File openssl-add-BN_FLG_FIXED_TOP-flag.patch of Package openssl.24728
From b7862891fed4cfb5ec36a31d35e14b51bf26d01e Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Fri, 6 Jul 2018 15:02:29 +0200
Subject: [PATCH] bn/bn_lib.c: add BN_FLG_FIXED_TOP flag.
The new flag marks vectors that were not treated with bn_correct_top,
in other words such vectors are permitted to be zero padded. For now
it's BN_DEBUG-only flag, as initial use case for zero-padded vectors
would be controlled Montgomery multiplication/exponentiation, not
general purpose. For general purpose use another type might be more
appropriate. Advantage of this suggestion is that it's possible to
back-port it...
bn/bn_div.c: fix memory sanitizer problem.
bn/bn_sqr.c: harmonize with BN_mul.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6707)
(cherry picked from commit 305b68f1a2b6d4d0aa07a6ab47ac372f067a40bb)
Resolved conflicts:
crypto/bn/bn_lcl.h
---
crypto/bn/bn_div.c | 1 +
crypto/bn/bn_lcl.h | 18 +++++++++++++++---
crypto/bn/bn_lib.c | 15 +++++++++++----
crypto/bn/bn_sqr.c | 10 ++--------
4 files changed, 29 insertions(+), 15 deletions(-)
Index: openssl-1.0.2j/crypto/bn/bn_div.c
===================================================================
--- openssl-1.0.2j.orig/crypto/bn/bn_div.c
+++ openssl-1.0.2j/crypto/bn/bn_div.c
@@ -290,6 +290,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const
wnum.neg = 0;
wnum.d = &(snum->d[loop]);
wnum.top = div_n;
+ wnum.flags = BN_FLG_STATIC_DATA;
/*
* only needed when BN_ucmp messes up the values between top and max
*/
Index: openssl-1.0.2j/crypto/bn/bn_lib.c
===================================================================
--- openssl-1.0.2j.orig/crypto/bn/bn_lib.c
+++ openssl-1.0.2j/crypto/bn/bn_lib.c
@@ -524,9 +524,10 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM
memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
#endif
- a->top = b->top;
a->neg = b->neg;
+ a->top = b->top;
+ a->flags |= b->flags & BN_FLG_FIXED_TOP;
bn_check_top(a);
return (a);
}
@@ -570,8 +574,9 @@ void BN_clear(BIGNUM *a)
bn_check_top(a);
if (a->d != NULL)
OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
- a->top = 0;
a->neg = 0;
+ a->top = 0;
+ a->flags &= ~BN_FLG_FIXED_TOP;
}
BN_ULONG BN_get_word(const BIGNUM *a)
@@ -592,6 +597,7 @@ int BN_set_word(BIGNUM *a, BN_ULONG w)
a->neg = 0;
a->d[0] = w;
a->top = (w ? 1 : 0);
+ a->flags &= ~BN_FLG_FIXED_TOP;
bn_check_top(a);
return (1);
}
@@ -787,6 +793,7 @@ int BN_set_bit(BIGNUM *a, int n)
for (k = a->top; k < i + 1; k++)
a->d[k] = 0;
a->top = i + 1;
+ a->flags &= ~BN_FLG_FIXED_TOP;
}
a->d[i] |= (((BN_ULONG)1) << j);
Index: openssl-1.0.2j/crypto/bn/bn.h
===================================================================
--- openssl-1.0.2j.orig/crypto/bn/bn.h
+++ openssl-1.0.2j/crypto/bn/bn.h
@@ -410,8 +410,9 @@ int BN_GENCB_call(BN_GENCB *cb, int a, i
# define BN_zero_ex(a) \
do { \
BIGNUM *_tmp_bn = (a); \
- _tmp_bn->top = 0; \
_tmp_bn->neg = 0; \
+ _tmp_bn->top = 0; \
+ (a)->flags &= ~BN_FLG_FIXED_TOP; \
} while(0)
# ifdef OPENSSL_NO_DEPRECATED
# define BN_zero(a) BN_zero_ex(a)
@@ -829,9 +830,10 @@ int RAND_pseudo_bytes(unsigned char *buf
do { \
const BIGNUM *_bnum2 = (a); \
if (_bnum2 != NULL) { \
- assert((_bnum2->top == 0) || \
- (_bnum2->flags & BN_FLG_FIXED_TOP) || \
- (_bnum2->d[_bnum2->top - 1] != 0)); \
+ int _top = _bnum2->top; \
+ OPENSSL_assert((_top == 0 && !_bnum2->neg) || \
+ (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \
+ || _bnum2->d[_top - 1] != 0))); \
bn_pollute(_bnum2); \
} \
} while(0)
@@ -870,6 +872,7 @@ int RAND_pseudo_bytes(unsigned char *buf
} \
if ((a)->top == 0) \
(a)->neg = 0; \
+ (a)->flags &= ~BN_FLG_FIXED_TOP; \
bn_pollute(a); \
}
