[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Wed Feb 1 01:32:59 UTC 2017
The branch master has been updated
via 0a2dcb6990dacc94337f746f4f4a6dfac1fbeac4 (commit)
via 38d1b3cc0271008b8bd130a2c4b442775b028a08 (commit)
via 2fc9b36a96ccd77cbd9ecfb3a3cdaa7ad2ca305e (commit)
via 0b50ac1a0fe907f4effcf3f2f36dac32523938c5 (commit)
from 383e9ade2b0e8333c8a5907fe4ca73d38f9ca465 (commit)
- Log -----------------------------------------------------------------
commit 0a2dcb6990dacc94337f746f4f4a6dfac1fbeac4
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Feb 1 02:29:46 2017 +0100
bn: fix occurance of negative zero in BN_rshift1()
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 38d1b3cc0271008b8bd130a2c4b442775b028a08
Author: Geoff Thorpe <geoff at openssl.org>
Date: Thu Oct 6 10:04:56 2016 -0500
bn: fix occurances of negative zero
The BIGNUM behaviour is supposed to be "consistent" when going into and
out of APIs, where "consistent" means 'top' is set minimally and that
'neg' (negative) is not set if the BIGNUM is zero (which is iff 'top' is
zero, due to the previous point).
The BN_DEBUG testing (make test) caught the cases that this patch
corrects.
Note, bn_correct_top() could have been used instead, but that is intended
for where 'top' is expected to (sometimes) require adjustment after direct
word-array manipulation, and so is heavier-weight. Here, we are just
catching the negative-zero case, so we test and correct for that
explicitly, in-place.
Change-Id: Iddefbd3c28a13d935648932beebcc765d5b85ae7
Signed-off-by: Geoff Thorpe <geoff at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1672)
commit 2fc9b36a96ccd77cbd9ecfb3a3cdaa7ad2ca305e
Author: Geoff Thorpe <geoff at openssl.org>
Date: Thu Oct 6 09:02:38 2016 -0500
bn: catch negative zero as an error
Change-Id: I5ab72ad0aae9069b47d5b7b7b9e25bd1b7afa251
Signed-off-by: Geoff Thorpe <geoff at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1672)
commit 0b50ac1a0fe907f4effcf3f2f36dac32523938c5
Author: Geoff Thorpe <geoff at openssl.org>
Date: Thu Oct 6 08:25:22 2016 -0500
bn: fix BN_DEBUG + BN_DEBUG_RAND support
Couple of updates to make this code work properly again;
* use OPENSSL_assert() instead of assert() (and #include <assert.h>)
* the circular-dependency-avoidance uses RAND_bytes() (not pseudo)
Change-Id: Iefb5a9dd73f71fd81c1268495c54a64378955354
Signed-off-by: Geoff Thorpe <geoff at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1672)
-----------------------------------------------------------------------
Summary of changes:
crypto/bn/bn_div.c | 2 +-
crypto/bn/bn_lcl.h | 16 +++++++---------
crypto/bn/bn_mul.c | 2 +-
crypto/bn/bn_shift.c | 8 ++++++--
crypto/bn/bn_word.c | 2 ++
5 files changed, 17 insertions(+), 13 deletions(-)
diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
index 99abf35..5e620b2 100644
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -254,9 +254,9 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
wnump = &(snum->d[num_n - 1]);
/* Setup to 'res' */
- res->neg = (num->neg ^ divisor->neg);
if (!bn_wexpand(res, (loop + 1)))
goto err;
+ res->neg = (num->neg ^ divisor->neg);
res->top = loop - no_branch;
resp = &(res->d[loop - 1]);
diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h
index a3911b1..5fb3814 100644
--- a/crypto/bn/bn_lcl.h
+++ b/crypto/bn/bn_lcl.h
@@ -146,13 +146,10 @@ extern "C" {
# ifdef BN_DEBUG
-/* We only need assert() when debugging */
-# include <assert.h>
-
# ifdef BN_DEBUG_RAND
/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
-# ifndef RAND_pseudo_bytes
-int RAND_pseudo_bytes(unsigned char *buf, int num);
+# ifndef RAND_bytes
+int RAND_bytes(unsigned char *buf, int num);
# define BN_DEBUG_TRIX
# endif
# define bn_pollute(a) \
@@ -171,7 +168,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
} \
} while(0)
# ifdef BN_DEBUG_TRIX
-# undef RAND_pseudo_bytes
+# undef RAND_bytes
# endif
# else
# define bn_pollute(a)
@@ -180,8 +177,8 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
do { \
const BIGNUM *_bnum2 = (a); \
if (_bnum2 != NULL) { \
- assert((_bnum2->top == 0) || \
- (_bnum2->d[_bnum2->top - 1] != 0)); \
+ OPENSSL_assert(((_bnum2->top == 0) && !_bnum2->neg) || \
+ (_bnum2->top && (_bnum2->d[_bnum2->top - 1] != 0))); \
bn_pollute(_bnum2); \
} \
} while(0)
@@ -192,7 +189,8 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
# define bn_wcheck_size(bn, words) \
do { \
const BIGNUM *_bnum2 = (bn); \
- assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \
+ OPENSSL_assert((words) <= (_bnum2)->dmax && \
+ (words) >= (_bnum2)->top); \
/* avoid unused variable warning with NDEBUG */ \
(void)(_bnum2); \
} while(0)
diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c
index 4c39d40..4a0a950 100644
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -857,7 +857,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
goto err;
} else
rr = r;
- rr->neg = a->neg ^ b->neg;
#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
i = al - bl;
@@ -969,6 +968,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
end:
#endif
+ rr->neg = a->neg ^ b->neg;
bn_correct_top(rr);
if (r != rr && BN_copy(r, rr) == NULL)
goto err;
diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c
index 9907b82..6a1eec8 100644
--- a/crypto/bn/bn_shift.c
+++ b/crypto/bn/bn_shift.c
@@ -74,6 +74,8 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a)
c = (t & 1) ? BN_TBIT : 0;
}
r->top = j;
+ if (!r->top)
+ r->neg = 0; /* don't allow negative zero */
bn_check_top(r);
return (1);
}
@@ -92,10 +94,10 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
return 0;
}
- r->neg = a->neg;
nw = n / BN_BITS2;
if (bn_wexpand(r, a->top + nw + 1) == NULL)
return (0);
+ r->neg = a->neg;
lb = n % BN_BITS2;
rb = BN_BITS2 - lb;
f = a->d;
@@ -140,9 +142,9 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
}
i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2;
if (r != a) {
- r->neg = a->neg;
if (bn_wexpand(r, i) == NULL)
return (0);
+ r->neg = a->neg;
} else {
if (n == 0)
return 1; /* or the copying loop will go berserk */
@@ -166,6 +168,8 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
if ((l = (l >> rb) & BN_MASK2))
*(t) = l;
}
+ if (!r->top)
+ r->neg = 0; /* don't allow negative zero */
bn_check_top(r);
return (1);
}
diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c
index a34244c..1af13a5 100644
--- a/crypto/bn/bn_word.c
+++ b/crypto/bn/bn_word.c
@@ -89,6 +89,8 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
if ((a->top > 0) && (a->d[a->top - 1] == 0))
a->top--;
ret >>= j;
+ if (!a->top)
+ a->neg = 0; /* don't allow negative zero */
bn_check_top(a);
return (ret);
}
More information about the openssl-commits
mailing list