From: Bodo Möller <bodo@openssl.org>
Date: Thu, 25 Jul 2002 12:12:39 +0000 (+0000)
Subject: Move zeroing from bn_expand_internal() to bn_expand2() so that it
X-Git-Tag: OpenSSL_0_9_7-beta4~218^2~52
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=12593e6f45b146ac8f368e743238f67f22a52c80;hp=819a040f4477e20cb795b703e921241de23e1d71;ds=sidebyside

Move zeroing from bn_expand_internal() to bn_expand2() so that it
happens reliably, even if the BIGNUM is already sufficiently large.

[Note that the bn_expand()/bn_wexpand() macros call bn_expand2() only
if the BIGNUM actually has to grow, so this change does not add any
new overhead as currently bn_expand2() is never called directly.]
---

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index a016cb7f53..77a9e32254 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -363,17 +363,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
 			}
 		}
 
-	/* Now need to zero any data between b->top and b->max */
-	/* XXX Why? */
-
-	A= &(a[b->top]);
-	for (i=(words - b->top)>>3; i>0; i--,A+=8)
-		{
-		A[0]=0; A[1]=0; A[2]=0; A[3]=0;
-		A[4]=0; A[5]=0; A[6]=0; A[7]=0;
-		}
-	for (i=(words - b->top)&7; i>0; i--,A++)
-		A[0]=0;
 #else
 	memset(A,0,sizeof(BN_ULONG)*(words+1));
 	memcpy(A,b->d,sizeof(b->d[0])*b->top);
@@ -397,6 +386,12 @@ BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
 	{
 	BIGNUM *r = NULL;
 
+	/* This function does not work if
+	 *      words <= b->dmax && top < words
+	 * because BN_dup() does not preserve 'dmax'!
+	 * (But bn_dup_expand() is not used anywhere yet.)
+	 */
+	
 	if (words > b->dmax)
 		{
 		BN_ULONG *a = bn_expand_internal(b, words);
@@ -429,12 +424,16 @@ BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
 	}
 
 /* This is an internal function that should not be used in applications.
- * It ensures that 'b' has enough room for a 'words' word number number.
+ * It ensures that 'b' has enough room for a 'words' word number
+ * and initialises the unused part of b->d with leading zeros.
  * It is mostly used by the various BIGNUM routines. If there is an error,
  * NULL is returned. If not, 'b' is returned. */
 
 BIGNUM *bn_expand2(BIGNUM *b, int words)
 	{
+	BN_ULONG *A;
+	int i;
+
 	if (words > b->dmax)
 		{
 		BN_ULONG *a = bn_expand_internal(b, words);
@@ -449,6 +448,17 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
 		else
 			b = NULL;
 		}
+	
+	/* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */
+	A = &(b->d[b->top]);
+	for (i=(words - b->top)>>3; i>0; i--,A+=8)
+		{
+		A[0]=0; A[1]=0; A[2]=0; A[3]=0;
+		A[4]=0; A[5]=0; A[6]=0; A[7]=0;
+		}
+	for (i=(words - b->top)&7; i>0; i--,A++)
+		A[0]=0;
+	
 	return b;
 	}