OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if available
This converts crypto_bignum_to_bin() to use the OpenSSL/BoringSSL functions BN_bn2binpad()/BN_bn2bin_padded(), when available, to avoid differences in runtime and memory access patterns depending on the leading bytes of the BIGNUM value. OpenSSL 1.0.2 and LibreSSL do not include such functions, so those cases are still using the previous implementation where the BN_num_bytes() call may result in different memory access pattern. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
7958223fdc
commit
1e237903f5
1 changed files with 16 additions and 0 deletions
|
@ -1295,7 +1295,13 @@ void crypto_bignum_deinit(struct crypto_bignum *n, int clear)
|
|||
int crypto_bignum_to_bin(const struct crypto_bignum *a,
|
||||
u8 *buf, size_t buflen, size_t padlen)
|
||||
{
|
||||
#ifdef OPENSSL_IS_BORINGSSL
|
||||
#else /* OPENSSL_IS_BORINGSSL */
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
#else
|
||||
int num_bytes, offset;
|
||||
#endif
|
||||
#endif /* OPENSSL_IS_BORINGSSL */
|
||||
|
||||
if (TEST_FAIL())
|
||||
return -1;
|
||||
|
@ -1303,6 +1309,14 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a,
|
|||
if (padlen > buflen)
|
||||
return -1;
|
||||
|
||||
#ifdef OPENSSL_IS_BORINGSSL
|
||||
if (BN_bn2bin_padded(buf, padlen, (const BIGNUM *) a) == 0)
|
||||
return -1;
|
||||
return padlen;
|
||||
#else /* OPENSSL_IS_BORINGSSL */
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
return BN_bn2binpad((const BIGNUM *) a, buf, padlen);
|
||||
#else
|
||||
num_bytes = BN_num_bytes((const BIGNUM *) a);
|
||||
if ((size_t) num_bytes > buflen)
|
||||
return -1;
|
||||
|
@ -1315,6 +1329,8 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a,
|
|||
BN_bn2bin((const BIGNUM *) a, buf + offset);
|
||||
|
||||
return num_bytes + offset;
|
||||
#endif
|
||||
#endif /* OPENSSL_IS_BORINGSSL */
|
||||
}
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue