ _tmp_bn->top = 0; \
+ (a)->flags &= ~BN_FLG_FIXED_TOP; \
} while(0)
#ifdef OPENSSL_NO_DEPRECATED
#define BN_zero(a) BN_zero_ex(a)
@@ -768,9 +769,10 @@ int RAND_pseudo_bytes(unsigned char *buf
do { \
const BIGNUM *_bnum2 = (a); \
if (_bnum2 != NULL) { \
- assert((_bnum2->top == 0) || \
- (_bnum2->flags & BN_FLG_FIXED_TOP) || \
- (_bnum2->d[_bnum2->top - 1] != 0)); \
+ int _top = _bnum2->top; \
+ OPENSSL_assert((_top == 0 && !_bnum2->neg) || \
+ (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \
+ || _bnum2->d[_top - 1] != 0))); \
bn_pollute(_bnum2); \
} \
} while(0)
@@ -804,6 +806,9 @@ int RAND_pseudo_bytes(unsigned char *buf
for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
if (*(ftl--)) break; \
} \
+ if ((a)->top == 0) \
+ (a)->neg = 0; \
+ (a)->flags &= ~BN_FLG_FIXED_TOP; \
bn_pollute(a); \
}
