BN_bin2bn handle leading zero's

If a binary sequence is all zero's, call BN_zero.

Reviewed-by: Matt Caswell <matt@openssl.org>

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 4e133ce8ca8e106fb6fe0b4ca8705961a7a1b02c..c8e8519d8ba34b7fd7fcd678fb9680a304d23bfa 100644 (file)
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -552,7 +552,9 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
     if (ret == NULL)
         return (NULL);
     bn_check_top(ret);
     if (ret == NULL)
         return (NULL);
     bn_check_top(ret);

-    l = 0;
+    /* Skip leading zero's. */
+    for ( ; *s == 0 && len > 0; s++, len--)
+        continue;

     n = len;
     if (n == 0) {
         ret->top = 0;
     n = len;
     if (n == 0) {
         ret->top = 0;


@@ -566,6 +568,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
     }
     ret->top = i;
     ret->neg = 0;
     }
     ret->top = i;
     ret->neg = 0;

+    l = 0;

     while (n--) {
         l = (l << 8L) | *(s++);
         if (m-- == 0) {
     while (n--) {
         l = (l << 8L) | *(s++);
         if (m-- == 0) {

diff --git a/engines/ccgost/gost2001_keyx.c b/engines/ccgost/gost2001_keyx.c
index abbacbb40ffa492a6740c759a693caa35f9201c5..1fd01744364889a0e6eaa576a2491f63a421020a 100644 (file)
--- a/engines/ccgost/gost2001_keyx.c
+++ b/engines/ccgost/gost2001_keyx.c
@@ -35,7 +35,7 @@ static int VKO_compute_key(unsigned char *shared_key, size_t shared_key_size,
         ukm_be[7 - i] = ukm[i];
     }
     BN_CTX_start(ctx);
         ukm_be[7 - i] = ukm[i];
     }
     BN_CTX_start(ctx);

-    UKM = getbnfrombuf(ukm_be, 8);
+    UKM = BN_bin2bn(ukm_be, 8, NULL);

     p = BN_CTX_get(ctx);
     order = BN_CTX_get(ctx);
     X = BN_CTX_get(ctx);
     p = BN_CTX_get(ctx);
     order = BN_CTX_get(ctx);
     X = BN_CTX_get(ctx);

diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c
index 4f3bd90e81a2c98c0114609a0e5cf14fa8bc8715..5b1d04584f20c86228fd28dad3639369647f3cdd 100644 (file)
--- a/engines/ccgost/gost_ameth.c
+++ b/engines/ccgost/gost_ameth.c
@@ -276,7 +276,7 @@ static int priv_decode_gost(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
             rev_buf[31 - i] = s->data[i];
         }
         ASN1_STRING_free(s);
             rev_buf[31 - i] = s->data[i];
         }
         ASN1_STRING_free(s);

-        pk_num = getbnfrombuf(rev_buf, 32);
+        pk_num = BN_bin2bn(rev_buf, 32, NULL);

     } else {
         priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len);
         if (!priv_key)
     } else {
         priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len);
         if (!priv_key)


@@ -490,8 +490,8 @@ static int pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
     len = octet->length / 2;
     ASN1_OCTET_STRING_free(octet);
 
     len = octet->length / 2;
     ASN1_OCTET_STRING_free(octet);
 

-    Y = getbnfrombuf(databuf, len);
-    X = getbnfrombuf(databuf + len, len);
+    Y = BN_bin2bn(databuf, len, NULL);
+    X = BN_bin2bn(databuf + len, len, NULL);

     OPENSSL_free(databuf);
     pub_key = EC_POINT_new(group);
     if (!EC_POINT_set_affine_coordinates_GFp(group, pub_key, X, Y, NULL)) {
     OPENSSL_free(databuf);
     pub_key = EC_POINT_new(group);
     if (!EC_POINT_set_affine_coordinates_GFp(group, pub_key, X, Y, NULL)) {

diff --git a/engines/ccgost/gost_asn1.c b/engines/ccgost/gost_asn1.c
index 0412d2c7c13cdd51325506d2961f30eaac37f4c4..11686339b7a5c8cb12a7481e54bbab579ef02086 100644 (file)
--- a/engines/ccgost/gost_asn1.c
+++ b/engines/ccgost/gost_asn1.c
@@ -54,19 +54,3 @@ ASN1_NDEF_SEQUENCE(GOST_CLIENT_KEY_EXCHANGE_PARAMS) = { /* FIXME incomplete */
 
 ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
 IMPLEMENT_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
 
 ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
 IMPLEMENT_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS)

-
-/* Convert byte buffer to bignum, skipping leading zeros*/
-BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len)
-{
-    BIGNUM *b;
-
-    while (*buf == 0 && len > 0) {
-        buf++;
-        len--;
-    }
-    if (len)
-        return BN_bin2bn(buf, len, NULL);
-    b = BN_new();
-    BN_zero(b);
-    return b;
-}

diff --git a/engines/ccgost/gost_lcl.h b/engines/ccgost/gost_lcl.h
index 27fe0e761adc92456db56713d17fc15f3a49f316..b2541a79d8d072c8f01c2db2390b5faf494c6f51 100644 (file)
--- a/engines/ccgost/gost_lcl.h
+++ b/engines/ccgost/gost_lcl.h
@@ -213,8 +213,6 @@ BIGNUM *hashsum2bn(const unsigned char *dgst);
  * nesseccary
  */
 int store_bignum(BIGNUM *bn, unsigned char *buf, int len);
  * nesseccary
  */
 int store_bignum(BIGNUM *bn, unsigned char *buf, int len);

-/* Read bignum, which can have few MSB all-zeros    from buffer*/
-BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len);

 /* Pack GOST R 34.10 signature according to CryptoPro rules */
 int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen);
 /* Unpack GOST R 34.10 signature according to CryptoPro rules */
 /* Pack GOST R 34.10 signature according to CryptoPro rules */
 int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen);
 /* Unpack GOST R 34.10 signature according to CryptoPro rules */