[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Andy Polyakov appro at openssl.org
Wed Jul 18 14:05:39 UTC 2018


The branch OpenSSL_1_1_0-stable has been updated
       via  821c3baa002fc874553cfacd65bd7bd6f6e9cb3f (commit)
      from  0b139e41b4ca03c1d36f4c93c6e9147e497029ca (commit)


- Log -----------------------------------------------------------------
commit 821c3baa002fc874553cfacd65bd7bd6f6e9cb3f
Author: Andy Polyakov <appro at openssl.org>
Date:   Mon Jul 16 18:17:44 2018 +0200

    bn/bn_lib.c address Coverity nit in bn2binpad.
    
    It was false positive, but one can as well view it as readability issue.
    Switch even to unsigned indices because % BN_BYTES takes 4-6 instructions
    with signed dividend vs. 1 (one) with unsigned.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 83e034379fa3f6f0d308ec75fbcb137e26154aec)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/bn_lib.c | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index ebad255..6c57a53 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -498,28 +498,27 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
 /* ignore negative */
 static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
 {
-    int i, j, top;
+    int n;
+    size_t i, inc, lasti, j;
     BN_ULONG l;
 
-    i = BN_num_bytes(a);
+    n = BN_num_bytes(a);
     if (tolen == -1)
-        tolen = i;
-    else if (tolen < i)
+        tolen = n;
+    else if (tolen < n)
         return -1;
 
-    if (i == 0) {
+    if (n == 0) {
         OPENSSL_cleanse(to, tolen);
         return tolen;
     }
 
-    top = a->top * BN_BYTES;
-    for (i = 0, j = tolen; j > 0; i++) {
-        unsigned int mask;
-
-        mask = constant_time_lt(i, top);
-        i -= 1 & ~mask; /* stay on top limb */
+    lasti = n - 1;
+    for (i = 0, inc = 1, j = tolen; j > 0;) {
         l = a->d[i / BN_BYTES];
-        to[--j] = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask);
+        to[--j] = (unsigned char)(l >> (8 * (i % BN_BYTES)) & (0 - inc));
+        inc = (i - lasti) >> (8 * sizeof(i) - 1);
+        i += inc; /* stay on top limb */
     }
 
     return tolen;


More information about the openssl-commits mailing list